The access identity represents an identity to be used for access control purposes. The authorization framework supports the following types of access identity: USER, HOST, APPLICATION, CA (Certification Authority), GROUP and ANYBODY. Where ANYBODY represents any entity regardless of authentication. This may be useful for setting the default policies. The type of access identity is useful in determining which additional credentials are needed (see section 3.3). Principals can be aggregated into a single entry when the same set of access rights and conditions applies to all of them.
Our framework supports multiple existing principal naming methods. Different administrative domains might use different authentication mechanisms, each having a particular syntax for specification of principals. Therefore, Defining Authority for access identity indicates the underlying authentication mechanism used to provide the principal identity. Value represents the particular principal identity.