-
Notifications
You must be signed in to change notification settings - Fork 44
1.2. UUIDv2
DCE Security UUID is similar to UUIDv1, except the least significant 8 bits of the clock sequence are replaced by a "local domain" number, and the least significant 32 bits of the timestamp are replaced by an integer identifier meaningful within the specified local domain.
Creating a DCE Security UUID:
int localIdentifier = 1701;
UUID uuid = UuidCreator.getDceSecurity(UuidLocalDomain.LOCAL_DOMAIN_PERSON, localIdentifier);
List of predefined local domains:
-
UuidLocalDomain.LOCAL_DOMAIN_PERSON
: Local identifier is member of a user domain; -
UuidLocalDomain.LOCAL_DOMAIN_GROUP
: Local identifier is member of a group domain; -
UuidLocalDomain.LOCAL_DOMAIN_ORG
: Local identifier is member of an organization domain.
The following blockquote is the specification of DCE Security UUID:
These security-version UUIDs are specified exactly as in Appendix A, except that they have the following special properties and interpretations:
The version number is 2.
The clock_seq_low field (which represents an integer in the range [0, 2^8-1]) is interpreted as a local domain (as represented by sec_rgy_domain_t; seesec_rgy_domain_t); that is, an identifier domain meaningful to the local host. (Note that the data type sec_rgy_domain_t can potentially hold values outside the range [0, 2^8-1]; however, the only values currently registered are in the range [0, 2], so this type mismatch is not significant.) In the particular case of a POSIX host, the value sec_rgy_domain_person is to be interpreted as the "POSIX UID domain", and the value sec_rgy_domain_group is to be interpreted as the "POSIX GID domain".
The time_low field (which represents an integer in the range [0, 2^32-1]) is interpreted as a local-ID; that is, an identifier (within the domain specified by clock_seq_low) meaningful to the local host. In the particular case of a POSIX host, when combined with a POSIX UID or POSIX GID domain in the clock_seq_low field (above), the time_low field represents a POSIX UID or POSIX GID, respectively.
By this embedding of local host IDs in (security-version) UUIDs, local host identity information (privilege attributes) can be derived from UUIDs in an especially straightforward and efficient manner (as opposed to, say, going through an auxiliary ID mapping table, maintained either on the local host or elsewhere). (The embedding of local host IDs is specified above in the particular case of POSIX hosts; the embedding in the case of non-POSIX systems is not currently specified in DCE.)
An excellent description of UUIDv2 in Ramsey's PHP library: https://uuid.ramsey.dev/en/stable/rfc4122/version2.html.
Another interesting article for those who like mystery stories: What Happened to UUIDv2?.