All parties associated with secure computation in SDM are known via principals: identities (unique names) that can be authenticated. We further restrict attention to scoped principals, for example Syracuse's Nataraj, where the scope represents an organizational domain (which may in turn be further structured and scoped in any fashion). Principals are most often associated with individual people. However, they may also be associated with entities such as departments (as in Acme's MarketingDept, entire companies, or any other authenticatable unit. In SDM, we further categorize principals in terms of the properties and usages as discussed in the remainder of this paper and implemented via the classes and interfaces illustrated in Figure .