Subject Re: advice on redirect from email for discovery?
From Leif Johansson <leifj@xxxxxxxx>
Date Wed, 15 May 2013 16:35:45 +0200

On 05/15/2013 04:16 PM, Cantor, Scott wrote:
> You can basically expect this to be the standard approach, and it's what
> Google has evangelized through account chooser (or was anyway, unless
> something's changed).
Accountchooser doesn't trick you into entering a password into
the discovery service.
> I would note that it's not materially different from eduroam. I think that
> there are several concerns:
> - unambiguously mapping from domain to IdP (and the user knowing what
> domain to use in some cases)
> - use with the rare services that don't really need identity
> - the obvious prompt for a password that leads to credential compromise
> I don't have any solutions, and I certainly don't have any sense that we
> can drive this conversation at this point.
> -- Scott