The concept of a principal appears at the level of canister smart contracts. In a nutshell, a principal identifies any entity that can call a canister. As both canisters and external users can call canisters, principals include both canister ids and self-authenticating identifiers derived from public keys of users. There are several classes of principals:
- The Internet Computer Management Canister, which is a specific system API that can be called like a canister, uses the fixed principal aaaaa-aa.
- Canister ids: each canister on ICP is identified by its canister id.
- Self-authenticating ids: derived from public keys to identify users.
- Derived ids: a class which has been reserved but never implemented.
- The anonymous id, 2vxsx-fae: used as the identity of the caller for messages that are not signed.
More details can be found in the relevant section of the interface specification.