[shardling]

>The "it technically doesn't have to be a working email address if the identity provider doesn't want it to be" argument isn't enough.

Err, even though it does literally everything you want?

>Asking average users to setup and maintain their own identity provider is asking too much.

So you want a way to prove identity across multiple sites avoids needing any of a central provider, third party providers, and self-hosted providers? Good luck with that...

[SudoNick]

To your first point, who is the identity provider? In practice, it will almost always be 1) a third party, and 2) an email provider that is unlikely to deviate from the "must be a functional email address" approach. So in order to benefit from that support and stay away from third party identity providers you must run your own identity provider.

To your second point, the problem is that self-hosting an identity provider requires a domain name, Internet accessible HTTPS server, and a server certificate that is trusted per Mozzila's cert bundle. For average users to benefit they'd have to setup their own server on their own premises or turn to a third-party for [identity] hosting service. For at least baseline requirement purposes, the device the user is using should be the only device they need to carryout their account creations and logins. I haven't thought it through, but maybe there could be an @localhost format where the browser itself acts as an identity provider.