Cert Service Webinar Evaluation

[E Todd Atkins <>]

That looks good to me.

> On Nov 18, 2015, at 12:00, Paul Caskey 
> <>
>  wrote:
> 
> OK, thanks!
> 
> So, how about adding this to potential future improvements: "API 
> improvements (additional functions)"??
> 
> 
> 
>> -----Original Message-----
>> From: E Todd Atkins 
>> [mailto:]
>> Sent: Wednesday, November 18, 2015 1:58 PM
>> To: Paul Caskey
>> Cc: Basney, Jim; Ann West; 
>> 
>> Subject: Re: [CertSvc Review] feedback on survey
>> 
>> I currently use the API to submit new certificate requests. However, I must
>> logon to the certificate manager to either approve, decline, and/or edit 
>> the
>> request since there are no documented functions for performing these 
>> actions.
>> I would like to be able to perform more of the same actions from the API 
>> as I
>> can from logging onto the certificate manager.
>> 
>>> On Nov 18, 2015, at 11:22, Paul Caskey 
>>> <>
>>>  wrote:
>>> 
>>> Thanks, Todd!
>>> 
>>> Could you give a brief example of what sort of improvement we'd be
>> considering?  I've not used the API, so I'm not sure it's like.
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: E Todd Atkins 
>>>> [mailto:]
>>>> Sent: Wednesday, November 18, 2015 12:51 PM
>>>> To: Paul Caskey
>>>> Cc: Basney, Jim; Ann West; 
>>>> 
>>>> Subject: Re: [CertSvc Review] feedback on survey
>>>> 
>>>> I think “API improvements” should be included in item #8
>>>> 
>>>>> On Nov 18, 2015, at 09:19, Paul Caskey 
>>>>> <>
>>>>>  wrote:
>>>>> 
>>>>> Thank you again, Jim, for the feedback.  I made the suggested
>>>>> changes
>>>> detailed below.
>>>>> 
>>>>> The survey is now ready to go to the community, pending any
>>>>> last-minute
>>>> changes that any of you think is needed.
>>>>> 
>>>>> I will wait until tomorrow to send out the survey, so *please* take
>>>>> a look at it,
>>>> if you haven’t already and let me know what you think.  The survey
>>>> will be sent under the auspices of this working group.
>>>>> 
>>>>> Thank you all for your input!
>>>>> 
>>>>> 
>>>>> 
>>>>> Changes made this morning (wording changes in bold – new versions
>> below):
>>>>> 
>>>>> For non-subscribers:
>>>>> “Do you have any questions about, comments on, or features desired
>>>>> in the
>>>> InCommon Certificate Service offering that could influence your
>>>> decision to subscribe in the future?”
>>>>> 
>>>>> “What is the most challenging part of certificate lifecycle
>>>>> management in
>>>> your experience with the InCommon Certificate Service? Please choose
>>>> your top three.”
>>>>> 
>>>>> “Federation/SSO for the Certificate Manager system (RAO/DRAO access)”
>>>>> 
>>>>> “Federation/SSO for the Certificate Manager system for User
>>>>> Certificate self-
>>>> enrollment”
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> From: Basney, Jim 
>>>>> [mailto:]
>>>>> Sent: Tuesday, November 17, 2015 3:53 PM
>>>>> To: Paul Caskey
>>>>> Cc: Ann West; 
>>>>> 
>>>>> Subject: Re: [CertSvc Review] feedback on survey
>>>>> 
>>>>> Right, since the user details (name, email) are already in our SAML
>>>> assertions, no need to separately upload the user details to Comodo.
>>>> Let the users log in directly via SAML to get their user certs (i.e.,
>>>> like https://cilogon.org/ does). If you only want some users to be
>>>> able to get certs, then define an eduPersonEntitlement for it. Using
>>>> SAML authentication for certificate issuance rather than email
>>>> invitations significantly increases the level of assurance of the 
>>>> certificate, I
>> think.
>>>>> 
>>>>> On 11/17/15, 3:32 PM, Paul Caskey wrote:
>>>>> Hi Jim-
>>>>> 
>>>>> Very good points on 1 and 2, but I need a little help understanding
>>>>> #3.  Are
>>>> you saying that end users could authenticate via fed/sso and retrieve
>>>> a cert?  In the current setup, the RAO would need to enter/upload
>>>> their user details first and send them an invitation.  We’d need to
>>>> discuss with Comodo how that might work, but I like the idea.  Let me
>>>> know if I am misunderstanding it… Otherwise, we’ll chat with Comodo
>>>> about the idea on our next call (FWIW, I was able to login to CCM Dev via
>> shib last week, so we’re getting close.).
>>>>> 
>>>>> 
>>>>> Thanks much!
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> From: Basney, Jim 
>>>>> [mailto:]
>>>>> Sent: Tuesday, November 17, 2015 3:26 PM
>>>>> To: Paul Caskey
>>>>> Cc: Ann West; 
>>>>> 
>>>>> Subject: Re: [CertSvc Review] feedback on survey
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> I think the "Additional Questions - Not a Current Subscriber" option
>>>>> should
>>>> include an optional question asking, "Do you have any questions or
>>>> comments on the InCommon Certificate Service offering that could
>>>> influence your decision to subscribe in the future?" In other words,
>>>> it'd be good to find out why they are not subscribers and if there's
>>>> something InCommon could do to change their mind.
>>>>> 
>>>>> For "What is the most challenging part of certificate lifecycle
>> management?"
>>>> I suggest adding "in your experience with the InCommon Cert Service?"
>>>> In other words, we're not asking for a theoretical opinion about
>>>> certificate lifecycle management but rather for their experience of the
>> InCommon Cert Service.
>>>>> 
>>>>> Under potential enhancements we have "Federation/SSO for the
>>>>> Certificate
>>>> Manager system" but not "Federation/SSO for user self-enrollment". I
>>>> think the former is about RAOs and DRAOs logging in to the Cert
>>>> Manager for approving requests but the latter is about user's logging
>>>> in to get their certificates directly (i.e., like with CILogon) to
>>>> eliminate manual RAO/DRAO approval. I think TCS supports that now.
>>>>> 
>>>>> Otherwise looks great!
>>>>> 
>>>>> -Jim
>>>>> 
>>>>> On 11/13/15, 4:30 PM, 
>>>>> 
>>>>>  on behalf
>>>>> of
>>>> Paul Caskey wrote:
>>>>> Hello Cert Service Review group-
>>>>> 
>>>>> The initial feedback on the survey has been incorporated into survey
>> monkey.
>>>>> 
>>>>> The survey is located here: https://www.surveymonkey.com/r/InCommon-
>>>> certs
>>>>> 
>>>>> Please take a look at the survey and provide any additional feedback
>>>>> by the
>>>> end of the day this next Tuesday, 11/17.  Please check the branching
>>>> that has been put into the survey (mainly on the first question).
>>>>> 
>>>>> We’ll incorporate any additional feedback we receive and hope to
>>>>> send it out
>>>> to the community on Wednesday.
>>>>> 
>>>>> My apologies for the late notice.  Time is getting tight to get this
>>>>> done before
>>>> the holidays.
>>>>> 
>>>>> 
>>>>> Thank you all!
>>> 
>