Attendees: Brad Christ, Marc Wallman, Laura Paglione, Dave Robinson, Ann West, Jen Leisure, Brett Bieber,
With: Kevin Morooney, Paul Casey, Steve Zoppi, Elaine Alejo
Regrets: Kristi Holmes, Jeremy Livingston, Klaas Weirenga
Agenda:
Minutes:
Ann West and Paul Caskey provided an in-depth review of the Certificate Service.
- Certificate service revenues represent a substantial portion of the over all T&I budget.
- We are at a point with the serivce where the community input will be critically important to help determine the future of the service
Kevin shared in chat where to locate government labs who use the service https://incommon.org/community-organizations/
Ann provided a review of Platform and PKI use cases.
The current offering has InCommon "in the middle" of the service. InCommon also provides some level 1 support.
The offering was innovative when first introduced but now is lagging a bit behind. Sectigo's focus seems to have shifted from capturing market share to expansion of services and capabilities.
We are beginning to explore options with Sectigo where subscribers can tailor their service:
- Current platform with Sectigo-only certificates, but capability to easily add new options
- New platform that aggregates multiple cert offerings under Sectigo Management interface
- Plans to explore scoped options for smaller organizations- priced lower
Future opportunities:
- Bundle certificate service with eduroam to enable device authentication
- Ease onboarding into eduroam
- Campus IOT
Discussion:
What's important to the next round of adopters?
DaveB : that depends on the size and how complex is needed, more about reliability, that's what held us up for so long. There has been bad experiences with comodo, throughout higher ed
Laura: pricing structure- flat service offering , have any studies been done on how many certs per institution are used? Any analysis on the number of certs per organization?
Jen: what are the user profiles for the smaller institutions? Could they be at a lower tear and not be unlimited?
Paul confirmed there are 240,000 active certs right now. Having more variability increases costs.
Brett: need to figure out what we are going to do when multifactor makes us eliminate our credentials. Where can we go? We Have explored K-12 certs with regionals , where there is a natural connection
Kevin: what do you see as the costs related to switching/opportunity costs.
Brett: think it is minimal, but if we began to automate the renewals there would be alot more involved. +1 by Brad- its manual right now so wouldn't be a big deal. Vendors are making it easier to do self service. They want it to be your problem not theirs.
Dave: we value our network, have been a member of certificate service for a while but have not issued any yet- due to turnover . We want to make sure it works first. Feels it still made sense to be members because if we did go ahead and implement something we would immediately be saving.
Kevin: shared that there was a review of all Internet2 fees and services at the last board meeting and that a sees working group is being created, upon which he will serve.
Kevin: we are creating value for Sectigo and they learn a lot from how the complexities of how higher education institutions use the service.
Steve: we are also an extremely market-efficient conduit for them.
Laura: I think it's interesting to do the review of all of these fees together. In many ways I think about the complex fees like a system, and I'm guessing you'll see several institutional "profiles'' of how folks are using the suite of services. Perhaps there will end up being a small set of bundles, and then a group of add-on services that institutions can use once they have selected a bundle. Those bundles could help promote certain services that you want higher "take rates" on, and to change those services that are highly desired by a small group of folks as perhaps an add on that isn't super 'value priced.’ I’m curious about if the cert service would end up in the main bundle vs an add on
Jen: are all levels at 99% retention?- Ann noted that the smaller schools are the ones that have left. 2 schools merged, several went out of business, a few were merged under a system so they dropped their contracts. Not because they don't want the service but more restructuring on their part.
Laura: is there a price point for those that are only doing InCommon? talking about the wallet based identity management what is the connection between that and cert service?
Steve: they fit together like a puzzle, self carried credentials are usually signed , the cert is used to verify the element that is being signed in the wallet. Your cert is the only cert that can open your wallet. Usually there is a relationship between the cert and your wallet.
Meeting adjourned