If it helps clarify the situation a bit, I came across this
interesting article - clarifies "identity", "authentication" and
"authorization"
http://technet.microsoft.com/en-us/library/cc512578.aspx
It's Me, and Here's My Proof: Why Identity and Authentication Must
Remain Distinct
By Steve Riley
Senior Security Strategist
Security Technology Unit
Microsoft Corporation
May I suggest that those 3 terms be used here, extensively? There's
a clear distinction between the three, and several parallels between
the security / PKI field, where identity management is a concern, to
this field.
This article uses the term 'identifier' without offering a definition.
It seems to use 'identifier' to mean the same thing as 'identity', and
both those words only refer to the names of things, not actual things.
Actual things are referred to as 'principals'. I suppose that could be
clearer since two words that sounds similar are referring to the same
concept, but I don't know whether 'principal' is intuitive enough or not.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html