Cert Service Webinar Evaluation

[E Todd Atkins <>]

I think “API improvements” should be included in item #8

> On Nov 18, 2015, at 09:19, Paul Caskey 
> <>
>  wrote:
> 
> Thank you again, Jim, for the feedback.  I made the suggested changes 
> detailed below.
>  
> The survey is now ready to go to the community, pending any last-minute 
> changes that any of you think is needed.
>  
> I will wait until tomorrow to send out the survey, so *please* take a look 
> at it, if you haven’t already and let me know what you think.  The survey 
> will be sent under the auspices of this working group.
>  
> Thank you all for your input!
>  
>  
>  
> Changes made this morning (wording changes in bold – new versions below):
>  
> For non-subscribers:
> “Do you have any questions about, comments on, or features desired in the 
> InCommon Certificate Service offering that could influence your decision to 
> subscribe in the future?”
>  
> “What is the most challenging part of certificate lifecycle management in 
> your experience with the InCommon Certificate Service? Please choose your 
> top three.”
>  
> “Federation/SSO for the Certificate Manager system (RAO/DRAO access)”
>  
> “Federation/SSO for the Certificate Manager system for User Certificate 
> self-enrollment”
>  
>  
>  
>  
> From: Basney, Jim 
> [mailto:]
>  
> Sent: Tuesday, November 17, 2015 3:53 PM
> To: Paul Caskey
> Cc: Ann West; 
> 
> Subject: Re: [CertSvc Review] feedback on survey
>  
> Right, since the user details (name, email) are already in our SAML 
> assertions, no need to separately upload the user details to Comodo. Let 
> the users log in directly via SAML to get their user certs (i.e., like 
> https://cilogon.org/ does). If you only want some users to be able to get 
> certs, then define an eduPersonEntitlement for it. Using SAML 
> authentication for certificate issuance rather than email invitations 
> significantly increases the level of assurance of the certificate, I think.
>  
> On 11/17/15, 3:32 PM, Paul Caskey wrote:
> Hi Jim-
>  
> Very good points on 1 and 2, but I need a little help understanding #3.  
> Are you saying that end users could authenticate via fed/sso and retrieve a 
> cert?  In the current setup, the RAO would need to enter/upload their user 
> details first and send them an invitation.  We’d need to discuss with 
> Comodo how that might work, but I like the idea.  Let me know if I am 
> misunderstanding it…  Otherwise, we’ll chat with Comodo about the idea on 
> our next call (FWIW, I was able to login to CCM Dev via shib last week, so 
> we’re getting close.).
>  
>  
> Thanks much!
>  
>  
>  
>  
> From: Basney, Jim 
> [mailto:]
>  
> Sent: Tuesday, November 17, 2015 3:26 PM
> To: Paul Caskey
> Cc: Ann West; 
> 
> Subject: Re: [CertSvc Review] feedback on survey
>  
> Hi,
>  
> I think the "Additional Questions - Not a Current Subscriber" option should 
> include an optional question asking, "Do you have any questions or comments 
> on the InCommon Certificate Service offering that could influence your 
> decision to subscribe in the future?" In other words, it'd be good to find 
> out why they are not subscribers and if there's something InCommon could do 
> to change their mind.
>  
> For "What is the most challenging part of certificate lifecycle 
> management?" I suggest adding "in your experience with the InCommon Cert 
> Service?" In other words, we're not asking for a theoretical opinion about 
> certificate lifecycle management but rather for their experience of the 
> InCommon Cert Service.
>  
> Under potential enhancements we have "Federation/SSO for the Certificate 
> Manager system" but not "Federation/SSO for user self-enrollment". I think 
> the former is about RAOs and DRAOs logging in to the Cert Manager for 
> approving requests but the latter is about user's logging in to get their 
> certificates directly (i.e., like with CILogon) to eliminate manual 
> RAO/DRAO approval. I think TCS supports that now.
>  
> Otherwise looks great!
>  
> -Jim
>  
> On 11/13/15, 4:30 PM, 
> 
>  on behalf of Paul Caskey wrote:
> Hello Cert Service Review group-
>  
> The initial feedback on the survey has been incorporated into survey monkey.
>  
> The survey is located here: https://www.surveymonkey.com/r/InCommon-certs
>  
> Please take a look at the survey and provide any additional feedback by the 
> end of the day this next Tuesday, 11/17.  Please check the branching that 
> has been put into the survey (mainly on the first question).
>  
> We’ll incorporate any additional feedback we receive and hope to send it 
> out to the community on Wednesday.
>  
> My apologies for the late notice.  Time is getting tight to get this done 
> before the holidays.
>  
>  
> Thank you all!