The access identity represents an identity to be used for access control purposes. The authorization framework supports the following kinds of access identity: USER, HOST, APPLICATION, GROUP and ANYBODY. Where ANYBODY represents any entity regardless of authentication. This may be useful for setting the default policies.
The framework supports multiple existing principal naming methods. Different administrative domains might use different authentication mechanisms, each having a particular syntax for specification of principals. Therefore, Defining Authority for access identity indicates the underlying authentication mechanism used to provide the principal identity. Value represents the particular principal identity.