Human Identity

Standard

Term for Human Identity

Description

Human-Centric?

Notes

NIST (SP 800-63)

Applicant

A human undergoing the identity proofing process.

Yes

Represents the individual during registration.

Subscriber

A human who has completed the identity proofing and has credentials.

Yes

After successful enrollment, the individual is a Subscriber.

Claimant

A human presenting credentials during authentication.

Yes

This term is used during authentication when the individual proves their identity.

Subject

The entity (human or not) whose identity is being authenticated.

Yes

The subject is authenticated or verified during any transaction.

OIDC

End-User

A human interacting with the client application (authenticating).

Yes

The individual whose identity is being asserted in the authentication process.

Subject (sub claim)

A unique identifier assigned to the End-User by the Identity Provider (IdP).

Yes

The "sub" claim in the ID Token represents the unique identifier for the End-User.

OAuth 2.0

Resource Owner

The entity that owns and grants access to a protected resource.

Yes (Mostly Human)

Typically refers to a human user, but can be used for non-human entities (in machine-to-machine OAuth flows).

OWASP

User

A human interacting with the application or system.

Yes

General term for a person accessing or interacting with the system.

End-User

A human whose account is being accessed or authenticated.

Yes

Often used in the context of authenticated users in security scenarios.