Best Practices For Unique Identifiers

Overview [1] [2] [3]#

A Best Practices Gathered from years of experience and other knowledgeable sources. There are of course, exceptions.

However, anyone who has followed these "Principles" (I doubt) has ever regretted it.

In addition to the above, I would strongly recommend that the Unique Identifier be used for the naming attribute. If the Unique Identifier persists for the lifetime of the Entity, then there are the following advantages:

  • No rename of entries should be encountered.
  • Auditing trails are easier to follow.

In tree of any size, looking for jdoe0001 or jdoe0002 will be done by performing a search.

Things to Think About#

Avoid Use of Personal data or Private data in Unique Identifiers#

The use of any Personal data in Unique Identifiers SHOULD be avoided. The United States Privacy Act of 1974, the Family Educational Rights and Privacy Act (FERPA) and many State statutes regulate the collection, use, and dissemination of Privacy data information.

The Best Practice is suggested that an arbitrary Unique Identifier SHOULD be created for each Entity (or LDAP Entry) and this identifier should provide anonymity for the entity.

Best Practices For LDAP Naming Attributes#

Some ideas on Best Practices For LDAP Naming Attributes

Ambiguous Naming Resolution Algorithm#

Ambiguous Naming Resolution Algorithm may make it easier to locate the proper identity.

Unique Value Finder#

We wrote a tool to generate Unique Identifiers.

Used for Login#

If the Unique Identifier must be used for Authentication (ie UserId) the length and complexity becomes important.

Most Users will have trouble remembering UserIds longer than 8 characters. Of course after a few hundred uses up to 10 characters is usually not an issue for this Human Limitation

Using UUIDs for UserId generally will not work due to the complexity.

Some Examples#

B003281 was an Unique Identifier that was implemented in a large Organizational Entity

It just so happen this particular Organizational Entity merged with another Organizational Entity which all their Unique Identifiers started with an "A". So from the Unique Identifiers perspective there were not collisions.

B003281 can handle 999,999 entities and it would be relatively easy to move to A000001 and get another 999,999 entities

If you allow any to be alpha-numeric, then we have 36 possible values for each character which is (26+10)^6 = 2,176,782,336

if we use up to

CharactersExampleMathNumber of

More Information#

There might be more information for this subject on one of the following: