Factors Affecting User Adoption of Identity Management Systems: An Empirical Study Ali Alkhalifah A thesis in fulfilment of the requirements for the degree of Doctor of Philosophy School of Information Systems, Technology and Management Australian School of Business The University of New South Wales (UNSW) 2013
390
Embed
Factors Affecting User Adoption of Identity Management Systems
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Factors Affecting User Adoption of Identity
Management Systems: An Empirical Study
Ali Alkhalifah
A thesis in fulfilment of the requirements for the degree of Doctor of Philosophy School of Information Systems, Technology and Management Australian School of Business The University of New South Wales (UNSW) 2013
THE UNIVERSITY OF NEW SOUTH WALES
Thesis/Dissertation Sheet
Surname or Family name: Alkhalifah
First name: Ali
Abbreviation for degree as given in the University calendar: PhD
Other name/s:
School: Information Systems, Technology and Management
Title: Factors Affecting User Adoption of Identity Management Systems: An Empirical Study.
Faculty: Australian School of business
Abstract 350 words maximum:
Web-based identity management systems (IdMS), a new and innovative information technology (IT) artefact, involve the integration of emerging technologies and business processes to create identity-centric approaches for the management of users, their attributes, authentication factors and security privileges across the Internet within multiple websites.With the growth of online identities on the Internet, IdMS enable the use of the same user data, managed identifiers and authentication credentials across multiple websites, reducing the number of identifiers (e.g. passwords) and profiles with which a user has to deal.The key to the adoption of any solution in the online identity space is the willingness of the user population to accept the proposed solution. Understanding factors that affect user adoption of innovative IT is of interest to researchers in a diversity of fields. However, no research has investigated the conceptualization and measurement, and empirically examined the initial adoption of IdMS from the end-user perspective. The main objective of this study is to fill this clear gap by aiming to develop a theoretical model by integrating theories from information systems and psychology literature to understand and empirically examine the important factors affecting the user adoption of IdMS. The study suggests a positive-quantitative approach to explain and predict a causal model and validate the results. The research instruments were developed and validated using pre-tests and pilot study. The data collection was carried out using an online survey method, with 332 respondents form Facebook and LinkedIn users. Data analyses were conducted under structural equation modelling using the partial least squares technique. The model was successfully validated, and statistically significant confirmation was provided that perceived usefulness, perceived ease of use, fit, trusting beliefs, trust in the Internet, information disclosure, privacy concerns and cost influenced behavioural intentions to adopt IdMS. The study theoretically extends the body of knowledge of IT adoption into the IdMS domain. Moreover, it provides a theoretical user-adoption model relevant to IdMS. For practitioners, the study develops guidelines for IdMS designers and provides for the employment of more targeted implementation efforts. The study discusses some implications and highlights some opportunities for creating and enhancing new IdMS.
Declaration relating to disposition of project thesis/dissertation
I hereby grant to the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or in part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all property rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation.
I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstracts International (this is applicable to doctoral theses only).
… ………
Signature
……………………………………..………………
Witness
……….………23/8/2013…………
Date
The University recognises that there may be exceptional circumstances requiring restrictions on copying or conditions on use. Requests for restriction for a period of up to 2 years must be made in writing. Requests for a longer period of restriction may be considered in exceptional circumstances and require the approval of the Dean of Graduate Research.
FOR OFFICE USE ONLY
Date of completion of requirements for Award:
THIS SHEET IS TO BE GLUED TO THE INSIDE FRONT COVER OF THE THESIS
COPYRIGHT STATEMENT
‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.'
Signed ………… ……………………. Date …………23/8/2013…………………………………..........
AUTHENTICITY STATEMENT
‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’
Signed ………… …………….
Date ……......23/8/2013 ……………
ORIGINALITY STATEMENT ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project's design and conception or in style, presentation and linguistic expression is acknowledged.’
Signed ………… ...,,,,, Date ………23/8/2013…………………..............
I
Abstract
Web-based identity management systems (IdMS), a new and innovative information technology
(IT) artefact, involve the integration of emerging technologies and business processes to create
identity-centric approaches for the management of users, their attributes, authentication factors
and security privileges across the Internet within multiple websites.With the growth of online
identities on the Internet, IdMS enable the use of the same user data, managed identifiers and
authentication credentials across multiple websites, reducing the number of identifiers (e.g.
passwords) and profiles with which a user has to deal.The key to the adoption of any solution in
the online identity space is the willingness of the user population to accept the proposed
solution. Understanding factors that affect user adoption of innovative IT is of interest to
researchers in a diversity of fields. However, no research has investigated the conceptualization
and measurement, and empirically examined the initial adoption of IdMS from the end-user
perspective. The main objective of this study is to fill this clear gap by aiming to develop a
theoretical model by integrating theories from information systems and psychology literature to
understand and empirically examine the important factors affecting the user adoption of IdMS.
The study suggests a positive-quantitative approach to explain and predict a causal model and
validate the results. The research instruments were developed and validated using pre-tests and
pilot study. The data collection was carried out using an online survey method, with
332 respondents form Facebook and LinkedIn users. Data analyses were conducted under
structural equation modelling using the partial least squares technique. The model was
successfully validated, and statistically significant confirmation was provided that perceived
usefulness, perceived ease of use, fit, trusting beliefs, trust in the Internet, information
disclosure, privacy concerns and cost influenced behavioural intentions to adopt IdMS. The
study theoretically extends the body of knowledge of IT adoption into the IdMS domain.
Moreover, it provides a theoretical user-adoption model relevant to IdMS. For practitioners, the
study develops guidelines for IdMS designers and provides for the employment of more
targeted implementation efforts. The study discusses some implications and highlights some
opportunities for creating and enhancing new IdMS.
II
Publications Relating to this Thesis
1. Alkhalifah, A. & D'Ambra, J. 2011. Applying Task-Technology Fit to the Adoption of Identity Management Systems. Proceedings of the 22nd Australasian Conference on Information Systems (ACIS2011), Sydney, Australia.
2. Alkhalifah, A. and D'Ambra, J. 2011. A Research Methodology to Explore User Acceptance of Identity Management Systems. In: Karnik, Ajit - Stephenson, Marcus, ed. Proceedings of the First International Conference on Emerging Research Paradigms in Business and Social Sciences (ERPBSS2011). Middlesex University Dubai, Dubai, United Arab of Emirates.
3. Alkhalifah, A. & D'Ambra, J. 2012. Factors Effecting the Adoption of Identity Management Systems: An Empirical Study. Proceedings of the 16th Pacific Asia Conference on Information Systems (PACIS2012), Ho Chi Minh city, Vietnam.
4. Alkhalifah, A. & D'Ambra, J. 2012. The Role of Identity Management Systems in Enhancing Protection of User Privacy. Proceedings of the International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012), IEEE, Kuala Lumpur, Malaysia.
5. Alkhalifah, A. & D'Ambra, J. 2012. The Role of Trust in the Initial Adoption of Identity Management Systems. Proceedings of the 21st International Conference on Information Systems Development (ISD2012), Prato, Italy.
Presentation Relating to this Thesis
PhD Doctoral Consortium, the 16th Pacific Asia Conference on Information Systems (PACIS2012), 11-12 July 2012, University of Science, Ho Chi Minh city, Vietnam, 2012.
III
Acknowledgments
I owe sincere thanks to the people who have supported me during my PhD journey, especially
to:
My research supervisor, A/Prof. John D’Ambra, who made me believe in myself and guided me
through the whole process of this research. I am sure that this thesis would not have been
possible without his support, understanding and encouragement.
My parents; you always been me throughout my entire life and educational journey. Thank you
for always encouraging me to reach my dreams. I love you very much.
My wife Alya and son Almohanad for their love and never-ending support. Without you, I
would not be the person I am today.
My brothers and sisters for their encouragement and moral support; you always have been my
greatest persons.
I would like to thank A/Prof. Aybuke Aurum, A/Prof. Kieran Conboy and Dr. Daniel
Schlagwein for their valuable comments and suggestions on the research proposal. I also thank
the Pacific Asia Conference on Information Systems (PACIS 2012) Doctoral Consortium’
counsellors : Prof. Detmar Straub (Georgia State University) , Prof. Guy Gable (Queensland
University of Technology) and A/Prof. Kai-Lung Hui (Hong Kong University of Science and
Technology) for their precious feedback and suggestions on the research model and design.
Finally, I am grateful to Prof. Wynne Chin (University of Houston) for his support in
strengthening my data analysis skills through the partial least squares course work.
Lastly, I would like to show my gratitude to the University of New South Wales, Qassim
University and Saudi Cultural Mission in Australia for their full and financial support during my
PhD journey.
