Currently, we send down the user's email address as part of user policy - since email addresses can change (see crbug.com/727992 ) we should instead rely on gaia ID.
Step one would be to have the gaia ID sent down as part of user policy - once we have this everywhere, it should be simple to change CloudPolicyValidator to check that gaia ID doesn't change instead of email address.
Comment 1 by yanglee@chromium.org
, Nov 2 2017