However, anyone who has followed these "Principles" (I doubt) has ever regretted it.
- Unique Identifiers SHOULD be unique.
- Unique Identifiers SHOULD be a Lifetime identifier.
- Unique Identifiers SHOULD be issued from a central authority.
- Unique Identifiers SHOULD stored in all relevant systems/data bases.
- Unique Identifiers SHOULD never be re-issued.
- Unique Identifiers SHOULD be assigned to all entities.
In addition to the above, I would strongly recommend that the Unique Identifier be used for the naming attribute. If the Unique Identifier persists for the lifetime of the Entity, then there are the following advantages:
- No rename of entries should be encountered.
- Auditing trails are easier to follow.
In tree of any size, looking for jdoe0001 or jdoe0002 will be done by performing a search.
Avoid Use of Personal data or Private data in Unique Identifiers#The use of any Personal data in Unique Identifiers should be avoided. The Federal Privacy Act of 1974, the Family Educational Rights and Privacy Act (FERPA) and many State statutes regulate the collection, use, and dissemination of Privacy data information. Best Practices For LDAP Naming Attributes Ambiguous Naming Resolution Algorithm may make it easier to locate the proper identity. tool to generate Unique Identifiers.
Used for Login#If the Unique Identifier must be used for Authentication (ie UserId) the length and complexity becomes important. B003281 was an Unique Identifier that was implemented in a large Organizational Entity
It just so happen this particular Organizational Entity merged with another Organizational Entity which all their Unique Identifiers started with an "A". So from the Unique Identifiers perspective there were not collisions.
If you allow any to be alpha-numeric, then we have 36 possible values for each character which is (26+10)^6 = 2,176,782,336
if we use up to
- 6 characters (B003281) we now have (26+10)^6 = 2,176,782,336
- 8 characters (B00003281) we now have (26+10)^8 = 2,821,109,907,456
More Information#There might be more information for this subject on one of the following:
- Ambiguous Naming Resolution Algorithm
- Best Practices For LDAP Naming Attributes
- Best Practices for LDAP Security
- People And Things Every IDM Person Should Know
- Unique Value Finder
- Which Jane Doe
- [#1] - Identifiers Best Practices - based on information obtained 2013-04-27
- [#2] - Findley's "LDAP Best Practices" paper, section 3.5 - based on information obtained 2013-04-27