IV
Table of Contents
ABSTRACT ............................................................................................................................................................... I
PUBLICATIONS RELATING TO THIS THESIS .................................................................................................. II
ACKNOWLEDGMENTS ........................................................................................................................................ III
LIST OF TABLES .................................................................................................................................................... X
LIST OF FIGURES ................................................................................................................................................ XII
LIST OF ABBREVIATIONS ............................................................................................................................... XIII
CHAPTER 1: INTRODUCTION 1.1 Introduction and Motivation for the Research ............................................................................................................. 1 1.2 Significance of the Research ................................................................................................................................................. 4 1.2.1 Overview of the Identity Management Systems Research ............................................................................ 5 1.2.2 User Adoption of Identity Management Systems .............................................................................................. 6 1.3 Research Focus, Objective and Question ........................................................................................................................ 8 1.3.1 The Scope of Identity Management Systems in this Study............................................................................ 8 1.4 Overview of the Research Strategy ................................................................................................................................. 10 1.5 Research Contributions ....................................................................................................................................................... 12 1.6 Organization of the Chapters ............................................................................................................................................. 13 1.6.1 Chapter 1: Introduction .............................................................................................................................................. 13 1.6.2 Chapter 2: Literature Review (Identity Management Systems) .............................................................. 13 1.6.3 Chapter 3: Literature Review (Information System, Technology Adoption) .................................... 14 1.6.4 Chapter 4: Conceptual Model and Research Hypotheses ........................................................................... 14 1.6.5 Chapter 5: Research Design and Methodology ................................................................................................ 14 1.6.6 Chapter 6: Instrument Development ................................................................................................................... 15 1.6.7 Chapter 7: Data Analysis and Results .................................................................................................................. 15 1.6.8 Chapter 8: Discussion and Conclusions .............................................................................................................. 15 CHAPTER 2: LITERATURE REVIEW (IDENTITY MANAGEMENT SYSTEMS) 2.1 Introduction .............................................................................................................................................................................. 16 2.2 The Concepts of Identity ...................................................................................................................................................... 18 2.2.1 Identity ............................................................................................................................................................................... 18 2.2.2 Online Identity ................................................................................................................................................................ 19 2.2.3 Partial Identity ................................................................................................................................................................ 20 2.2.4 Identity Management .................................................................................................................................................. 21 2.2.5 Identity Theft ................................................................................................................................................................... 21 2.2.6 Identity 3.0 ....................................................................................................................................................................... 21 2.3 Stakeholders of Identity Management Systems ....................................................................................................... 22 2.4 Definition of Identity Management Systems .............................................................................................................. 23
V
2.4.1 Definition of Identity Management Systems in this Study ......................................................................... 25 2.5 Characteristics and Features of Identity Management Systems ....................................................................... 27 2.5.1 The Laws of Identity .................................................................................................................................................... 27 2.5.2 Functions of Identity Management Systems ..................................................................................................... 27 2.6 The Trajectory of Identity Management Systems Migration .............................................................................. 32 2.6.1 From Proprietary Identity to Open Identity Exchange ................................................................................ 33 2.6.2 Identity Management System Models .................................................................................................................. 35 2.6.3 A Comparison of Identity Management Systems Models ........................................................................... 40 2.7 The Security of Identity Management Systems......................................................................................................... 42 2.8 The Current Identity Management Systems Research .......................................................................................... 44 2.8.1 The Innovation of the Identity Management Systems Research Framework ................................... 44 2.8.2 Research Method ........................................................................................................................................................... 46 2.8.3 Findings and Analysis .................................................................................................................................................. 48 2.8.4 Identity Management System Challenges .......................................................................................................... 58 2.8.5 User Adoption of Identity Management Systems ........................................................................................... 59 2.8.6 Gaps in the Identity Management Systems literature .................................................................................. 61 2.8.7 Conclusion and Future Recommendation .......................................................................................................... 62 2.9 Identity Management Systems Landscape .................................................................................................................. 64 2.10 Summary .................................................................................................................................................................................. 66 CHAPTER 3: LITERATURE REVIEW (INFORMATION SYSTEM, TECHNOLOGY ADOPTION) 3.1 Introduction .............................................................................................................................................................................. 67 3.2 Defining ‘User Adoption of Technology’ ....................................................................................................................... 68 3.3 Adoption Phases ...................................................................................................................................................................... 68 3.4 Review of Existing Technology Adoption Models and Theories ....................................................................... 70 3.4.1 Theory of Reasoned Action ....................................................................................................................................... 71 3.4.2 Theory of Planned Behaviour .................................................................................................................................. 72 3.4.3 Technology Acceptance Model ................................................................................................................................ 73 3.4.4 Innovation Diffusion Theory .................................................................................................................................... 77 3.4.5 Unified Theory of Acceptance and Use of Technology ................................................................................. 78 3.4.6 Task–Technology Fit .................................................................................................................................................... 81 3.6.7 Integrated Model of TAM and TTF ........................................................................................................................ 83 3.4.8 Social Cognitive Theory .............................................................................................................................................. 86 3.4.9 Cognitive Dissonance Theory .................................................................................................................................. 86 3.4.10 Trust–Risk Framework ............................................................................................................................................ 87 3.4.11 Conclusion of Review of Technology Adoption Models and Theories ............................................... 88 3.5 User Adoption of Web–based Services and Technologies ................................................................................... 89 3.5.1 Research Method ........................................................................................................................................................... 90 3.5.2 Analysis and Findings .................................................................................................................................................. 91 3.5.3 Gaps in the Literature on Adoption of Web–based Services and Technologies ............................... 96
VI
3.6 Factors Affecting User Adoption of Identity Management systems (Background and Theoretical Concepts)............................................................................................................................................................................................ 97 3.6.1 Perceived Ease of Use and Perceived Usefulness ........................................................................................... 98 3.6.2 Task and Technology Characteristics ................................................................................................................ 100 3.6.3 Fit ........................................................................................................................................................................................ 101 3.6.4 Perceived Risk............................................................................................................................................................... 105 3.6.5 Trust .................................................................................................................................................................................. 108 3.6.6 Privacy Concerns ......................................................................................................................................................... 112 3.6.7 Individual Difference Variables ............................................................................................................................ 117 3.7 Overall Gaps in the Literature ......................................................................................................................................... 118 3.8 Research Questions .............................................................................................................................................................. 120 3.9 Why Studying the Adoption of IdMS is Different to Any Other IT Artefact ............................................... 120 3.10 Summary ................................................................................................................................................................................ 122 CHAPTER 4: CONCEPTUAL MODEL AND RESEARCH HYPOTHESES 4.1 Introduction ............................................................................................................................................................................ 123 4.2 Research Model...................................................................................................................................................................... 123 4.3 Behavioural Intention (the Outcome Variable) ...................................................................................................... 126 4.4 Perceived Usefulness and Ease of Use ........................................................................................................................ 128 4.5 The Relationships between Perceived Risk and Trust ........................................................................................ 129 4.6 Perceived Risk ........................................................................................................................................................................ 131 4.6.1 Perceived Risk and Behavioural Intention ...................................................................................................... 132 4.7 Trust Constructs .................................................................................................................................................................... 133 4.7.1 Trusting Beliefs ............................................................................................................................................................ 135 4.7.2 Trust in the Internet ................................................................................................................................................... 139 4.8 Information Disclosure ...................................................................................................................................................... 141 4.9 Privacy Concerns ................................................................................................................................................................... 142 4.9.1 Privacy Concern Constructs ................................................................................................................................... 142 4.9.2 Privacy Concerns and Behavioural Intention ................................................................................................. 144 4.9.3 Privacy Concerns and Information Disclosure .............................................................................................. 145 4.9.4 Privacy Concern, Trust and Perceived Risk .................................................................................................... 146 4.10 Task–Technology Fit Constructs ................................................................................................................................. 147 4.10.1 Identity Management System Task Characteristics ................................................................................. 147 4.10.2 The Technology Characteristics of Identity Management Systems .................................................. 148 4.10.3 Fit ..................................................................................................................................................................................... 148 4.11 Situational Variables ......................................................................................................................................................... 151 4.11.1 Cost .................................................................................................................................................................................. 151 4.11.2 Facilitating Conditions ........................................................................................................................................... 152 4.11.3 Subjective Norms ...................................................................................................................................................... 153 4.12 The Moderating Effect: Web Single Sign-On .......................................................................................................... 155
