TBH this is exactly why we jumped ship as soon as we were able - there had been so many niggles and gripes with EMBC over the years that the rather secretive "you'll get information in due course (probably when its too late to go to market or do anything else)" nature of the procurement process was the final nail in the coffin for us.
From a purely selfish angle, neither the lack of a SLA from any emPSN provider, or Capita's HTTPS project bother me one jot because I have a connection with a commercial provider and run my own services - but I am coming at it from the perspective of the feeder schools we provide support to have to live with it and we, by association, have to deal with it on their behalf when it (inevitably!) goes wrong.
Interestingly enough - I have three sites using Capita's filtering and all of them are asking me and @TheCrust what is going on...
The Fourth - which is getting their filtering via RM are having no such problems.
So I have to ask - what are Capita actually playing at? There seems to be no issue with providing "what it says on the tin" with RM. Although - I haven't actually got an SLA for them either, so begs the question...
Has ANYone got an SLA for ANY of the services, no matter who provided by - for ANYthing under the EMPSN umbrella?
As most of you know I am not actively involved in this anymore (and soon won't even be remotely involved) and I haven't really seen anything around the HTTPS Cert until it appeared here ...
However, I'm struggling to see what the question is?
The service (it seems) is to ensure that any https traffic is passed via the webshield service, and part of this is by using an SSL cert so that if anyone tries to bypass the filter to access a HTTPS site it sticks 2 fingers up to them? The way that the service is being described (the REQUEST initiates the query on the filter about what category the site is in and does the user have rights to access sites within that category) is pretty straight forward. They don't touch the RESPONSE side (which is what MITM decrypts will do) so asking "what are they doing with it" is a bit of a red herring.
Honest question here ... not intended to trip anyone up, but do folk know the difference between REQUEST and RESPONSE when it comes to filters / proxies? If this isn't made clear then it can cause confusion (heck, I spent 3 months hammering down what this meant when looking at filters, etc in 1999 ... at the same time as trying to get my head around DNS and BIND ...)
To be honest Tony, the underlying issue from our perspective is Capita seemingly acting in a rather high-handed way - refusing to disclose if there is even a SLA, let alone what the terms of it might be, implementing changes (seemingly arbitrarily) without consultation with the schools as clients, and being reluctant to discuss any part of those changes with either us as the client's technical contacts or the clients themselves - that sort of thing. I know the other secondaries in our LA have issues with Capita's performance too: good examples from email contact I've had with other NMs are the handling of calls, and poor performance of the webshield service.
At the emPSN pre-sales briefings we (and representatives from the feeder schools we support) attended, all sorts of promises were made by both provider and LA representatives: not least that given previous niggles with EMBC, the schools themselves would be the direct clients of the providers so could talk directly to the companies involved rather than have to route stuff through the LA. Further promises were made that services and connections procured would be provided to SLA, and the individual schools would be able to access and manage the contracts under the SLA, putting them "back in the driving seat" if (when!) things started to go awry.
Now as far as we can tell nearly six months on, there is no SLA. Nor procedure for the management of change, mechanism for the providers to actually communicate with the clients or vice verse, or for the clients to actually monitor the performance of the providers in any meaningful way and deal with non-performance.
It seems like there is an impenetrable wall of silence surrounding this issue: the providers themselves seem to deflect or ignore any question on the matter, and our LA appears to go selectively deaf when this subject comes up. It's all highly frustrating when all I want to do is establish where the schools stand in the relationship with providers under the emPSN framework!