In the context of security frameworks, a few terms commonly occur subject, user and principal, of which I have not been able to find a clear definition and the difference between them.
So, what exactly do these terms mean, and why are these distinctions of subject and principal needed?