Subject Re: advice on redirect from email for discovery?
From "Cantor, Scott" <cantor.2@xxxxxxx>
Date Wed, 15 May 2013 15:21:48 +0000

On 5/15/13 10:33 AM, "Miroslav Milinovic" <miro@xxxxxxx> wrote:

>>I would note that it's not materially different from eduroam.
>IMHO it is different. eduroam does not provide SSO experience.
>And you do not type your "username" twice (once to be redirected and
>time to really login).

It is different in usability, but it has the technical assumption that the
domain is the discovery trigger, that's all I should have said. It aligns
with the first of the bullet points I raised.

>>I don't have any solutions, and I certainly don't have any sense that we
>>can drive this conversation at this point.
>Would it be better if they block password field in the web form until
>"username" is analysed?

I think that is one of the biggest problems, yes. I have always believed
that no matter what harm it may cause, there can be no local login once
you federate. Anything local needs to look the same as a federated option.
I know why SPs don't accept that, but it doesn't change my answer.

-- Scott