HOME / GET STARTED / HARVARDKEY APPLICATION INTEGRATION / GUIDES /

Reference Documentation for Unique Identifiers

HarvardKey releases attributes to integrated applications in the authentication assertion. The selection of a unique identifier to store in a service’s local environment is one of the most important decisions to make for successfully maintaining any application for future use. This article provides information on the available identifiers to assist application owners with identifier selection.

Characteristics of Unique Identifiers 

The unique identifiers released by IAM contain one or more of the following qualities:
  • Uniqueness
  • Persistence
  • Reassignment
  • Privacy preservation using opaqueness
  • Readability or lucency
  • Linkability
  • Unlinkability
  • Scope of uniqueness
Identifiers Uniqueness Persistence Reassignment Privacy preservation Readability Linkability
HUID Y Y N Y N Y
NetID1,2 Y Y N N Y Y
ePPN Y Y N Y N Y
UUID Y Y N Y N N
1Please note: all applications are advised to use NetID as their unique identifier because it is the most readable and can be easily looked up at https://connections.harvard.edu/ if a user account needs to be set up ahead of time. If you would like to request another identifier, you must provide your justification for consideration in the Application Integration Registration form.
2Applications with external users (users who do not have a HUID) are required to use NetID as their unique identifier. External users will be stored in a different registry completely isolated from HarvardKey registry. However, users in both domains need to share the same identifier namespace. Outside IAM domains, common identifiers from both domains will behave exactly the same.
 

Identifier General Information 

All identifiers are unique, opaque, and immutable. 
 

HUID

  • 8-digit identifier
    • E.g. “123456578”
  • In isolation does not reveal personal information, but historically considered a sensitive identifier and is confidential information under Federal Education Rights and Privacy Act (FERPA).
  • The only common identifier that can reliably link persons in user stores across the University IT systems
  • Only unique in the Harvard IAM domain

NETID

  • Alphanumeric (3 letters + 3-4 numbers for HarvardKey users, 2 letters + 4 numbers for users without an HUID) 
    • E.g. “mgj357”
  • IAM-recommended identifier for all applications; required for external users (users without an HUID) as the only available identifier 
  • Only unique in the Harvard IAM domain 

EPPN

  • Random identifier 16 characters in length 
    • E.g. “293bca06837f54bv”
  • Globally unique since it is scoped within Harvard domain

UUID

  • Random 32-character identifier
    • E.g. “9c795d208b24459688bb1bfc1cd84f6a”
  • Globally unique since it is scoped within Harvard domain

 

Why email is NOT an appropriate unique identifier 

IAM strongly advises against using email address as a unique identifier. Several qualities make email inappropriate for use:

  • Email address is mutable (the internal state of the object can be changed after it is created)
  • Email address may be reassigned (i.e. in the event of a name change)
  • Email address is not always assigned by the institution (e.g. gmail or peer institution email like mit.edu)
  • Email is not a guaranteed unique identifier (siblings/parents)
  • Email address may not be validated  
  • Harvard users have multiple valid Harvard domain email addresses with different assignment lifecycle, making it even more challenging choice as an identifier

 

Best Practices for Identifier Use

In accordance with the HarvardKey Application Integration Policy, identifiers obtained through authentication may only be used for purposes of authorization, account provisioning, and facilitation of the end user’s session and should be deleted or anonymized when they are not needed for service access. If applications using the SAML protocol elect to receive the “identifier bundle” on the Registration form, any unnecessary identifiers should be destroyed in this manner.