diff --git a/auth/auth.py b/auth/auth.py
index 742e476bb..66ba4b921 100644
--- a/auth/auth.py
+++ b/auth/auth.py
@@ -25,7 +25,7 @@ def _load_user_from_cookie():
   if not current_user.is_anonymous():
     logger.debug('Loading user from cookie: %s', current_user.get_id())
     set_authenticated_user_deferred(current_user.get_id())
-    loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_db_id', {scopes.DIRECT_LOGIN})
+    loaded = QuayDeferredPermissionUser(current_user.get_id(), 'user_uuid', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=loaded)
     return current_user.db_user()
   return None
@@ -58,7 +58,7 @@ def _validate_and_apply_oauth_token(token):
   set_authenticated_user(validated.authorized_user)
   set_validated_oauth_token(validated)
 
-  new_identity = QuayDeferredPermissionUser(validated.authorized_user.id, 'user_db_id', scope_set)
+  new_identity = QuayDeferredPermissionUser(validated.authorized_user.uuid, 'user_uuid', scope_set)
   identity_changed.send(app, identity=new_identity)
 
 
@@ -98,7 +98,7 @@ def process_basic_auth(auth):
       logger.debug('Successfully validated robot: %s' % credentials[0])
       set_authenticated_user(robot)
 
-      deferred_robot = QuayDeferredPermissionUser(robot.id, 'user_db_id', {scopes.DIRECT_LOGIN})
+      deferred_robot = QuayDeferredPermissionUser(robot.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=deferred_robot)
       return
     except model.InvalidRobotException:
@@ -111,7 +111,7 @@ def process_basic_auth(auth):
       logger.debug('Successfully validated user: %s' % authenticated.username)
       set_authenticated_user(authenticated)
 
-      new_identity = QuayDeferredPermissionUser(authenticated.id, 'user_db_id',
+      new_identity = QuayDeferredPermissionUser(authenticated.uuid, 'user_uuid',
                                                 {scopes.DIRECT_LOGIN})
       identity_changed.send(app, identity=new_identity)
       return
diff --git a/auth/auth_context.py b/auth/auth_context.py
index 6c13deff6..cfc6c7b5d 100644
--- a/auth/auth_context.py
+++ b/auth/auth_context.py
@@ -10,13 +10,13 @@ logger = logging.getLogger(__name__)
 def get_authenticated_user():
   user = getattr(_request_ctx_stack.top, 'authenticated_user', None)
   if not user:
-    db_id = getattr(_request_ctx_stack.top, 'authenticated_db_id', None)
-    if not db_id:
-      logger.debug('No authenticated user or deferred database id.')
+    user_uuid = getattr(_request_ctx_stack.top, 'authenticated_user_uuid', None)
+    if not user_uuid:
+      logger.debug('No authenticated user or deferred user uuid.')
       return None
 
     logger.debug('Loading deferred authenticated user.')
-    loaded = model.get_user_by_id(db_id)
+    loaded = model.get_user_by_uuid(user_uuid)
     set_authenticated_user(loaded)
     user = loaded
 
@@ -30,10 +30,10 @@ def set_authenticated_user(user_or_robot):
   ctx.authenticated_user = user_or_robot
 
 
-def set_authenticated_user_deferred(user_or_robot_db_id):
-  logger.debug('Deferring loading of authenticated user object with id: %s', user_or_robot_db_id)
+def set_authenticated_user_deferred(user_or_robot_db_uuid):
+  logger.debug('Deferring loading of authenticated user object with uuid: %s', user_or_robot_db_uuid)
   ctx = _request_ctx_stack.top
-  ctx.authenticated_db_id = user_or_robot_db_id
+  ctx.authenticated_user_uuid = user_or_robot_db_uuid
 
 
 def get_validated_oauth_token():
diff --git a/auth/permissions.py b/auth/permissions.py
index 8aa3c59bb..ae398092d 100644
--- a/auth/permissions.py
+++ b/auth/permissions.py
@@ -58,8 +58,8 @@ SCOPE_MAX_USER_ROLES.update({
 