VII
4.12.1Intention to Disclose Identity Information and Intention to Use IdMS ............................................ 155 4.12.2 Perceived Usefulness and Intention to Use .................................................................................................. 156 4.12.3 Trusting Beliefs and Behavioural Intention to Use ................................................................................... 157 4.12.4 Privacy Concerns and Intention to Disclose Identity Information .................................................... 157 4.12.5 Cost and Intention to Use ...................................................................................................................................... 158 4.13 Control Variables ................................................................................................................................................................ 159 4.13.1 Demographic Variables (Age, Gender and Education) ............................................................................ 159 4.13.2 Internet and Web Services Experience .......................................................................................................... 160 4.13.2 Previous Experience of Identity Theft ............................................................................................................ 161 4.14 Summary ................................................................................................................................................................................ 162 CHAPTER 5: RESEARCH DESIGN AND METHODOLOGY 5.1 Introduction ............................................................................................................................................................................ 165 5.2 Research Paradigm .............................................................................................................................................................. 165 5.3 Methodological Approach ................................................................................................................................................. 166 5.4 Research Method .................................................................................................................................................................. 167 5.4.1 Survey ............................................................................................................................................................................... 167 5.4.2 Online Survey ................................................................................................................................................................ 168 4.5.3 Cross-sectional Survey Design .............................................................................................................................. 169 5.5 Data Collection Procedure ................................................................................................................................................ 169 5.5.1 Sampling Technique ................................................................................................................................................... 170 5.5.2 Target Population........................................................................................................................................................ 171 5.5.3 Sample Adequacy ........................................................................................................................................................ 177 5.5.4 Incentive for Participation in the Survey ......................................................................................................... 178 5.5.5 Recruiting Technique ................................................................................................................................................ 178 5.6 Measurement Development ............................................................................................................................................. 180 5.7 Reliability and Validity ....................................................................................................................................................... 181 5.7.1 Reliability ........................................................................................................................................................................ 181 5.7.2 Validity ............................................................................................................................................................................. 182 5.8 Data Analysis ........................................................................................................................................................................... 184 5.8.1 Structural Equation Modelling .............................................................................................................................. 184 5.8.2 Why this Study Chose PLS ....................................................................................................................................... 185 5.8.3 Factor Analysis ............................................................................................................................................................. 186 5.8.4 Structural Model Evaluation .................................................................................................................................. 187 5.9 Statistical Considerations.................................................................................................................................................. 188 5.9.1 Non–responsive Bias ................................................................................................................................................. 189 5.9.2 Distribution Assumptions ....................................................................................................................................... 189 5.9.3 Common Method Variance ...................................................................................................................................... 190 5.10 Estimating the Higher-order Constructs ................................................................................................................. 192 5.10.1 Testing for Higher–order Constructs .............................................................................................................. 194
VIII
5.11 Control Variables ................................................................................................................................................................ 195 5.12 Summary ................................................................................................................................................................................ 197 CHAPTER 6: INSTRUMENT DEVELOPMENT 6.1 Introduction ............................................................................................................................................................................ 198 6.2 Item Creation and Identification .................................................................................................................................... 199 6.2.1 Construct Operationalization ................................................................................................................................ 200 6.3 Pre-Testing Survey Instruments .................................................................................................................................... 211 6.3.1 Expert Review ............................................................................................................................................................... 211 6.3.2 Questionnaire Design ................................................................................................................................................ 213 6.3.3 Survey Pre-tests ........................................................................................................................................................... 215 6.4 Measurement Model Specification ................................................................................................................................ 217 6.5 Pilot Study ................................................................................................................................................................................ 219 6.5.1 Sampling Procedure ................................................................................................................................................... 219 6.5.2 Verifying Data Characteristics ............................................................................................................................... 220 6.5.3 Measurement Assessment ...................................................................................................................................... 221 6.6 Scale Refinement ................................................................................................................................................................... 229 6.7 Summary ................................................................................................................................................................................... 230 CHAPTER 7: DATA ANALYSIS AND RESULTS (MAIN STUDY) 7.1 Introduction ............................................................................................................................................................................ 231 7.2 Sampling Procedure ............................................................................................................................................................ 231 7.2.1 Profile of Respondents .............................................................................................................................................. 232 7.2.2 Verifying data characteristics ................................................................................................................................ 235 7.3 Measurement Model ............................................................................................................................................................ 237 7.3.1 First-order Measurement Model .......................................................................................................................... 237 7.3.2 Interaction Measurement Model .......................................................................................................................... 242 7.3.3 Higher-order Measurement Model ..................................................................................................................... 242 7.4 Structural Model and Hypotheses Testing ................................................................................................................ 246 7.4.1 Main Effect ...................................................................................................................................................................... 246 7.4.2 Moderate Effect ............................................................................................................................................................ 249 7.5 Structural Model Evaluation ............................................................................................................................................ 251 7.6 Impact of Control Variables ............................................................................................................................................. 252 7.6.1 First Analysis for Measurement Properties of Control Variables ......................................................... 252 7.6.2 Impact of Control Variables .................................................................................................................................... 253 7.7 Overall Findings of Hypotheses Testing .................................................................................................................... 254 7.8 Summary ................................................................................................................................................................................... 257 CHAPTER 8: DISCUSSION AND CONCLUSIONS 8.1 Introduction ............................................................................................................................................................................ 258 8.2 Research Objectives and Questions .............................................................................................................................. 258 8.3 Major Findings ....................................................................................................................................................................... 259
IX
8.3.1 To What Extent Do the Factors Affect Users’ Behavioural Intentions to Adopt IdMS? ............... 260 8.3.2 How Do Users Perceive the Factors that Affect IdMS Adoption? .......................................................... 267 8.3.3 How Does Prior Experience of SSO Affect the Adoption of IdMS? ........................................................ 272 8.3.4 Do Individual Differences Have any Effect on User Adoption of IdMS? ............................................. 274 8.4 Contributions and Implications ..................................................................................................................................... 276 8.4.1 Theoretical Contributions ....................................................................................................................................... 276 8.4.2 Practical Implications ................................................................................................................................................ 285 8.5 Research Limitations and Future Directions ........................................................................................................... 288 8.6 Concluding Remarks............................................................................................................................................................ 294 REFERENCES .................................................................................................................................................... 296
APPENDICES Appendix 2.1: Identity Management Systems Standards and Technologies .................................................... 326 Appendix 2.2: A Description of the Publications Identified in the Selection Phase of IdMS Literature Review ............................................................................................................................................................................................... 330 Appendix 3.1: Studies Identified in Selection Phase of Web-based Services and Technologies Adoption Literature ......................................................................................................................................................................................... 334 Appendix 3.2: Studies According to Publications Distribution ............................................................................... 342 Appendix 5: Prevalent Common Method Bias (CMB) Techniques ........................................................................ 343 Appendix 6.1: Initial Questionnaire Draft and Expert Form .................................................................................... 344 Appendix 6.2: Survey Questionnaire Modification After Expert Panel Feedback .......................................... 354 Appendix 6.3: The Survey Questionnaire Used in this Study ................................................................................... 357 Appendix 6.4: Human Ethics Approval .............................................................................................................................. 367 Appendix 6.5: Loading and Cross-loading Matrix (Pilot Study) ............................................................................. 368 Appendix 7.1: Descriptive and ANOVA Statistics .......................................................................................................... 370 Appendix 7.2: Loading and Cross-loading Matrix (Main Study) ............................................................................. 371 Appendix 7.3: Items and Convergent Validity for Fit Construct ............................................................................. 373
X
