Cert Service Webinar Evaluation

[Paul Caskey <>]

OK, thanks!

So, how about adding this to potential future improvements: "API improvements 
(additional functions)"??



> -----Original Message-----
> From: E Todd Atkins 
> [mailto:]
> Sent: Wednesday, November 18, 2015 1:58 PM
> To: Paul Caskey
> Cc: Basney, Jim; Ann West; 
> 
> Subject: Re: [CertSvc Review] feedback on survey
> 
> I currently use the API to submit new certificate requests. However, I must
> logon to the certificate manager to either approve, decline, and/or edit the
> request since there are no documented functions for performing these 
> actions.
> I would like to be able to perform more of the same actions from the API as 
> I
> can from logging onto the certificate manager.
> 
> > On Nov 18, 2015, at 11:22, Paul Caskey 
> > <>
> >  wrote:
> >
> > Thanks, Todd!
> >
> > Could you give a brief example of what sort of improvement we'd be
> considering?  I've not used the API, so I'm not sure it's like.
> >
> >
> >> -----Original Message-----
> >> From: E Todd Atkins 
> >> [mailto:]
> >> Sent: Wednesday, November 18, 2015 12:51 PM
> >> To: Paul Caskey
> >> Cc: Basney, Jim; Ann West; 
> >> 
> >> Subject: Re: [CertSvc Review] feedback on survey
> >>
> >> I think “API improvements” should be included in item #8
> >>
> >>> On Nov 18, 2015, at 09:19, Paul Caskey 
> >>> <>
> >>>  wrote:
> >>>
> >>> Thank you again, Jim, for the feedback.  I made the suggested
> >>> changes
> >> detailed below.
> >>>
> >>> The survey is now ready to go to the community, pending any
> >>> last-minute
> >> changes that any of you think is needed.
> >>>
> >>> I will wait until tomorrow to send out the survey, so *please* take
> >>> a look at it,
> >> if you haven’t already and let me know what you think.  The survey
> >> will be sent under the auspices of this working group.
> >>>
> >>> Thank you all for your input!
> >>>
> >>>
> >>>
> >>> Changes made this morning (wording changes in bold – new versions
> below):
> >>>
> >>> For non-subscribers:
> >>> “Do you have any questions about, comments on, or features desired
> >>> in the
> >> InCommon Certificate Service offering that could influence your
> >> decision to subscribe in the future?”
> >>>
> >>> “What is the most challenging part of certificate lifecycle
> >>> management in
> >> your experience with the InCommon Certificate Service? Please choose
> >> your top three.”
> >>>
> >>> “Federation/SSO for the Certificate Manager system (RAO/DRAO access)”
> >>>
> >>> “Federation/SSO for the Certificate Manager system for User
> >>> Certificate self-
> >> enrollment”
> >>>
> >>>
> >>>
> >>>
> >>> From: Basney, Jim 
> >>> [mailto:]
> >>> Sent: Tuesday, November 17, 2015 3:53 PM
> >>> To: Paul Caskey
> >>> Cc: Ann West; 
> >>> 
> >>> Subject: Re: [CertSvc Review] feedback on survey
> >>>
> >>> Right, since the user details (name, email) are already in our SAML
> >> assertions, no need to separately upload the user details to Comodo.
> >> Let the users log in directly via SAML to get their user certs (i.e.,
> >> like https://cilogon.org/ does). If you only want some users to be
> >> able to get certs, then define an eduPersonEntitlement for it. Using
> >> SAML authentication for certificate issuance rather than email
> >> invitations significantly increases the level of assurance of the 
> >> certificate, I
> think.
> >>>
> >>> On 11/17/15, 3:32 PM, Paul Caskey wrote:
> >>> Hi Jim-
> >>>
> >>> Very good points on 1 and 2, but I need a little help understanding
> >>> #3.  Are
> >> you saying that end users could authenticate via fed/sso and retrieve
> >> a cert?  In the current setup, the RAO would need to enter/upload
> >> their user details first and send them an invitation.  We’d need to
> >> discuss with Comodo how that might work, but I like the idea.  Let me
> >> know if I am misunderstanding it… Otherwise, we’ll chat with Comodo
> >> about the idea on our next call (FWIW, I was able to login to CCM Dev via
> shib last week, so we’re getting close.).
> >>>
> >>>
> >>> Thanks much!
> >>>
> >>>
> >>>
> >>>
> >>> From: Basney, Jim 
> >>> [mailto:]
> >>> Sent: Tuesday, November 17, 2015 3:26 PM
> >>> To: Paul Caskey
> >>> Cc: Ann West; 
> >>> 
> >>> Subject: Re: [CertSvc Review] feedback on survey
> >>>
> >>> Hi,
> >>>
> >>> I think the "Additional Questions - Not a Current Subscriber" option
> >>> should
> >> include an optional question asking, "Do you have any questions or
> >> comments on the InCommon Certificate Service offering that could
> >> influence your decision to subscribe in the future?" In other words,
> >> it'd be good to find out why they are not subscribers and if there's
> >> something InCommon could do to change their mind.
> >>>
> >>> For "What is the most challenging part of certificate lifecycle
> management?"
> >> I suggest adding "in your experience with the InCommon Cert Service?"
> >> In other words, we're not asking for a theoretical opinion about
> >> certificate lifecycle management but rather for their experience of the
> InCommon Cert Service.
> >>>
> >>> Under potential enhancements we have "Federation/SSO for the
> >>> Certificate
> >> Manager system" but not "Federation/SSO for user self-enrollment". I
> >> think the former is about RAOs and DRAOs logging in to the Cert
> >> Manager for approving requests but the latter is about user's logging
> >> in to get their certificates directly (i.e., like with CILogon) to
> >> eliminate manual RAO/DRAO approval. I think TCS supports that now.
> >>>
> >>> Otherwise looks great!
> >>>
> >>> -Jim
> >>>
> >>> On 11/13/15, 4:30 PM, 
> >>> 
> >>>  on behalf
> >>> of
> >> Paul Caskey wrote:
> >>> Hello Cert Service Review group-
> >>>
> >>> The initial feedback on the survey has been incorporated into survey
> monkey.
> >>>
> >>> The survey is located here: https://www.surveymonkey.com/r/InCommon-
> >> certs
> >>>
> >>> Please take a look at the survey and provide any additional feedback
> >>> by the
> >> end of the day this next Tuesday, 11/17.  Please check the branching
> >> that has been put into the survey (mainly on the first question).
> >>>
> >>> We’ll incorporate any additional feedback we receive and hope to
> >>> send it out
> >> to the community on Wednesday.
> >>>
> >>> My apologies for the late notice.  Time is getting tight to get this
> >>> done before
> >> the holidays.
> >>>
> >>>
> >>> Thank you all!
> >