Information Technology Reference
In-Depth Information
Person UUID - The Ultimate Identity Reference
Associating various system accounts through a common identity at the user
level (i.e., a User UUID) is definitely a convenient handle for user
administration across applications and systems at a point in time.
However, another very common requirement is an audit query that seeks to
associate the actions of a person at various points in time, and this may span
multiple engagements of the person under different user identities. What
we need is a simple, unobtrusive method that can be applied at any time to
create this extra level of association.
We suggest creating a “Person UUID” that can be used to map to multiple
“User UUID” values, as shown below:
Table 1: Person UUID mapping table
This is a one-to-many mapping that sits “outside” of the rest of the IAM
database, so to speak. This mapping can be created whenever a relationship
between two users is discovered through some out-of-band mechanism (say,
through a name or address search).
The Person UUID will have no attributes of its own, because attributes are
generally captured at the User level. You may need some conventions to
report on Persons, perhaps using the attributes of the most recent User
associated with the Person.
The following diagram illustrates the use of both the Person UUID and the
User UUID as handles to manage user information.
