The Java Authentication Framework
Principal Interface; this describes real-world entities like persons, companies etc.
Identity class; an identity is derived from Principal Interface and has property corresponding to a public key
Certificate class; a certificate has two properties of class Identity: one is the Identity that is being certified, and the other Identity is a guarantor, with which the principal is associated for this certificate.
To keep identities safe from conflicts, e.g., “ G. Fox” at NPAC and “G. Fox” at Sun Inc. , Java defines IdentityScopes.
An IdentityScope may have other IdentityScopes in it. For example, Syracuse University is an IdentityScope, and it contains the NPAC IdentityScope.