List of Tables Table 2.1: Comparison between offline identity and online identity ........................................................................... 20 Table 2.2: The Laws of Identity ..................................................................................................................................................... 27 Table 2.3: Comparison of IdMS models ..................................................................................................................................... 40 Table 2.4: Distribution of publications ....................................................................................................................................... 47 Table 2.5: Focus for the IdMS research ...................................................................................................................................... 49 Table 2.6: Distribution of IdMS studies according to their applied application ..................................................... 57 Table 2.7: Identity management system challenges ............................................................................................................ 58 Table 3.1: Theories used in individual and organizational IT adoption research ................................................. 70 Table 3.2: Previous studies that integrate TAM/TTF .......................................................................................................... 85 Table 3.3: Studies published between 2003 and 2012 ....................................................................................................... 92 Table 3.4: Studies according to subject category .................................................................................................................. 92 Table 3.5: Intersection of theoretical models ......................................................................................................................... 93 Table 3.6: Focus of the WBST adoption research .................................................................................................................. 93 Table 3.7: Web-based services and technologies examined ............................................................................................ 94 Table 3.8: Factors affecting user adoption of WBST ............................................................................................................ 95 Table 3.9: Fit conceptualization used in TTF research ..................................................................................................... 103 Table 3.10: Description and definition of perceived risk facets ................................................................................... 107 Table 3.11: Studies of privacy concerns and their measures ........................................................................................ 115 Table 4.1: Relationships between perceived risk and trust ........................................................................................... 131 Table 4.2: Difference between this study and previous trust-TAM studies ............................................................ 138 Table 4.3: Definition of the dimensions of privacy concerns ......................................................................................... 144 Table 4.4: Operationalizing the fit construct ......................................................................................................................... 149 Table 4.5: Main constructs in the research model .............................................................................................................. 163 Table 5.1: Characteristics of the positivist paradigm in social science ..................................................................... 166 Table 5.2: Overview of data collection strategy ................................................................................................................... 170 Table 5.3 Number of Facebook and LinkedIn users across the selected countries ............................................. 176 Table 6.1: Initial items for first-order constructs................................................................................................................ 202 Table 6.2: Initial items for third-order trusting beliefs .................................................................................................... 204 Table 6.3: Initial items for third-order trust in the Internet .......................................................................................... 205 Table 6.4: Initial items for second-order privacy concerns ............................................................................................ 206 Table 6.5: Initial questions related to usage, control and demographic variables .............................................. 207 Table 6.6: The measurement model specification .............................................................................................................. 218 Table 6.7: First reliability evaluation ........................................................................................................................................ 224 Table 6.8: Results of confirmatory factor analysis and descriptive statistics of first-order measurements (pilot study) .......................................................................................................................................................................................... 225 Table 6.9: Correlations of the first-order measurement model (pilot study) ........................................................ 227 Table 6.10: Results of confirmatory factor analysis and descriptive statistics of higher-order measurements (pilot study) .......................................................................................................................................................... 229
XI
Table 7.1: Demographics of Respondents .............................................................................................................................. 233 Table 7.2: Sample Characteristics............................................................................................................................................... 234 Table 7.3: Knowledge of sample about IdMS applications ............................................................................................. 235 Table 7.4: The first-order measurement model (main study) ...................................................................................... 239 Table 7.5: Correlations of the first-order measurement model (main study) ....................................................... 241 Table 7.6: The higher-order measurement model (main study) ................................................................................. 244 Table 7.7: Results of the structural model and hypotheses testing ............................................................................ 249 Table 7.8: Results of moderating hypotheses ....................................................................................................................... 250 Table 7.9: Results of explained variance and predictive relevance ............................................................................ 251 Table 7.10: Measurement model of control variables – the formative construct ................................................ 252 Table 7.11: Impact of control variables ................................................................................................................................... 253 Table 7.12: Overall results of hypotheses testing ............................................................................................................... 255
XII
List of Figures Figure 1.1: Multi-system, multi-device, multi-identity proliferation .............................................................................. 2 Figure 1.2: Research outline ........................................................................................................................................................... 10 Figure 2.1: Informing disciplines (map of the literature review) .................................................................................. 16 Figure 2.2: Correspondence between entities, identities and characteristics/identifiers ................................. 19 Figure 2.3: Identity and partial identities of an exemplary user .................................................................................... 20 Figure 2.4: Isolated IdMS Model .................................................................................................................................................... 36 Figure 2.5: Centralized IdMS model ............................................................................................................................................ 37 Figure 2.6: Decentralized IdMS model ....................................................................................................................................... 39 Figure 2.7: The TFI model of information systems .............................................................................................................. 46 Figure 2.8: Number of publications per year .......................................................................................................................... 48 Figure 2.9: Classification of IdMS empirical research based on research methods used ................................... 53 Figure 2.10: Distribution of research focus perspectives over the TFI categories ................................................ 54 Figure 2.11: Distribution of IdMS by nature of research over the TFI categories ................................................. 55 Figure 2.12: Identity management systems research framework ................................................................................ 56 Figure 2.13: Identity management landscape ........................................................................................................................ 65 Figure 3.1: Theory of reasoned action (TRA) .......................................................................................................................... 72 Figure 3.2: Theory of planned behaviour (TPB) .................................................................................................................... 73 Figure 3.3: Technology acceptance model (TAM)................................................................................................................. 74 Figure 3.4: The original TAM model and four categories of modifications ............................................................... 76 Figure 3.5: Unified theory of acceptance and use of technology (UTAUT) .............................................................. 79 Figure 3.6: Unified theory of acceptance and use of technology2 (UTAUT2) .......................................................... 81 Figure 3.7: Basic task-tecgnology fit (TTF) model ................................................................................................................ 82 Figure 3.8: Integrated TAM/TTF model .................................................................................................................................... 84 Figure 3.9: Statistical model for task-technology fit as moderation........................................................................... 105 Figure 4.1: Research model ........................................................................................................................................................... 125 Figure 4.2: Initial trust in IdMS adoption ................................................................................................................................ 134 Figure 4.3: Operationalizing the TTF model in this study (Fit as moderation)..................................................... 150 Figure 5.1: Banner advertisement .............................................................................................................................................. 180 Figure 6.1: Overview of instrument development procedure ....................................................................................... 199 Figure 7.1: Third–order reflective trusting beliefs model .............................................................................................. 244 Figure 7.2: Third-order reflective trust in the Internet model ..................................................................................... 245 Figure 7.3: Second-order reflective privacy concerns model ........................................................................................ 245 Figure 7.4: Results of the structural model ............................................................................................................................ 248
XIII
List of Abbreviations
BI CDT CFA CFIP CMB CMC CMV CV EFA FIM FIMS HCI ICT IdM IdMS IdP IDT INTD INTU IS IT IUIPC PCA PEOU PR PRIME PLS PU RP SAML SCT SEM SET SP SSO TAM TPB TRA TTF UTAUT WBST
Behavioural IntentionCognitive Dissonance Theory Confirmatory Factor Analysis Concern for Information Privacy Common Method Bias Computer Mediated Communication Common Method Variance Control Variable Exploratory Factor Analysis Federated Identity Management Federated Identity Management Systems Human Computer Interaction Information Communication Technology Identity Management Identity Management Systems Identity Provider Innovation Diffusion Theory Intention to Disclose identity information Intention to Use Information System Information Technology Internet Users’ Information Privacy Concerns Principal Component Analysis Perceived Ease of Use Perceived Risk Privacy and Identity Management for Europe Project Partial Least Squares Perceived Usefulness Relying Party Security Assertion Markup Language Social Contract Theory Structural Equation Modelling Social Exchange Theory Service Provider Single Sign-On Technology Acceptance Model Theory of Planned Behaviour Theory of Reasoned Action Task Technology Fit Unified Theory of Acceptance and Use of Technology Web-Based Services and Technologies
Chapter 1: Introduction
1.1 Introduction and Motivation for the Research
Today, the advent of Web 2.0 and Web 3.0 has followed personalized services, such as e-
government, e-commerce, and e-health applications, which involve and process a significant
amount of personal information. For instance, social networking sites such as Facebook enable
users to create detailed user profiles and to replicate and develop real-world social networks.
This trend has contributed to the growth of online identities, which contain a great deal of
information about users, including personal attributes and behavioural preferences as well as
access-related metadata. These personalized services represent a shift from a technical
development perspective to a traditional concept of identity that is socio-technically driven
towards facilitating social interactions and services (McLaughlin, Briscoe & Malone 2010).
The growing use of information and communications technology (ICT) in numerous contexts
such as the increasing presence of organizations on the Internet, and in different online
transactions such as business to customer (B2C) and government to customer (G2C), has
increased the need for users to closely examine how they represent themselves online and how
they identify with whom they are actually interacting (Josang, Al-Zomai & Suriadi 2007; Birrell
& Schneider 2012). Consequently, users of online services have multiple digital identities as
illustrated in Figure 1.1.
Threatening behaviours in the online world are also on the rise, particularly those associated
with identity theft. Identity theft significantly affects the economic decisions that people make
(Akerof & Kranton 2000) and poses security risks targeting both organizations and individuals
(Swartz 2009; Finklea 2012). For example, the US Federal Trade Commission (FTC) estimated
that identity theft costs customers about 50 billion dollars annually (FTC 2011, 2012).
Nevertheless, whereas proving claims of theft in the normal offline (bricks-and-mortar) world
are made according to well-known procedures, online identity management lacks the same
Chapter 1: Introduction
2
degree of recourse for consumers (Birrell & Schneider 2012). Identity management (IdM)
solutions manage the identity disorder generated from the use of many separate applications and
support a methodology that increases productivity and security reducing the costs related to
managing users and their identities, credentials and attributes (Lee 2003; Smith 2008; Landau &
Therefore, researchers have called for more focused perspective: the formation of consumers'
initial perceptions and beliefs, such as trust, in new IT artefact (Gefen, Benbasat & Pavlou
2008; Li et al. 2008; Luo et al. 2010).Although a growing body of IS/IT adoption research has
examined the formation of initial beliefs toward new IT, to date, very little research has been
directed at understanding the initial adoption of IdMS. This study synthesizes and extends the
previous work on innovation adoption research into the specific context of IdMS. It contributes
to a better theoretical understanding of the antecedents of user acceptance and user resistance to
adoption and usage of an emerging class of IT artefact, particularly IdMS.
