Cert Service Webinar Evaluation

[Paul Caskey <>]

Sorry, forgot to include a URL for the survey at the top of the email.

 

It’s here: https://www.surveymonkey.com/r/InCommon-certs

 

 

From: [mailto:] On Behalf Of Paul Caskey
Sent: Wednesday, November 18, 2015 11:19 AM
To: Basney, Jim
Cc: Ann West;
Subject: RE: [CertSvc Review] feedback on survey

 

Thank you again, Jim, for the feedback.  I made the suggested changes detailed below.

 

The survey is now ready to go to the community, pending any last-minute changes that any of you think is needed.

 

I will wait until tomorrow to send out the survey, so *please* take a look at it, if you haven’t already and let me know what you think.  The survey will be sent under the auspices of this working group.

 

Thank you all for your input!

 

 

 

Changes made this morning (wording changes in bold – new versions below):

 

For non-subscribers:

“Do you have any questions about, comments on, or features desired in the InCommon Certificate Service offering that could influence your decision to subscribe in the future?”

 

“What is the most challenging part of certificate lifecycle management in your experience with the InCommon Certificate Service? Please choose your top three.”

 

“Federation/SSO for the Certificate Manager system (RAO/DRAO access)”

 

“Federation/SSO for the Certificate Manager system for User Certificate self-enrollment”

 

 

 

 

From: Basney, Jim []
Sent: Tuesday, November 17, 2015 3:53 PM
To: Paul Caskey
Cc: Ann West;
Subject: Re: [CertSvc Review] feedback on survey

 

Right, since the user details (name, email) are already in our SAML assertions, no need to separately upload the user details to Comodo. Let the users log in directly via SAML to get their user certs (i.e., like https://cilogon.org/ does). If you only want some users to be able to get certs, then define an eduPersonEntitlement for it. Using SAML authentication for certificate issuance rather than email invitations significantly increases the level of assurance of the certificate, I think.

 

On 11/17/15, 3:32 PM, Paul Caskey wrote:

Hi Jim-

 

Very good points on 1 and 2, but I need a little help understanding #3.  Are you saying that end users could authenticate via fed/sso and retrieve a cert?  In the current setup, the RAO would need to enter/upload their user details first and send them an invitation.  We’d need to discuss with Comodo how that might work, but I like the idea.  Let me know if I am misunderstanding it…  Otherwise, we’ll chat with Comodo about the idea on our next call (FWIW, I was able to login to CCM Dev via shib last week, so we’re getting close.).

 

 

Thanks much!

 

 

 

 

From: Basney, Jim []
Sent: Tuesday, November 17, 2015 3:26 PM
To: Paul Caskey
Cc: Ann West;
Subject: Re: [CertSvc Review] feedback on survey

 

Hi,

 

I think the "Additional Questions - Not a Current Subscriber" option should include an optional question asking, "Do you have any questions or comments on the InCommon Certificate Service offering that could influence your decision to subscribe in the future?" In other words, it'd be good to find out why they are not subscribers and if there's something InCommon could do to change their mind.

 

For "What is the most challenging part of certificate lifecycle management?" I suggest adding "in your experience with the InCommon Cert Service?" In other words, we're not asking for a theoretical opinion about certificate lifecycle management but rather for their experience of the InCommon Cert Service.

 

Under potential enhancements we have "Federation/SSO for the Certificate Manager system" but not "Federation/SSO for user self-enrollment". I think the former is about RAOs and DRAOs logging in to the Cert Manager for approving requests but the latter is about user's logging in to get their certificates directly (i.e., like with CILogon) to eliminate manual RAO/DRAO approval. I think TCS supports that now.

 

Otherwise looks great!

 

-Jim

 

On 11/13/15, 4:30 PM, on behalf of Paul Caskey wrote:

Hello Cert Service Review group-

 

The initial feedback on the survey has been incorporated into survey monkey.

 

The survey is located here: https://www.surveymonkey.com/r/InCommon-certs

 

Please take a look at the survey and provide any additional feedback by the end of the day this next Tuesday, 11/17.  Please check the branching that has been put into the survey (mainly on the first question).

 

We’ll incorporate any additional feedback we receive and hope to send it out to the community on Wednesday.

 

My apologies for the late notice.  Time is getting tight to get this done before the holidays.

 

 

Thank you all!