Subject Re: advice on redirect from email for discovery?
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Wed, 15 May 2013 15:56:19 +0100

On 15/05/2013 15:33, Miroslav Milinovic wrote:

I would note that it's not materially different from eduroam.

IMHO it is different. eduroam does not provide SSO experience.

Eduroam is typically better than SSO, its zero sign on, since I typically never have to enter either my un or pw whichever university I go to. So the user experience is good in my opinion (when it works first time, that is :-)

And you do not type your "username" twice (once to be redirected and
second time to really login).

you dont need to type it at all in most cases



I think that
there are several concerns:

- unambiguously mapping from domain to IdP (and the user knowing what
domain to use in some cases)
- use with the rare services that don't really need identity
- the obvious prompt for a password that leads to credential compromise

I fully agree with this. Esspecially the last point.

I don't have any solutions, and I certainly don't have any sense that we
can drive this conversation at this point.

Would it be better if they block password field in the web form until
"username" is analysed?