Subject Re: advice on redirect from email for discovery?
From "Miroslav Milinovic" <miro@xxxxxxx>
Date Wed, 15 May 2013 16:33:10 +0200


I would note that it's not materially different from eduroam.

IMHO it is different. eduroam does not provide SSO experience.
And you do not type your "username" twice (once to be redirected and second time to really login).

I think that
there are several concerns:

- unambiguously mapping from domain to IdP (and the user knowing what
domain to use in some cases)
- use with the rare services that don't really need identity
- the obvious prompt for a password that leads to credential compromise

I fully agree with this. Esspecially the last point.

I don't have any solutions, and I certainly don't have any sense that we
can drive this conversation at this point.

Would it be better if they block password field in the web form until "username" is analysed?