The current problem is that if you have several SSOs active there is no way to guarantee that the usernames are globally unique (this may apply to any auth plugin that has multiple external sources). In general usernames are not necessary for SSO because each of them should maintain separate externalid-to-userid mappings in order to prevent security issues.

Backwards compatibility should not be a problem unless site administrator decided to rely on username field as identity provider.

The one known problem would be in in restore code where "email = md5($user->username)" is from restore_dbops::precheck_user() used to lookup deleted accounts, I guess relying on just the user id could be good enough.

In the past I had to resort to using long random usernames just to prevent the collisions, but that was awkward and it did not solve security issues.

I guess this might be beneficial for Moodle Workplace when delegating new account creation to tenant managers - one less thing to worry about both for usability and security, I think that relying on unique emails should be enough in many use cases.

Another bonus might be simplified migration of legacy MNET accounts when that obsolete feature finally gets removed from Moodle core - that is set username of all mnet accounts to NULL and set all user.mnethostid to 1 and force $CFG->mnet_localhost_id to be always one from lib/setup.php and change unique index to use only the username field.

To sum it up:

1. This new feature is NOT meant for use cases where all user accounts are already managed centrally via unique usernames, nothing changes for them.
2. This feature is meant for sites that want to connect different external sources of user accounts that do not have any shared username or user identifier.
3. NULL username should be also used for all deleted accounts to fix email privacy issue

Let me know if you are interested in a patch, I am sure I would find some time to work on this...