Understanding users’ mental models of Federated Identity Management (FIM): use of a new tangible elicitation method

Helen Petrie*, Gayathri Sreekumar, Siamak F. Shahandashti

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
Original languageEnglish
Title of host publicationIFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2024)
Publication statusAccepted/In press - 30 May 2024
EventInternational Symposium on Human Aspects of Information Security & Assurance - Skövde, Sweden
Duration: 9 Jul 202411 Jul 2024
Conference number: 18th
https://haisa.org/

Conference

ConferenceInternational Symposium on Human Aspects of Information Security & Assurance
Abbreviated titleHAISA 2024
Country/TerritorySweden
CitySkövde
Period9/07/2411/07/24
Internet address

Bibliographical note

This is an author-produced version of the published paper. Uploaded in accordance with the University’s Research Publications and Open Access policy.

Keywords

  • Federated Identity Management
  • Mental Models
  • Fuzzy Felt Method
  • Single Sign-On

Cite this