Attendees: Brad Christ, Marc Wallman, Laura Paglione, Dave Robinson, Ann West, Jen Leisure, Brett Bieber,
With: Kevin Morooney, Paul Casey, Steve Zoppi, Elaine Alejo
Regrets: Kristi Holmes, Jeremy Livingston, Klaas Weirenga
Agenda:
Minutes:
Ann and Paul gave some background on the Certificate Service
- Gross revenues of certificate service are substantial to over all T&I budget.
- we are at a point where the community thoughts will be impactful as to where we go from here
Paul Caskey went through the slide deck, and gave a little history on the certificate service . The Steering committee is the official party authority. Some key points:
- 679 subscribers to date
- Sectigo has been provider since 2010
- Same pricing since 2010
- InC ecosystem-InC brings together people and technology
- Community
- Bi annual survey to gauge how we are doing
- Need for automation and integration
- New markets- DoE labs, health care, K-12
- Context Landscape
- CA/browser forum changes
- Shortening certificate lifetime
- Certificate futures
- IOT/Internet of things
- Encryption
- CA/browser forum changes
Kevin shared in chat where to locate the labs who use the cert service https://incommon.org/community-organizations/
...
With:
Regrets:
, choose the radio button on the left side of the page (Research Organizations)
Ann- gave a review of Platform and PKI use cases- lifecycle management platform
Current service has InCommom in the middle. We provide some L1 support
Our platform used to be innovative but now is lagging behind. Sectigo cared about market share, not revenue. Now they care about expansion of services.
We areBeginning to explore two options with Sectigo for higher-ed option where organizations can tailor their service:
- Current platform with Sectigo-only certificates, but capability to easily add new options
- New platform that aggregates multiple cert offerings under Sectigo Management interface
- We Plan to explore scoped options for smaller organizations- priced lower
Pricing hasn't changed since 2010
InCommon’s 1041 organizations
- - 679 use the Certificate Service
- - 156 use the Certificate Service but not the Federation
The InCommom Certificate service was established in 2010 before NET+. This could become like a NET+ service in the future
The annual participation and certificate service fees are:
- Non Internet2 member- 27,000 annual (high end)
- Small baccalaureate, and I2 member - 4,000 (low end)
Future opportunities:
- Bundle certificate service with eduroam to enable device authentication
- Ease onboarding into eduroam
- Campus IOT- additional cost to sectigo
Discussion:
What's important to the next round of adopters?-
DaveB : that depends on the size and how complex is needed, more about reliability, that's what held us up for so long. There has been bad experiences with comodo, throughout higher ed
Laura- pricing structure- flat service offering , have any studies been done on how many certs per institution are used? Any analysis on the number of certs per organization?
Jen- what are the user profiles for the smaller institutions? Could they be at a lower tear and not be unlimited?
Paul confirmed there are 240,000 active certs right now,
- Having More variability is more expensive
Brett- need to figure out what we are going to do when multifactor makes us eliminate our credentials. Where can we go? We Have explored K-12 certs with regionals , where there is a natural connection
Kevin- what is the cost related to switching opportunity costs. Canvas has the most disruptive switching costs in a NET+ service. Docusign's switching costs are not as big a deal
Brett- think it is minimal, but if we began to automate the renewals there would be alot more involved. +1 by Brad- its manual right now so wouldn't be a big deal. Vendors are making it easier to do self service. They want it to be your problem not theirs.
Dave- we value our network, have been a member of certificate service for a while but have not issued any yet- due to turnover . We want to make sure it works first. Feels it still made sense to be members because if we did go ahead and implement something we would immediately be saving.
Kevin- shared that there was a Review of fees and services at the last board meeting and a Fees working group was formed of which he sits on.
Kevin- we are creating value for Sectigo and they work with us because they learn a lot from how higher ed uses the certs.
Steve added that we are also an extremely market-efficient conduit for them.
Laura- I think it's interesting to do the review of all of these fees together. In many ways I think about the complex fees like a system, and I'm guessing you'll see several institutional "profiles'' of how folks are using the suite of services. Perhaps there will end up being a small set of bundles, and then a group of add-on services that institutions can use once they have selected a bundle. Those bundles could help promote certain services that you want higher "take rates" on, and to change those services that are highly desired by a small group of folks as perhaps an add on that isn't super 'value priced.’ I’m curious about if the cert service would end up in the main bundle vs an add on
Jen asked are all levels at 99% retention?- Ann noted that the smaller schools are the ones that have left. 2 schools merged, several went out of business, a few were merged under a system so they dropped their contracts. Not because they don't want the service but more restructuring on their part.
Laura- is there a price point for those that are only doing InCommon? talking about the wallet based identity management what is the connection between that and cert service?
Steve- they fit together like a puzzle, self carried credentials are usually signed , the cert is used to verify the element that is being signed in the wallet. Your cert is the only cert that can open your wallet. Usually there is a relationship between the cert and your wallet.
Meeting adjourned
...