From a practical perspective, knowing which factors are important for adoption and usage
enables systems designers and developers as well as providers to employ more targeted
implementation efforts (Karahanna, Straub & Chervany 1999). According to Kuechler and
Vaishnavi (2012), the design of technology artefacts comprises existing theories from diverse
research domains into the development of new technology. As this study has adopted a number
of behavioural and adoption theories to identify factors affecting user adoption of IdMS, it
provides implications and opportunities for creating or enhancing new IdMS. Furthermore,
Crowston et al. (2010) argued that expanding the boundaries of IS research has implications for
practitioners which researchers have to address. For instance, IS practitioners face a novel
challenge, that is, to make a case for investing in an innovation such as IdMS, which are
Chapter 1: Introduction
13
typically platforms that rely on third-party generated applications and content to complete them
(Crowston et al. 2010). In addition, IdMS providers and designers face the challenge of creating
policies (Hansen et al. 2004; Seltsikas & O‘Keefe 2010; Rossvoll & Fritsch 2013) in an
environment that resists adoption, especially at the individual level (Satchell et al. 2011).This
study addresses these challenges by providing an increased understanding of users’ perceptions
and concerns which, in turn, will provide IdMS practitioners with a tool that can be used to
develop mechanisms and strategies that will encourage IdMS adoption. Hence, the IdMS’
stakeholders can greatly enhance their efficiency and effectiveness. Finally, as identity
management is involved in many Web contexts (Mont, Bramhall & Pato 2003), this study
provides important implications for website developers which should be kept in mind for Web
users’ needs. More details on theoretical and practical contributions are presented in Chapter 8
(see Section 8.4).
1.6 Organization of the Chapters This thesis comprises eight chapters, beginning with this introductory chapter which provides a
snapshot of the current study. A brief overview of the chapters of this thesis is discussed in the
following sections:
1.6.1 Chapter 1: Introduction
The study starts with an introductory chapter (the present chapter) which provides the motivation
and the significance of the research, highlights the focus and the scope of this study and discusses
the research objective and question. This chapter also provides an overview of the research
strategy and contributions to the knowledge, and presents the structure of the thesis.
1.6.2 Chapter 2: Literature Review (Identity Management Systems)
Chapter 2 provides necessary background about IdMS and assesses the state of current IdMS
research. Firstly, this chapter provides a general overview of identity-related concepts.
Secondly, the chapter presents an overview of IdMS in terms of their definitions, composition,
characteristics and functions, and IdMS models. Finally, this chapter introduces the current
Chapter 1: Introduction
14
IdMS research, reviews the literature, identifies the extant gaps in IdMS context and emphasizes
some implications for future research directions into IdMS. This chapter also highlights the
IdMS setting of this study.
1.6.3 Chapter 3: Literature Review (Information System, Technology
Adoption)
Chapter 3 reviews the literature related to user adoption and innovation of IS/IT and Web-based
applications. Firstly, the chapter provides a definition of user adoption of new technology and
discusses the initial adoption stage which is the focus of this study. Secondly, this chapter reviews
a number of well-known models and behavioural theories on the user adoption of IS/IT that
provided theoretical foundations of this research. Thirdly, the chapter provides a review of the
literature on user adoption of Web-based services and technologies (WBST) and presents a
general analysis and the findings of the literature. Fourthly, the chapter discusses the factors
included in this study that affect user adoption of IdMS. Finally, the chapter highlights the overall
gaps identified in the literature and addresses the research questions.
1.6.4 Chapter 4: Conceptual Model and Research Hypotheses
Chapter 4 presents the development of the proposed conceptual model and the associated
hypothesis. This chapter provides an in-depth discussion of each construct in the model and the
development of the proposed hypotheses of this study. Drawing upon the existing theories along
with the context-specific attributes of the IdMS domain, this chapter develops and justifies the
research model and the related hypotheses.
1.6.5 Chapter 5: Research Design and Methodology
Chapter 5 discusses the research methodology. This chapter presents the selected research
paradigm and a discussion of key methodological considerations adopted for this study. The
chapter begins by introducing the positivist research paradigm and the use of the quantitative
method and online survey, followed by explaining the procedure for sampling and collating the
Chapter 1: Introduction
15
research data. The chapter then describes the statistical techniques used to validate and analyse
the data as well as to estimate the parameters of the research model.
1.6.6 Chapter 6: Instrument Development
Chapter 6 outlines the development and validation procedure of the research instrument. This
chapter begins with an explanation of the development of the initial pool of items used in this
study. Then, this chapter describes the initial measurement refining procedures with the expert
panels and survey pre-test phases and discusses the survey design. This is followed by a
discussion on the measurement model specifications (the use of reflective or formative
modelling). Finally, this chapter discusses the pilot study and refinement of the measurements.
1.6.7 Chapter 7: Data Analysis and Results
Chapter 7 presents the results of the main study test of the research model and related
hypotheses. The chapter describes the details emerging from the main survey. This is followed
by in-depth data analyses of the first-order measurement model and the higher-order
measurement model in terms of reliability and validity. Finally, the chapter discusses
hypotheses testing findings and the evaluation of the research model.
1.6.8 Chapter 8: Discussion and Conclusions
Chapter 8 presents the empirical findings, theoretical and practical contributions of the current
study. The chapter outlines the answers to the research questions and discusses the research
hypotheses. It also presents research limitations and future directions. This chapter is organized
as follows. Firstly, the chapter presents a review of the objectives and research questions of this
study. This is followed by a discussion of the empirical findings which address the answers of
the research questions.Then it discusses contributions and implications of the study for both
theory and practice. Next, the chapter discusses the limitations of the study and provides future
directions for further research. Finally, the chapter highlights concluding remarks for the study.
Chapter 2: Literature Review (Identity Management Systems)
2.1 Introduction Given the multidisciplinary nature of IS research and particularly of this study, it is necessary to
identify the informing disciplines and the interdisciplinary field that will structure this research
(Benbasat & Weber 1996; Webster & Waston 2002).The literature review demonstrates that
little is known about user adoption of identity management systems (IdMS). Therefore, two
main bodies of relevant literature and their particular correlated sub-disciplines have been
considered: 1) identity management (IdM) and IdMS; 2) user adoption of IS/IT (UAIS/IT) and
user adoption of Web-based services and technologies (UWBST). Figure 2.1 shows a schema of
the scope of this literature review.
Figure 2.1: Informing disciplines (map of the literature review)
The IdMS literature has its foundations in identity management. Therefore, we provide a review
of the foundations of identity management. The main objective of reviewing IdMS literature is
to provide an overview of IdMS and assess the current IdMS research. It seeks to review the
pre-existing and ongoing work on IdMS that has been conducted in a variety of fields such as
IS/IT and computer science over the last decade. This study attempts to characterize the
development of and the relationships among extant research studies in IdMS. It also discusses
Chapter 2: Literature Review (Identity Management Systems)
17
some gaps in the research which represent future implications and opportunities, in order to
build a strong research tradition in this emerging area.
The aim of IS/IT and Web-based services and technologies (WBST) adoption literature review
is to establish the theoretical foundation of this study by reviewing a number of models and
theories on user adoption of IS/IT, and identifying factors that affect individual acceptance of
these technologies. Because of the lack of studies on user adoption of IdMS and this study
focuses on Web-based IdMS, we believe that the literature associated with IS/IT and WBST
might offer valuable insights into innovative IdMS adoption because of the similarity in terms
of human users interacting with these systems. This chapter (Chapter 2) discusses the literature
related to IdMS studies, while Chapter 3 presents the literature review associated with user
adoption of IS/IT research.
The chapter is organized as follows. Section 2.2 provides a general overview of identity-related
concepts. Next, the chapter presents an overview of IdMS in terms of its stakeholders
(Section 2.3), definitions (Section 2.4), functionality characteristics of IdMS (Section 2.5), and
trajectory of migration from proprietary identity to open identity exchange and types of IdMS
models (Section 2.6). Section 2.7 outlines the security of IdMS and the attacks on online
identity from the end-user perspective. Section 2.8 introduces the current IdMS research. Then,
it discusses the method used to gather and analyze the data. The findings of the analysis are then
presented and discussed. The section’s conclusion identifies the extant gaps in the IdMS context
and highlights some implications for future research directions on IdMS. Section 2.9 highlights
the IdMS landscape adopted in this study. Finally, Section 2.10 provides a summary of this
chapter.
Chapter 2: Literature Review (Identity Management Systems)
18
2.2 The Concepts of Identity This section provides an overview and definitions of identity concepts that are within the IdMS
context and relevant to the current research.
2.2.1 Identity
Identity is responsible for determining access rights to sensitive resources for users. An identity
describes an entity (a person, a computer or an organization, etc.) within a particular domain. An
identity domain is a scope in which each identity is unique (Josang & Pope 2005). Formally, the
identity of an entity within a domain consists of the set of all attributes (unique or non-unique
identifiers) such as those that have been attributed to the entity within the particular domain.
