henkbirkholz
commented
7 years ago An account would be a subject in respect to endpoint attributes, for example. In contrast, a user does not have to be associated with a target endpoint at all, but be identified, and be a threat to the target endpoint, for example.
Does anyone from the OVAL or SCAP space can reference a good basis to create corresponding definitions?
There was a request to define the term "account" as used in Section 4.8 of revision -02 of the IM (https://github.com/sacmwg/draft-ietf-sacm-information-model/issues/4).
I am not sure if we still feel we need to define the term, but, I wanted to move the issue here instead of in the IM issue tracker.