One option might be to allow people to view tweets if they have accounts from reputable federated identity providers, then you have an identity of an individual person without having to do the validation yourself. You can then rate-limit based on that individual ID.
Another option might be to rate-limit by things which don't require accounts, which won't strictly rate-limit individuals, but it's unlikely that's the terminal goal here. It's not actually clear what they are trying to accomplish. Reducing the amount of resources wasted on scraping bots ?
It doesn't achieve the stated goal of rate-limiting individual people, which sounds like an instrumental goal for an actual (unstated) business objective.
Currently federated identity providers do not provide a separate identity to each site you are authenticated on. At that point any collaborating sites can pull together all the information you give to any one of them. Hell, in most cases your "identity" is your email address, so every site you authenticate with can spam you directly.
The Shibboleth Idp also support per SP opaque nameID but nobody like SAML based protocol and as far as I know outside the academical identity federations, no one deploys Shibboleth ...
Shibboleth is terrible -- so terrible it was easier for me to write my own SAML IdP from the specification than try to make it useful. Lots of people use Active Directory Federated Services (ADFS), which has a SAML IdP.
Another option might be to rate-limit by things which don't require accounts, which won't strictly rate-limit individuals, but it's unlikely that's the terminal goal here. It's not actually clear what they are trying to accomplish. Reducing the amount of resources wasted on scraping bots ?