Some of these attributes include personal details, social information, financial information, etc.
The assumption is that a single identity cannot be related to more than one entity. Shared
entities may exist, such as a family identity that corresponds to some people in a family unit.
Nevertheless, the service provider deals with one real world entity (the family) and not with
multiple individuals (Josang & Pope 2005). According to Cao et al. (2011), the definition of an
identity is “the representation, proofs and credentials of user entities which should be provided
to applications and services, and being used to distinguish users from each other and provide
different privileges to different users corresponding to particular contexts” (p. 647). The
relationship between entities, identities and characteristics or identifiers is presented in
Figure 2.2. This study refers to identity information as a set of attributes (along with their
values) describing properties and relevant aspects of an entity (Mont, Bramhall & Pato 2003).
This information is dynamic, which means the set of attributes and their values can change over
time.
Chapter 2: Literature Review (Identity Management Systems)
19
Figure 2.2: Correspondence between entities, identities and characteristics/identifiers
(Source: Josang & Pope 2005, p. 79)
2.2.2 Online Identity
A digital identity or online identity is a digital representation of one or more principles that are
unique to that principal (or group), and that act as a reference to that principal (or group) (Kim,
Zheng & Gupta 2011). In terms of its content, most scholars refer to digital identity as related to
a set of identity information, that is, data relating to a person. Roussos, Peterson and Patel
(2003) declared that digital identity is the electronic representation of personal information of an
individual or organization (name, phone numbers, address, etc.). It refers to how people are
identified on computer systems and over the Internet (Josang & Pope 2005). An individual’s
digital identity may include many different identities issued by many different providers, and
these will be used and trusted by the organization that issued them.
2.2.2.1 Online identity vs. offline identity Some researchers (e.g. Turkle 1997; Kim, Zheng & Gupta 2011) emphasized that an
individual’s identity in an online context would be diverse from (and may not necessarily be
linked with) her/his identity in an offline context. Online identity differs from offline identity in
some aspects (see Table 2.1).
Chapter 2: Literature Review (Identity Management Systems)
20
Table 2.1: Comparison between offline identity and online identity (Source: Kim, Zheng & Gupta 2011, p. 1762)
Dimension Offline identity Online identity Context Face-to-face World Wide Web
Development The development of an offline identity requires considerable time and effort since a person has to build relationships and friendships that portray his or her identity
The development of an online identity is relatively fast because a person exhibits the identity that he or she wishes to portray
Control One cannot control how others perceive oneself. One cannot hide his or her name and other personally identifiable information
The portrayal of one’s identity is under one’s control. One can hide his or her personally identifiable information
Presentation It is difficult to hide one’s identity, and one’s identity is revealed in due course through interactions with others
One can portray his or her identity selectively and differently to different groups of people
Constraints One’s physical situation plays a strong role in defining one’s identity. For example, a poor person may not be able to form an identity amongst rich people
One’s identity is dependent on the characteristics of the system one is using
2.2.3 Partial Identity
An individual can represent a subset of identity information (attributes), which is often referred
to as partial identity. Identity attributes are utilized to express the contents of digital identities or
partial identities (Lips & Pang 2008). Partial identities represent a person in a particular context
in the online environment (McLaughlin, Briscoe & Malone 2010).The concept of partial
identity was introduced by Roger Clarke in 1993, not for privacy-enabling identity
management, but for surveillance (Clarke 1993). Figure 2.3 describes the relationship between
the user and a group of different identities.
Figure 2.3: Identity and partial identities of an exemplary user (Source: Borcea-Pfitzmann et al.
2006, p. 120)
Chapter 2: Literature Review (Identity Management Systems)
21
2.2.4 Identity Management
The term ‘identity management (IdM)’ has become widely used, both in academia and in
practice. However, a commonly accepted meaning for the term is lacking. This lack of a
common understanding can be clarified by the fact that IdM is quite a new term whose meaning
has not yet been completely established (Lips & Pang 2008). The literature indicates that IdM is
strongly related to processes in emerging digital environments (Lips & Pang 2008; Ferdous &
Josang 2013). Another definition of IdM described it as the framework and system used in
computer or communication systems to control identity (Dabrowski & Pacyna 2008). Josang,
Al-Zomai and Suriadi (2007) defined IdM as a process of representing and recognising entities
as digital identities in computer networks. IdM includes procedures, policies and technologies to
provide access and privileges to users through authentication schemes (Lee 2003; Ferdous &
Josang 2013).
2.2.5 Identity Theft
Identity fraud and identity theft are main concerns for consumers who regularly interact online.
These two terms are often used interchangeably. Identity fraud refers to a number of crimes
relating to false identification, that is, to the use of identification belonging to someone else
(Koops & Leenes 2006). Identity theft includes using the personally identifiable information of
another person (Finklea 2012). Both identity fraud and identity theft are crimes often committed
in relationship with other breaches. However, identity theft may include the extra element of
victimization because this form of fraud may directly influence the life of the victim (whose
identity was stolen) and involve defrauding third parties, such as providers, customers, financial
institutions, etc. (Finklea 2012).
2.2.6 Identity 3.0
Identity 3.0 is a tool of new world identity (Siegel 2009). Identity 1.0 was the world of physical
documentation such as ID cards, signatures and fingerprints. Identity 2.0 was user names and
the passwords used on diverse websites and for accessing a myriad of services (El Maliki &
Chapter 2: Literature Review (Identity Management Systems)
22
Seigneur 2007). Identity 3.0 tools encompass more global identifiers, such as OpenID and
information cards or InfoCards (see Appendix 2.1) (El Maliki & Seigneur 2007; Siegel 2009).
According to Sigel (2009), some basic principles of Identity 3.0 include:
• Online, the user is in the centre: websites and services cluster around the user who is
always logged in.
• Fewer passwords are better, but the user can have as many passwords as he/she likes.
• Third-party brokers will assist users in connecting with others with the understanding that
this will occur without the broker giving away sensitive information.
• Users authorize third parties to do only what they want them to do on their behalf and
nothing else.
• The user can create as many identities as he/she wants: each identity gives access to its
own services and communities.
• Identity 3.0 tools help prevent phishing, fraud, identity theft and other common cyber-
crimes.
2.3 Stakeholders of Identity Management Systems Diverse stakeholders participate in the IdMS in different ways. Their participation can be
classified by roles, taking into consideration that any individual participant or set of participants
can play multiple roles (both at the same time and at different times) (Cameron, Posch &
Rannenberg 2009). These roles within the IdMS are the following:
• Users: users are also known as subjects who are users of digital services. Subjects may
act on their own behalf (as individual citizens or customers) or in roles within
organizations, companies or government departments. Users are provided with Web-
based forms to complete their identity information. It is dependent on the Web systems
and by their intended usage of the services that their information is completed
facilitating their profiling. Users’ information is authenticated through various
Chapter 2: Literature Review (Identity Management Systems)
23
techniques. Users can also be businesses registering on various Web portals and
developing their business profiles.
• Identity Providers (IdPs): identity providers issue identities. For example, individuals
might use self-issued identities in contexts such as signing on to websites; credit-card
providers might issue identities that enable payment; businesses might issue identities to
their customers; and governments might issue identities to citizens. The IdPs
authenticate the user’s security and identity information and enable the implementation
of credible information credentials (Cameron, Posch & Rannenberg 2009). These
authenticated user profiles can be easily used through other partners of the system. The
process of authenticating the user information allows the users to access the resources
of service providers sharing a similar platform (Bertino & Takahashi 2010).
• Relying Parties (RPs) or Service Providers (SPs): these are an individual,
organization or service that depends on claims issued by a claims provider about a user
to control access to and personalization of services. The SPs are also the subscribers of
the identity providers and they allow the retrieval and submission of the identity
information through the Internet. These service providers store the user information
using the Web server and secure networks (Bertino & Takahashi 2010). The access
rights provided to access specific information regarding the identity of a user are
provided under limitations set by the service provider and the user.
2.4 Definition of Identity Management Systems Authentication and identification are basic processes of business procedures, technologies and
policies that enable organizations to control and manage their users’ access to critical online
applications while protecting personal business information from unauthorized users (Todorov
2007). Identification (who are you?), authentication (how do we know?) and authorization (what
services and transactions are available to you?) encompass part of identity management and are
implemented through an identity management system (Munkwitz-Smith & West 2004; Todorov
2007).
Chapter 2: Literature Review (Identity Management Systems)
24
The concept of identity management systems (IdMS) is broad and complex because the different
stakeholders’ concerned (users, identity providers and service providers) have different
requirements and different perspectives (Lips & Pang 2008; Alpar, Hoepman & Siljee 2011;
Karch 2011). In addition, IdMS can relate to systems with both a high and low level of security.
