A principal represents a human user or system entity (for example, a server process).
When a principal requests a protected resource from a server such as Application Server or the Web server, the server attempts to authenticate the principal. A directory service or user registry provides the mechanism necessary for validating the data presented by the principal.