Just touching on this momentarily; with a sessionID being the only cross reference bit of information about a specific user that we have; does your recommendation mandate the use of a DisplayName equal to what could be found on the user list? I am to understand session ID changes (for each session similar to web session cookie etc.)
I ask, because your suggestion is essentially exactly what I need to do, but I don’t know what part of an OAuth or Avatar root object has a permanent cross-domain variable. I think this was what some of the other users were also asking about. This would be useful for scripts as well as other person to person interactions.
Can your solution be integrated using some form of authentication to guarantee a user is who they “claim” to be? Clearly we know that the Console has the ability to “lock out” a user based on core root data unique to the user (OAuth or something within HiFi account) and that is used on the Console settings as opposed to DisplayName (i think) because regardless of DisplayName used, you can still grant access at a root level.