research-article

Federated identity to access e-government services: are citizens ready for this?

Authors:

Sacha Brostoff,

Charlene Jennett,

Miguel Malheiros,

M. Angela SasseAuthors Info & Claims

DIM '13: Proceedings of the 2013 ACM workshop on Digital identity management

Pages 97 - 108

https://doi.org/10.1145/2517881.2517893

Published: 08 November 2013 Publication History

Abstract

Both the US & UK government have decided that citizens will to authenticate to government using Federated Identity (FedID) solutions: governments do not want to be Identity providers (IdPs), but leverage accounts that citizens have with other service providers instead. We investigated how citizens react to their first encounter FedID authentication in this context. We performed 2 studies using low fidelity prototypes with: in study 1, 44 citizen participants, & in study 2, 22 small business owners, employees & agents. We recorded their reactions during their user journey authenticating with 3rd party providers they already had accounts with. In study 1, 50% of participants said they would not continue to use the system on reaching the hub page, & 45% believed they were being asked to make a payment. 25% of those continuing said they would stop when they reached the consent page, where they were asked by their IdP to authorise the release of their identifying information to the government service. 34% of the participants felt threatened rather than reassured by the privacy protection statement. With study 2's improved prototype, only 14% of participants said they would not continue on reaching the hub page, & 6% abandoned at the consent page. Our results show that usability & acceptance of FedID can be greatly improved by the application of standard HCI techniques, but trust in the ID Provider is essential. We finally report results from a survey of which ID providers UK citizens would trust, & found significant differences between age groups.

References

[1]

Bracken, M. (2012). Identity and Privacy Principles. http://digital.cabinetoffice.gov.uk/2012/04/24/identityand-privacy-principles/

[2]

Braun V. & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative research in psychology, 3(2), pp.77--101.

[3]

Cameron, K. 2005. The Laws of Identity. Retrieved April 1, 2013, from Kim Cameron's Identity Weblog: http://www.identityblog.com/?p=352

[4]

Crane, S., Lacohee, H., & Zaba, S. (2006). Trustguide -- trust in ICT. BT Technology Journal, 24(4), 69--80.

Digital Library

[5]

Dhamija, R., & Dusseault, L. (2008, March/April). The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security and Privacy, 6(2), 24--29

Digital Library

[6]

Florencio, D., & Herley, C. (2007). A large scale study of web password habits. Paper presented at the WWW 2007, Banf, CA.

Digital Library

[7]

Fowler, G. A. (2012, 4th October). Facebook: One Billion and Counting, The Wall Street Journal. Retrieved from http://online.wsj.com/article/SB10000872396390443635404578036164027386112.html

[8]

Friedman, B., Millett, L., Felten, E. (2000). Informed consent online: A conceptual model and design principles. UW CSE Technical Report 00--12-02. Seattle, WA: University of Washington, Department of Computer Science and Engineering.

[9]

Inglesant, P., & Sasse, M. A. (2010). The true cost of unusable password policies: password use in the wild. Paper presented at the CHI 2010, Atlanta, GA.

Digital Library

[10]

Jøsang, A., AlZomai, M., and Suriadi, S. (2007). Usability and Privacy in Identity Management Architectures. Proceedings of the Australasian Information Security Workshop (AISW'07), Ballarat, January 2007.

Digital Library

[11]

Krol, K., Moroz, M. and Sasse, M. A. (2012). Don't Work. Can't Work? Why It's Time to Rethink Security Warnings. Paper presented at the 7th International Conference on Risks and Security of Internet and Systems (CRiSIS 2012), 10--12 October 2012, Cork, Ireland.

Digital Library

[12]

Paine, C., Reips, U.-D., Stieger, S., Joinson, A. and Buchanan, T. (2007). Internet users' perceptions of "privacy concerns" and "privacy actions". International Journal of Human-Computer Studies, 65, 526--536.

Digital Library

[13]

Rahaman, A, Sasse, M. A. (2010) A framework for the lived experience of identity. Identity in the Information Society. 3(3), 605--638. Available at: http://dx.doi.org/10.1007/s12394-010-0078--3

Digital Library

[14]

Riegelsberger, J., & Sasse, M. A. (2000). "Trust me, I'm a. com" The problem of reassuring e-shoppers. INTERMEDIA-LONDON-, 28(4), 23--27.

[15]

Riegelsberger, J., Sasse, M. A., & McCarthy, J. D. (2005). The mechanics of trust: A framework for research and design. International Journal of Human-Computer Studies, 62(3), 381--422.

Digital Library

[16]

Rogers, E. M. (1982) Diffusion of Innovations. Free Press, New York.

Cited By

Sasse MSteves MKrol KChisnell D(2014)The Great Authentication Fatigue – And How to Overcome ItCross-Cultural Design10.1007/978-3-319-07308-8_23(228-239)Online publication date: 2014
https://doi.org/10.1007/978-3-319-07308-8_23
King OGoodell G(undefined)Analysis of a Decentralised Digital Token Architecture for Public TransportSSRN Electronic Journal10.2139/ssrn.3742053
https://doi.org/10.2139/ssrn.3742053

Index Terms

Federated identity to access e-government services: are citizens ready for this?
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

Criteria for Evaluating the Privacy Protection Level of Identity Management Services
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies

Identity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and ...
Use Cases for Identity Management in E-Government

E-government provides a special and complex use case for identity management systems, first because the needs of some parts of the government (such as law enforcement and national security) are often at odds with the service-oriented aspects of ...
Identity Management

The Identity Solutions Symposium held in Jonesboro, Arkansas, 21 to 22 February, 2007 brought together academic, industry, and government experts working on radio frequency identification (RFID), biometrics, sensors, animal identification, identity ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DIM '13: Proceedings of the 2013 ACM workshop on Digital identity management

November 2013

114 pages

ISBN:9781450324939

DOI:10.1145/2517881

General Chairs:
Thomas Groß
Newcastle University, UK
,
Marit Hansen
Unabhängiges Landeszentrum für Datenschutz (ULD), Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 8, 2013

Berlin, Germany

Acceptance Rates

DIM '13 Paper Acceptance Rate 8 of 18 submissions, 44%;

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
344
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sasse MSteves MKrol KChisnell D(2014)The Great Authentication Fatigue – And How to Overcome ItCross-Cultural Design10.1007/978-3-319-07308-8_23(228-239)Online publication date: 2014
https://doi.org/10.1007/978-3-319-07308-8_23
King OGoodell G(undefined)Analysis of a Decentralised Digital Token Architecture for Public TransportSSRN Electronic Journal10.2139/ssrn.3742053
https://doi.org/10.2139/ssrn.3742053

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents