Inside Microsoft SharePoint 2013 by Mirjam van Olst Scot Hillier Ted Pattison, Andrew Connell, Wictor Wilen, and Kyle Davis

Let’s begin with a basic question: what is a security principal? In a common scenario in a Windows network environment, a security principal can be a user with an account in Active Directory. But the concept of a security principal goes far beyond that. A security principal can also be a user with an account in some other type of identity management system such as Microsoft ASP.NET forms-based authentication (FBA), Microsoft Account, or Facebook.

There are also common scenarios in which a security principal will not have a one-to-one mapping to a human being. For example, an Active Directory security group is a type of security principal, as is an FBA role. A computer becomes a first-class security principal when ...