ABSTRACT
Healthcare organizations are struggling to meet industry best practices for information security as well as complying with regulatory requirements. Single sign-on technology is emerging as a leading technology for password authentication management and promises to improve security while curbing system maintenance costs. While the technology seems to be a simple viable solution for authentication, when placed in context, many socio-technical complexities emerge. One of these complexities is that of the mismatch between the users' mental models and the system model.
This study was a 15-month ethnographic field study that followed the implementation of a single sign-on system in a hospital environment. It resulted in the finding that the misaligned mental models caused difficulties not only for the user but for the system administrators. The findings also indicate that not only was the user's mental model of the technology inaccurate, but the presentation of the technology by the information technology group contributed to this misaligned understanding. The end result was dissatisfaction with the new technology for both end users and the system administrators.
In order to address the critical issue of mental model misalignment in the implementation of SSO technology, practitioners must first gain an understanding of the preexisting mental models had by the target users regarding authentication and then use this information to guide implementation of the new technology.
- The New Oxford American Dictionary. McKean, E. ed., Oxford University Press, 2005.Google Scholar
- Webster's New Millennium Dictionary of English, Preview Edition. Kipfer, B. A. ed., Lexico Publishing Group, Long Beach, 2007.Google Scholar
- Adams, A. and Sasse, M. A. Users are not the enemy. Communications of the ACM, 42 (12). 40--46. Google ScholarDigital Library
- Anchan, D. and Pegah, M. Regaining single sign-on taming the beast. Proceedings of the 31st annual ACM SIGUCCS conference on User services. 166--171. Google ScholarDigital Library
- Bardram, E. The trouble with login: on usability and computer security in ubiquitous computing. Personal Ubiquitous Computing., 9 (6). 357--367. Google ScholarDigital Library
- Borgman, C. The users mental model of an information retrieval system: an experiment on a prototype online catalog. International Journal of Human-Computer Studies, 51 (2). 435--452. Google ScholarDigital Library
- Carroll, J and Olson, J. "Mental Models in Human-Computer Interaction" in Handbook of Human-Computer Interaction, M Helander (ed), Elsevier, 1988Google Scholar
- Fein, R. M., Olson, G. M. and Olson, J. S. A mental model can help with learning to operate a complex device. Conference on Human Factors in Computing Systems. 157--158. Google ScholarDigital Library
- Ives, B., Walsh, K. R. and Schneider, H. The domino effect of password reuse. Communications of the ACM, 47 (4). 75--78. Google ScholarDigital Library
- Jøsang, A., J. Fabre, et al. Trust Requirements in Identity Management. Australasian Information Security Workshop, Newcastle, Australia, 2005. Google ScholarDigital Library
- McDaniel, S. What's Your Idea of a Mental Model. Boxes and Arrows.Google Scholar
- Norman, D. The Design of Everyday Things. Doubleday/Currency, New York, 1988.Google Scholar
- Norman, D. A. and Collyer, B. The design of everyday things. Basic Books New York, 2002. Google ScholarDigital Library
- Patton, M. Q. Qualitative evaluation and research methods.Google Scholar
- Pellissier, S. V. Effective Authentication in a Medical Environment - Business Case Analysis. ATI IPT Technical Report 01-01. DAMD17-99-C-9001, Frederick, MD, USA, 2001.Google Scholar
- Preece, Rogers, & Sharp. Interaction design: Beyond human-computer interaction. John Wiley & Sons, Inc, 2002 Google ScholarDigital Library
- Sasse, M. A. Eliciting and Describing Users' Models of Computer Systems Computer Science, University of Birmingham, Birmingham, UK, 1997.Google Scholar
- Shneiderman, B. Designing the user interface: strategies for effective human-computer interaction. Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA, 1992. Google ScholarDigital Library
- Van Der Veer, Gerrit and Melguize, Maria,(2003) "Mental Models', In J. A. Jacko and A. Sears (EDS.), The Human Computer Interaction Handbook, p 52--80, Mahwah, NJ: Lawrence Associates Google ScholarDigital Library
- Yan, J., Blackwell, A., Anderson, R. and Grant, A. Password memorability and security: empirical results. Security & Privacy Magazine, IEEE, 2 (5). 25--31. Google ScholarDigital Library
Index Terms
- Network authentication using single sign-on: the challenge of aligning mental models
Recommendations
A Model of Unite-Authentication Single Sign-On Based on SAML Underlying Web
ICIC '09: Proceedings of the 2009 Second International Conference on Information and Computing Science - Volume 02Single Sign-on (SSO) based on the Security Assertion Markup Language (SAML) technology is a very important Web security technology, in a flexible and interoperable way to achieve heterogeneous system security. SAML has been the emergence of an effective ...
Security methods and approaches for internal and external network hospital information systems with single sign-on
Hospital information systems are vast and very complex, and include a variety of services. They have become a necessity nowadays, both due to the value added services they provide and to their penetration in the healthcare market. Yet, there is a variety ...
Dynamic Security Assertion Markup Language: Simplifying Single Sign-On
Dynamic Security Assertion Markup Language (SAML) simplifies the establishment of secure single sign-on between Web applications in different organizations by automating the exchange of SAML configuration information and simplifying cryptographic trust ...
Comments