Principal is more often used in security context. This is also make it consistent with the other
attribute (request.auth.principal).