Also, IdMS come in the form of user-controlled systems, but are controlled by organizations or
governments (Poetzsch et al, 2009). Moreover, IdMS can be ‘anonymously credential-based’ or
‘token-based’ , meaning that some of these systems rely on the mediation between the user and
service providers, while other systems enable the users create their identity from anonymous
credentials (Poetzsch et al, 2009). Therefore, IdMS have been defined in different meanings and
understandings. IdMS have been defined as the integration of important personal information
from multiple systems into one collaborative and unique identity (Meints & Zwingelberg 2009;
Ferdous & Josang 2013). Cao et al. (2011) defined IdMS as the system, method, rule and policy
that implements identity authentication, authorization management, operation audit and access
control which are based on digital identity. IdMS represent solutions that are employed to
manage end-user authentication, access rights and restrictions, account profiles and other
attributes that provide an individual with more control over his/her identity information (Mont,
Bramhall & Pato 2003). Lee (2003) defined IdMS as the process, policies and emerging
technologies used to manage information about the identity of users and to control access to
online resources (Lee 2003). The goal of IdMS is to foster productivity and security while
lowering the costs related to managing users and their identities, credentials and attributes
(Jensen & Jaatun 2013).
Furthermore, the Future of Identity in the Information Society (FIDIS) (http://www.fidis.net/)
network states that identity management is “the management of digital identities or digital
identity data,” in which there are three main categories or “tiers” of IdMS (Bauer, Meints &
Handsen 2005, pp. 13-14):
a. T1: IdMS for account management, implementing identification,
authentication and authorization.
Chapter 2: Literature Review (Identity Management Systems)
25
b. T2: IdMS for profiling of user data by an organization, e.g. detailed log
files or data warehouses that support, e.g. personalized services or the
analysis of customer behaviour.
c. T3: IdMS for user-controlled context-dependent role and pseudonym
management.
2.4.1 Definition of Identity Management Systems in this Study
As was discussed previously, IdMS is a broad concept and has been defined using diverse
meanings and terminologies. The conceptualization of IdMS concepts is difficult (Seltsikas &
O’Keefe 2010), and consolidated terminology and terms for this field do not yet exist
(Pfitzmann & Hansen 2010). For this reason, it is important to provide a clear and extended
definition as well as in-depth understanding of IdMS that fits the study scope:
This study focuses on Web-based IdMS and defines IdMS as the business processes, policies and
emerging technologies for the creation, maintenance and use of online identities across the
Internet and within online service providers. IdMS are services available on the Web that
enable users to create and manage their online identities. In the offline world, a person carries
multiple forms of identification in her or his wallet, such as driver's licence, health insurance
card, credit cards and affinity cards such as frequent flyer and loyalty cards. Similarly, IdMS
enable individuals to create a number of digital cards which they use to identify themselves with
Web services that accept them. If a user subscribes to an identity management service, they can
access websites affiliated with the identity management service. The user can manage their
identity information among various websites in an integrated way through this service. (This
definition is adapted from: Lee 2003; Poetzsch et al. 2009; Pfitzmann & Hansen 2010; Hitachi
ID Systems Inc 2012; Ferdous & Josang 2013).
IdMS are denoted as systems which are used to manage end-user authentication, access rights
and implement restrictions. The account profiles of users are also managed through the usage of
the system. IdMS enable the provision of control to the end-users in order to create, alter, edit
and manage their online profiles. The concept of online identity is based on the phenomenon of
Chapter 2: Literature Review (Identity Management Systems)
26
physical identity, and it allows the creation and management of the identity of an individual or
an enterprise over the Internet to provide a single platform.
Citizens of different societies are required to obtain a number of documents clarifying their
identity and information regarding a number of personal attributes. These identity profiles are
documented in the form of their identity cards, driving licences, insurance records and health
information. It is also required in the real world that the personal information associated with
the profile of an individual be maintained and safeguarded. This is followed through in the
concept of maintaining online identity through the usage of IdMS.
IdMS have allowed the creation of a number of digital identities through which users are
facilitated in identifying their existence in the cyber world. The subscribers of an identity
management system are allowed to maintain their profile and are allowed to access the Web
services associated with the IdMS. The unique identity of an individual is used to maintain
personal information associated with the virtual profile. It also allows the maintenance of
confidential information regarding the profile.
The service is offered through the effective usage of an integrated approach allowing the users
to access various online services through various service providers. The integration of the IdMS
and expansion of the affiliated websites depends on the subscription of the similar system. The
real-world examples of the IdMS can be explained in terms of a single log-in allowing various
services to be accessed through a single log-on, for example, Facebook connect, PayPal Access
and Microsoft Passport.
A number of technological advancements are used to integrate the usage of the affiliated
websites. These websites are either maintained through the same IdMS, or through partner
companies’ websites. However, there is also a possibility of a number of companies using
similar IdMS and enabling each other’s access to the system. The access rights of the user are
also a notable concern in the system.
Chapter 2: Literature Review (Identity Management Systems)
27
2.5 Characteristics and Features of Identity Management Systems
2.5.1 The Laws of Identity
IdMS are based upon a set of principles called the Laws of Identity (Cameron 2005). The laws
were proposed, debated, and distinguished through a long-running, open and continuing
dialogue on the Internet. They have been widely acknowledged both in academia and in
practice. These seven essential laws explain the successes and failures of IdMS that can be
applied to identity on the Internet (Bertocci, Serack & Baker 2007; Adje & Olesen 2011). IdMS
functionality is based on these laws (Bertocci, Serack & Baker 2007; Poetzsch et al. 2009). The
implication of these laws is discussed further in chapter 4 (see Section 4.10.2).The laws are
summarized in Table 2.2.
Table 2.2: The Laws of Identity (Source: Cameron 2005) Law Explanation
User Control and Consent Identity systems must only reveal information identifying a user with the user's consent.
Minimal Disclosure for a Constrained Use
The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution.
Justifiable Parties
Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
Directed Identity
A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
Pluralism of Operators and Technologies
A universal identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple identity providers.
Human Integration
The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human–machine communication mechanisms offering protection against identity attacks.
Consistent Experience across Contexts
The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
2.5.2 Functions of Identity Management Systems
This section investigates and provides the basic functions of IdMS that represent the principal
design attributes of IdMS. These functions are as follows:
Chapter 2: Literature Review (Identity Management Systems)
28
Access, control, and creation management: IdMS are used in computers and
communications to access specific services and to control the management of identity.
The principle of designing IdMS was to put users into the middle of transactions
between identity providers and relying parties in a user-centric IdM paradigm. This
paradigm moves the control of digital identities from service providers (SPs) to the
users. Thus, users can decide which identities are required to be shared with other
trusted parties and under what circumstances (Cao & Yang 2010). IdMS integrate many
technologies employed in a user’s identity management and resource access control
(Bertocci, Serack & Baker 2007; Vossaert et al. 2013). IdMS provide creation,
maintenance and deletion of user identities, which represents the lifecycle of identity
Identity provisioning (self service): This refers to the definition, creation and
management of identity information in electronic relationships between individuals and
the organization for account creation and maintenance purposes (Maler & Reed 2008).
Identity provisioning provides portals (including self-service portals) for aspects of
identity management (Balasubramaniam et al. 2009). This functionality can be
implemented by using user registration or enrolment and several levels of assurance that
the user is who they claim to be (pre-authentication) (Satchell et al. 2006). For example,
in online banking, the account owner is required to provide a user ID, a password or
biographical information that is associated with the account (Balasubramaniam et al.
2009).
Chapter 2: Literature Review (Identity Management Systems)
32
Single sign-on/single sign-off: This function allows a user or a system to provide
identification, a password and other information to gain access to multiple resources
(Balasubramaniam et al. 2009). The offerings of the single sign-on system allow the
users to create a log-in on one system and to gain access to related systems at the same
time. The facility enables the users to avoid multiple log-in attempts and the efforts of
repeatedly providing identity authentication information. These resources are effective
where a federated site log-on is administrated. The coalition of resources is available for
users through the single authentication system allowing users to validate their
information at once (Armando et al. 2013). The major techniques used to implement the
federated SSO are the Kerberos-based system and the smart card system (Bertino &
Takahashi 2010; Baldoni 2012). The Kerberos system utilizes the technique of ticket
granting ticket (TGT) in order to allocate credentials, whereas the smart card sign-on
technique makes use of the smart card to log-in to the system (Bertino & Takahashi
2010). This function can also be implemented through technologies such as Security
Assertion Mark-up Language (SAML).
