I have created a new thread for that.
Technically, username/password together with client certificates are not that hard. As always, the UI part is more difficult.
All these possiblities:
- Service discovery (email) + password
- URL (+ service discovery) + password
- Service discovery (email) + client certificate
- URL (+ service discovery) + client certificate
- Service discovery (email) + password + client certificate
- URL (+ service discovery) + password + client certificate
- In the future: OAuth
- Maybe: no authentication at all (yes, this was also requested)
should be grouped in a way that makes sense (and is “material”), and for the most common methods (printed bold above), there should be as little distraction as possible (no talking about strange “certificates” etc. when you choose one of these two methods). Maybe hide everything then 1+2 behind some “expert” button?
It should be possible to change the credentials in the account settings, like now. Maybe it would make sense to change the authentication method, too? For instance, could you change from username/password to client certificates without password at all? In this case, the username/password field would have to disappear.
I guess the whole login activity should be re-worked and probably “materialized” (colors, images, whatever). Would be nice if someone could provide a good draft for the login fragments