TY - GEN
T1 - Understanding Users’ Mental Models of Federated Identity Management (FIM)
T2 - 18th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2024
AU - Petrie, Helen
AU - Sreekumar, Gayathri
AU - Shahandashti, Siamak F.
N1 - This is an author-produced version of the published paper. Uploaded in accordance with the University’s Research Publications and Open Access policy.
PY - 2025
Y1 - 2025
N2 - The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
AB - The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
KW - Federated Identity Management (FIM)
KW - Fuzzy-Felt Method
KW - Mental Models
UR - http://www.scopus.com/inward/record.url?scp=85211322358&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-72559-3_21
DO - 10.1007/978-3-031-72559-3_21
M3 - Conference contribution
AN - SCOPUS:85211322358
SN - 9783031725586
T3 - IFIP Advances in Information and Communication Technology
SP - 308
EP - 322
BT - Human Aspects of Information Security and Assurance - 18th IFIP WG 11.12 International Symposium, HAISA 2024, Proceedings
A2 - Clarke, Nathan
A2 - Furnell, Steven
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 9 July 2024 through 11 July 2024
ER -