An Introduction to UUIDs

A universally unique identifier (UUID) is, in short, what it says it is: a string of letters and numbers intended to uniquely identify information. Within the context of identity and access management at Harvard, UUIDs are used as an internal identifier for users and, in the future, other non-person resources. We will gradually be migrating to the use of the Harvard UUID (also known as "HarvardKey"), rather than the HUID, across the board for identity and login control.

What About HUIDs?

Because not everyone at Harvard who needs access to resources is eligible to be issued a HUID number or ID card, we need to base identity and access controls on an identifier available to every Harvard affiliate. In addition, as more and more non-person resources such as microscopes and other research equipment are added to Harvard's "Internet of things," identification and provisioning via HUID becomes less and less viable. Furthermore, UUIDs can be created by multiple organizations within Harvard without the need for coordination — yet another reason why the implementation of UUIDs has been specified by Harvard's CIO Council.

In the long run, the use of UUIDs across Harvard will facilitate a better user experience through improved account linking across Schools, departments, and programs, fulfilling all of the founding tenets of the IAM program: benefiting everyone and everything in the Harvard Community by simplifying the user experience, enabling research and collaboration, and facilitating innovation while continuing to protect University resources.


Specifics on Harvard's Use of UUIDs

The IETF specification for UUID defines a number of different formats. For Harvard IAM efforts, we use Type 4 UUIDs — random numbers with no internal structure — generated based on the instructions in the IETF spec. Each UUID is 128 bits.
 

The specification also designates how bits are output into a string format consisting of letters and numbers in the set "a-f" and "0-9", respectively, along with hyphens as separators. The letters are not case-sensitive, and some systems will output the string for with letters in uppercase and some in lowercase.  Here's an example UUID in string format (created via the "uuidgen" in bash on a Mac): CF12F521-D158-4C3F-A930-902FE50F922F

Some systems store the string format instead of the bits.  

Source: Marlena Erdos