The document raises but leaves unanswered several questions and issues related to the "branding bounces" that will happen in the proposed implementation. I agree that these will be an issue and that consistency across all XSEDE sites that support SSO will be critical.
The example screenshots in the document highlighted but did not resolve the branding question, and before implementation begins, there should be more explicit thought and specific guidance provided to developers. In addition, the branding on the pages that XSEDE will control should be reviewed and considered holistically from both user-confusion and XSEDE branding perspectives.
Other minor details should perhaps be addressed:
Is "weblogin.xsede.org" the right URL? Should that be "auth.xsede.org" (analogous to Globus), "shibboleth.xsede.org" (emulating Illinois example), or "sso.xsede.org" reflecting that this is XSEDE Single Sign-on (SSO).
Also, the design effort should consider the design/info presented on the weblogin.xsede.org page (second figure on p.7). Notably, the page refers explicitly to "Science Gateways" twice, but not once to supporting "Single Sign-on". Similarly, should "Create New Account" be an option on the SSO page? Aesthetically, the page also seems more cluttered and dated in its design than, say, the Globus pages.