 
 class QuayDeferredPermissionUser(Identity):
-  def __init__(self, db_id, auth_type, scopes):
-    super(QuayDeferredPermissionUser, self).__init__(db_id, auth_type)
+  def __init__(self, uuid, auth_type, scopes):
+    super(QuayDeferredPermissionUser, self).__init__(uuid, auth_type)
 
     self._permissions_loaded = False
     self._scope_set = scopes
@@ -88,7 +88,7 @@ class QuayDeferredPermissionUser(Identity):
   def can(self, permission):
     if not self._permissions_loaded:
       logger.debug('Loading user permissions after deferring.')
-      user_object = model.get_user_by_id(self.id)
+      user_object = model.get_user_by_uuid(self.id)
 
       # Add the superuser need, if applicable.
       if (user_object.username is not None and
@@ -228,11 +228,11 @@ def on_identity_loaded(sender, identity):
   # We have verified an identity, load in all of the permissions
 
   if isinstance(identity, QuayDeferredPermissionUser):
-    logger.debug('Deferring permissions for user: %s', identity.id)
+    logger.debug('Deferring permissions for user with uuid: %s', identity.id)
 
-  elif identity.auth_type == 'user_db_id':
-    logger.debug('Switching username permission to deferred object: %s', identity.id)
-    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_db_id', {scopes.DIRECT_LOGIN})
+  elif identity.auth_type == 'user_uuid':
+    logger.debug('Switching username permission to deferred object with uuid: %s', identity.id)
+    switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'user_uuid', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=switch_to_deferred)
 
   elif identity.auth_type == 'token':
diff --git a/endpoints/common.py b/endpoints/common.py
index 7d91137c3..4e8ceda07 100644
--- a/endpoints/common.py
+++ b/endpoints/common.py
@@ -85,19 +85,19 @@ def param_required(param_name):
 
 
 @login_manager.user_loader
-def load_user(user_db_id):
-  logger.debug('User loader loading deferred user with id: %s' % user_db_id)
-  return _LoginWrappedDBUser(user_db_id)
+def load_user(user_uuid):
+  logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)
+  return _LoginWrappedDBUser(user_uuid)
 
 
 class _LoginWrappedDBUser(UserMixin):
-  def __init__(self, user_db_id, db_user=None):
-    self._db_id = user_db_id
+  def __init__(self, user_uuid, db_user=None):
+    self._uuid = user_uuid
     self._db_user = db_user
 
   def db_user(self):
     if not self._db_user:
-      self._db_user = model.get_user_by_id(self._db_id)
+      self._db_user = model.get_user_by_uuid(self._uuid)
     return self._db_user
 
   def is_authenticated(self):
@@ -107,13 +107,13 @@ class _LoginWrappedDBUser(UserMixin):
     return self.db_user().verified
 
   def get_id(self):
-    return unicode(self._db_id)
+    return unicode(self._uuid)
 
 
 def common_login(db_user):
-  if login_user(_LoginWrappedDBUser(db_user.id, db_user)):
+  if login_user(_LoginWrappedDBUser(db_user.uuid, db_user)):
     logger.debug('Successfully signed in as: %s (%s)' % (db_user.username, db_user.uuid))
-    new_identity = QuayDeferredPermissionUser(db_user.id, 'user_db_id', {scopes.DIRECT_LOGIN})
+    new_identity = QuayDeferredPermissionUser(db_user.uuid, 'user_uuid', {scopes.DIRECT_LOGIN})
     identity_changed.send(app, identity=new_identity)
     session['login_time'] = datetime.datetime.now()
     return True
diff --git a/test/test_api_security.py b/test/test_api_security.py
index af36eb195..97ec3950d 100644
--- a/test/test_api_security.py
+++ b/test/test_api_security.py
@@ -79,7 +79,7 @@ class ApiTestCase(unittest.TestCase):
       with client.session_transaction() as sess:
         if auth_username:
           loaded = model.get_user(auth_username)
-          sess['user_id'] = loaded.id
+          sess['user_id'] = loaded.uuid
           sess['login_time'] = datetime.datetime.now()
         sess[CSRF_TOKEN_KEY] = CSRF_TOKEN