you are right, authorization is doing only by "User Name"... this is simple example. You can choose very long and non-ordinary "User Name" - it will garantee unique. For example, authentication on stratus server is doing in some manner, only by one string - developer key.
tks, so can i suppose that the authentication is unique by developer key?
For developers authentication on stratus server doing by developer key, for users authentication on stratus server (in low level) doing by adobe id (64 hex digits received from stratus server).
In this example authentication doing by name throw http manager (constant WebServiceUrl in VideoPhoneLabs.mxml) - python cgi-script for web-server (reg.py) which use sqlite database. So, when you compile example by yourself & deploy it on your side - user names will not intersected with ones from adobe side.