diff options
| author | Tyler Davis <tyler@gluecode.com> | 2023-12-20 21:40:05 +0000 |
|---|---|---|
| committer | Tyler Davis <tyler@gluecode.com> | 2023-12-21 00:43:02 +0000 |
| commit | 9f21fce1443ad0bf91fdf7beb0b9a0f423a7cbdf (patch) | |
| tree | 9c2e12444c8e2b0536beb45825cfcf0da29147e0 | |
| parent | 8ef304eb84257c1b84d1f77cca0d03dcdfc99b43 (diff) | |
| download | fortknox-9f21fce1443ad0bf91fdf7beb0b9a0f423a7cbdf.tar.gz fortknox-9f21fce1443ad0bf91fdf7beb0b9a0f423a7cbdf.zip | |
Add UUIDv8 and v4 specifications
Correct the bit placement per RFC draft
https://datatracker.ietf.org/doc/html/draft-peabody-dispatch-new-uuid-format#name-uuid-version-8
| -rw-r--r-- | Cargo.toml | 1 | ||||
| -rw-r--r-- | README.md | 31 |
2 files changed, 21 insertions, 11 deletions
@@ -13,6 +13,7 @@ sqlx = "0.7.3" version = "1.6.1" features = [ "v4", # Lets you generate random UUIDs + "v8", # Custom UUID format "fast-rng", # Use a faster (but still sufficiently random) RNG "macro-diagnostics", # Enable better diagnostics for compile-time UUIDs "serde", @@ -17,7 +17,7 @@ Provides at least three core systems: ### Token Format Tokens are 128-bit (16 byte) UUIDs which are always base64 encoded using the URL-safe alphabet without padding. -This means that every token is a 22-character string containing the alphabet: `[a-z][A-Z][0-9]_-` +This means that every token is a 22-character string containing the alphabet: "`[a-z][A-Z][0-9]_-`" ### Namespacing @@ -26,8 +26,8 @@ If a namespace is not provided, the request is rejected. ### Prefixing -A prefix is an unsigned 14-bit value (Hex: 0x000-0x3FFF) as a means of uniquely identifying token sources. -The 14-bit value has a maximum value of 16,384 (0-16383 inclusive). +A prefix is an unsigned 16-bit value (Hex: 0x000-0xFFFF) as a means of uniquely identifying token sources. +The 16-bit value has a maximum value of 65,536 (0-65535 inclusive). Prefixes MAY be set via a runtime configuration or defined in the datastore within a namespace. Once defined in the datastore, such prefixes MUST NOT be changed. @@ -55,21 +55,30 @@ If operating with a remote database, FK must not try to operate in a peering / c ### Namespace limits -NOTE: look at UUIDv5 methods, but *do not* use them as UUIDv5 leverages deterministic hashing to produce tokens. +Non-prefixed UUIDs will follow the UUIDv4-Variant1 specification in [RFC-4122](https://www.rfc-editor.org/rfc/rfc4122#section-4.4): -UUIDv4 (Version 4 - Variant 1) has 6 bits reserved for identification and encoding purposes - bits 6, 7, and 12-15. -( RFC 4122 Section 4.4 - https://datatracker.ietf.org/doc/html/rfc4122#section-4.4 ) + 0 0 0 1 1 2 2 3 + 0 7 8 5 6 3 4 1 + ----------------------------------- + 000-031 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx + 032-063 xxxxxxxx xxxxxxxx 0100xxxx xxxxxxxx + 064-095 01xxxxxx xxxxxxxx xxxxxxxx xxxxxxxx + 096-127 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx + + +Prefixed Tokens will use a 16-bit identifier replacing the "random" least-significant bits of the time-low (clock) sequence. +In order to support this and prevent compatibility problems with other UUID representations, FortKnox will [generate UUIDv8-based tokens](https://datatracker.ietf.org/doc/html/draft-peabody-dispatch-new-uuid-format#name-uuid-version-8). -Proposed: 14-bit identifier replacing the "random" clock value for locations which need to avoid collisions but also need to identify the source location. Assuming P is an identifier bit and using a zero-index count, the bit-specific structure would be as follows: 0 0 0 1 1 2 2 3 0 7 8 5 6 3 4 1 ----------------------------------- - 000-031 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX - 032-063 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX - 064-095 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX - 096-127 XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX + 000-031 PPPPPPPP PPPPPPPP xxxxxxxx xxxxxxxx + 032-063 xxxxxxxx xxxxxxxx 1000xxxx xxxxxxxx + 064-095 01xxxxxk xxxxxxxx xxxxxxxx xxxxxxxx + 096-127 xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx This leaves a maximum table space of `2^106` values or 8.1129638415e31 bits. At 100 bytes per associated token, this allows for billions of exabytes per regional namespace. + |