- System-wide unique. The OID must be unique within the IDM system. No two objects may have the same OID. Not even two objects of different types. This property allows to use OID as a system-wide identifier for object references, as a primary key in tables, etc.
- Probably globally-unique. The probability that two OIDs in two different IDM systems are the same should be extremely low. The OID generation process should include some randomness to get this property. This provides easier migration of objects between systems (e.g. from test to production), copy&paste of objects, the ability to maintain references while copy&pasting, etc.
- Human unreadable (ugly, random-looking form). This property will discourage the practice of creating fixed, easy to remember OIDs. Fixed OIDs are hardcoded constants and should be avoided.
- Relatively long. This is an effect of other properties rather than a desired feature. However prepare the code, tools and processes that OIDs will be tens of characters long.
- Not reassignable. OID assigned to one object should not be assigned to any other object. This is not really a strict requirement, adding sufficient amount of randomness to OID generation should be just fine. If the OIDs cannot be reassigned we can easily detect broken links. If we ever reassign on OID, the link (reference) that should break will appear to be valid. Broken link is definitely a lesser evil in this case.
- Internal to the IDM system. OIDs should not be shared with any other system outside IDM. E.g. OIDs should be used as psoIDs in SPML. We want to keep OIDs internal to be able to regenerate them e.g. in case of upgrades to the version with different OID format.
The OID can (theoretically) be any string. MidPoint does not place any constraint on OID except for a reasonable length (limited by the underlying database). But the midPoint internal code and also all the examples are using UUIDs. The UUID seems to be almost ideal identifier for this purpose and therefore we recommend using this form of OID in all environments.