diff --git a/keystone/common/validation/parameter_types.py b/keystone/common/validation/parameter_types.py
index c5908836eb..1bc81383f3 100644
--- a/keystone/common/validation/parameter_types.py
+++ b/keystone/common/validation/parameter_types.py
@@ -28,6 +28,12 @@ name = {
     'maxLength': 255
 }
 
+external_id_string = {
+    'type': 'string',
+    'minLength': 1,
+    'maxLength': 64
+}
+
 id_string = {
     'type': 'string',
     'minLength': 1,
diff --git a/keystone/tests/unit/test_validation.py b/keystone/tests/unit/test_validation.py
index f83cabcb62..7fcb902b90 100644
--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@@ -226,7 +226,7 @@ class EntityValidationTestCase(testtools.TestCase):
     def test_create_entity_with_invalid_id_strings(self):
         """Exception raised when using invalid id strings."""
         long_string = 'A' * 65
-        invalid_id_strings = ['', long_string, 'this,should,fail']
+        invalid_id_strings = ['', long_string]
         for invalid_id in invalid_id_strings:
             request_to_validate = {'name': self.resource_name,
                                    'id_string': invalid_id}
@@ -1360,6 +1360,13 @@ class TrustValidationTestCase(testtools.TestCase):
                                'remaining_uses': 2}
         self.create_trust_validator.validate(request_to_validate)
 
+    def test_validate_trust_with_period_in_user_id_string(self):
+        """Validate trust request with a period in the user id string."""
+        request_to_validate = {'trustor_user_id': 'john.smith',
+                               'trustee_user_id': 'joe.developer',
+                               'impersonation': False}
+        self.create_trust_validator.validate(request_to_validate)
+
     def test_validate_trust_with_invalid_expires_at_fails(self):
         """Validate trust request with invalid `expires_at` fails."""
         request_to_validate = {'trustor_user_id': uuid.uuid4().hex,
diff --git a/keystone/trust/schema.py b/keystone/trust/schema.py
index 087cd1e9d3..673b786b26 100644
--- a/keystone/trust/schema.py
+++ b/keystone/trust/schema.py
@@ -15,8 +15,11 @@ from keystone.common.validation import parameter_types
 
 
 _trust_properties = {
-    'trustor_user_id': parameter_types.id_string,
-    'trustee_user_id': parameter_types.id_string,
+    # NOTE(lbragstad): These are set as external_id_string because they have
+    # the ability to be read as LDAP user identifiers, which could be something
+    # other than uuid.
+    'trustor_user_id': parameter_types.external_id_string,
+    'trustee_user_id': parameter_types.external_id_string,
     'impersonation': parameter_types.boolean,
     'project_id': validation.nullable(parameter_types.id_string),
     'remaining_uses': {