Petrie, Helen orcid.org/0000-0002-0100-9846, Sreekumar, Gayathri and Shahandashti, Siamak F. orcid.org/0000-0002-5284-6847 (Accepted: 2024) Understanding users’ mental models of Federated Identity Management (FIM): use of a new tangible elicitation method. In: IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2024). International Symposium on Human Aspects of Information Security & Assurance, 09-11 Jul 2024 , SWE (In Press)
Abstract
The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
Metadata
Item Type: | Proceedings Paper |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | This is an author-produced version of the published paper. Uploaded in accordance with the University’s Research Publications and Open Access policy. |
Keywords: | Federated Identity Management,Mental Models,Fuzzy Felt Method,Single Sign-On |
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 24 Jun 2024 11:30 |
Last Modified: | 21 Oct 2024 00:02 |
Status: | In Press |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:213768 |
Download
Filename: FIM_FF_CR.pdf
Description: Federated Identity Management - Fuzzy Felt - HAISA 2024
Licence: CC-BY 2.5