...
// Returns true if there's no healthCode and the reservation timestamp minus time of request is
// less than some timeout value (or zero/unset). If it is going to return true, it sets the reservation
// field to current timestamp, preventing other callers from proceeding to use the ID. If the call that
// reserved the ID fails, it will become available again after the timeout.
boolean reserveExternalId(StudyIdentifier studyId, String externalIdentifier);
// Assigns the ID once you have the healthCode. If reservation failed, the caller should not
// proceed to call this method. After this of course, any attempts to assign or reserve should fail.
assignExternalId(StudyIdentifier studyId, String externalIdentifier, String healthCode);
// Call as part of deleting a user.
unassignExternalId(StudyIdentifier studyId, String externalIdentifier);
Finally, to handle other ways of validating IDs, we could have the service use an ExternalIdProvider that can be configured per study. The default provider would use our DAO, tables and APIs, but we could create others to contact external services, etc. Spring makes this easy to do.
ExternalIdController / Other controllers
...