2.6 The Trajectory of Identity Management Systems Migration Users are allowed to create their profiles using the services of various service providers. They
are also entitled to manage these profiles which serve as their online profiles. These profiles are
quite popular in the Internet world such as on social networks. The sharing of the profiles is also
a unique advantage of the service. The online identities through various service providers also
enable the profile information to be accessed through various websites. The exchange of the
identity information allows the migration of the profile information from one platform to
another upon the mutual agreement of users and service providers (O'Brien, Merson & Bass
2007; Armando et al. 2013). However, it is also noted that on various occasions users are
provided with a minimal control over using their services with other website. The trajectory of
the IdMS migration can be understood in relation to the proprietary system and the openness of
Chapter 2: Literature Review (Identity Management Systems)
33
the system to exchanging identity information (Cameron, Posch & Rannenberg 2009; Bertino &
Takahashi 2010).
2.6.1 From Proprietary Identity to Open Identity Exchange
The openness of the IdMS is regarded as the interoperability of the systems, and the user’s
identity is provided to various service providers through the network (Cameron et al 2009).
Interoperability of IdMS refers to the ability to use identity information from one system in
another system (Halperin 2006).The Internet presence of the users is shared with the associated
partners (Bertino & Takahashi 2010). The exchange of information to authenticate the usage of
the service has benefits and limitations at the same time. The open systems architecture is used
to share information across various partner websites.
The platform used to collect information regarding the usage of the proprietary identity is
known as the closed or proprietary systems architecture (Bertino & Takahashi 2010).The closed
or proprietary architecture are denoted as a system which is not available openly and where the
proprietor manages all aspects of the system. The filed security hardware of these systems
cannot be interchanged. This allows the single developer enterprise to design, develop and
maintain the system within the provided framework, and the sharing of the system is not
applicable. The end-user’s security is ensured by the service provider, and the system does not
allow the sharing of information with other organizations (Hovav & Berger 2009). In principle,
the proprietary identity is managed through the prime service provider and openness in the
system is not allowed. This enables the organization to handle security, access rights and
information privacy within the closed architecture. Identity management architecture could be
client-based, server-based or networked-based (Hovav & Berger 2009). The shortcomings of the
system are represented as the non-exchange of information. However, the standard operating
systems, proprietary applications and data gathered through proprietary protocols are integrated
to provide end-user security.
Chapter 2: Literature Review (Identity Management Systems)
34
The integration of IdMS and its application for users with regard to the sharing of information
require the establishment of open architecture (O'Brien, Merson & Bass 2007). The
requirements for the open architecture system can be achieved through the implementation of
security standards for creating, updating and maintaining the identity information of end-users
based on multiple underlying technologies, implementations and providers (Adje & Olesen
2011). These requirements can only be fulfilled after the implementation of a universal
application of standardized models for information and identity security (Bertino & Takahashi
2010). This open exchange of information should have its security system based on the
implementation of techniques and practices for ensuring key personal information. The
exchange of identity information and its usage through various websites allows service
providers to allocate a certain level of access to subscribers (O'Brien, Merson & Bass 2007).
The connectivity of the profiles through various Web systems is also an important aspect of
IdMS (Poetzsch et al. 2009; Bertino & Takahashi 2010).
The phenomenon of interest in this study is the management of online users’ identities on the
Internet. As was discussed previously in Section 2.3, a typical IdMS consists of three parts:
user; service provider (SP) and identity provider (IdP). Using this three-part framework, we
next analyze the relative openness of three types of IdMS: isolated model, centralized model
(Web single sign-on) and decentralized model. These three models characterize the trajectory of
IdMS since they have different standards and platforms with relatively different degrees of
openness (Josang & Pope 2005; Dhamija & Dusseault 2008; Poetzsch et al, 2009; Scudder &
Josang 2010; Alpar, Hoepman & Siljee 2011; Ferdous & Poet 2012). The purpose of adopting
an IdMS is to manage different identities with multiple Web services. Towards this end, an
IdMS user needs to establish a relationship with an IdP and SP in place. These parts are
described in the following section.
Chapter 2: Literature Review (Identity Management Systems)
35
2.6.2 Identity Management System Models
The extant literature identified several types of models of IdMS (Bauer et al 2005; Josang &
Pope 2005; Dhamija & Dusseault 2008; Lips & Pang 2008; Cao & Yuan 2010; Alpar, Hoepman
& Siljee 2011; Ferdous & Poet 2012). This study chooses to make the distinction and
classification of three types of model – isolated model, centralized model and decentralized
model – as we focus on the latter two approaches, and because of their differences in
architecture and standards and their different impact on security, privacy and usability issues
et al. (2010) recommended an architecture that allowed a single smart card to be used in a
Chapter 2: Literature Review (Identity Management Systems)
51
dynamic, multiple-application environment. This architecture would protect all information
communicated between the smart card and a specific application through the use of one-time
passwords, maintaining the privacy of the person. Marmol, Girao and Perez (2010) recently
submitted a Trust and Reputation Management proposal (one of the first applied in IdMS)
called TRIMS that recommended a domain that must decide whether or not to exchange
necessary information with another domain, depending on its trustworthiness and reputation.
Finally, the general perspective in IdMS research emerged as a key category in the analysis of
the literature. Papers in this category discussed general IdMS issues, and the category had a
broad, unspecific focus. The Future of Identity in the Information Society (FIDIS) Network of
Excellence provides rich information on the IdMS topic. For instance, Bauer et al. (2005)
provided a systematic review of current IdMS. For an overview of recent developments in
IdMS, see Meints (2009). Poetzsch et al. (2009) provided an overview of the features and
requirements for FIMS and analyzed four FIMS frameworks (Liberty Alliance, Shibboleth,
privacy and identity management for Europe project (PRIME) and Information Cards) on the
basis of user requirements. Dhamija and Dusseault (2008) identified seven flaws or design
challenges that should be fixed before the general community will use and accept IdMS. These
flaws included identity task facilitation, ease of use and understanding, cognitive scalability (the
user's overall cognitive burden), information disclosure, mutual authentication, consumer
experience and trust. Dhamija and Dusseault (2008) argued that these aspects are important for
achieving secure usage and wide acceptance of such systems, thus enabling users to make
suitable decisions about privacy. Ferdous and Poet ( 2012) provided a comparative analysis of a
number of IdMS (i.e. OpenID, Liberty Alliance, Shibboleth, PRIME, Information Cards and
OAuth) against a set of requirements for the privacy-enhancement of IdMS. They found that
none of these IdMS were ideal in providing privacy-preservation yet were usable.
The analysis indicated that a large proportion of IdMS research has focused on technical issues,
and little research has focused on the individual or business levels. This result is consistent with
Seltsikas and O‘Keefe’s (2010) and Jensen (2012) argument that IdMS research from both the
Chapter 2: Literature Review (Identity Management Systems)
52
business and user perspectives is limited. This suggests that business and individual areas need
more thorough development in future research.
2.8.3.3 The nature of research To investigate the nature of IdMS research (research method and data collection), a
classification was needed to categorize the selected publications. The strategy used for this
classification depended on whether the IdMS literature was dominated by intuition-based
reasoning and conceptual analysis or by empirical examination (Hirschheim 1991). In this case,
empirical research was considered to be all research originating in or based on observation or
experience, independent of whether the researcher gathered data through primary or secondary
data collection. Papers based on academic literature reviews and on intuition-based reasoning
were classified as conceptual research. Studies with an unclear nature of research were
classified as ‘not available’. Regarding these classifications, 20 publications (18.9%) used
empirical research, 76 (71.7%) were conceptual, and 10 (9.4%) were ‘not available’ (see Figure
2.11). Much of the literature was descriptive, dominated by intuition-based reasoning and
conceptual analysis rather than empirical investigation. Given that IdMS is still in an early stage
of development, much of its research is geared toward a conceptual examination aimed at
building the foundations on which future research may be established.
As we mentioned previously, empirical investigation has been limited in the IdMS literature.
The use of quantitative and qualitative methods as methodological approaches was limited. Of
20 empirical studies, 10 used qualitative methods, including interview, focus groups and
documentary evidence, with another nine studies using quantitative methods including survey,
observational data, mathematical model, event study, experiment, model checking and empirical
evaluation techniques. One study used mix-methods research (see Figure 2.9).
Chapter 2: Literature Review (Identity Management Systems)
53
Figure 2.9: Classification of IdMS empirical research based on research methods used
2.8.3.4 The TFI layers Having identified the different perspectives of IdMS research, the analysis of the literature was
framed and classified using the TFI model, which was previously introduced. The analysis
focused on how each of the selected papers related to the technical, formal or informal layers.
After careful classification, we found that 47 (44.4%) studies were technical, 43 (40.6%) were
formal and 16 (15%) were informal. Figures 2.10 and 2.11 show the publication distribution for
each layer classified by each perspective identified in this study.
The findings illustrated that the technical layer was dominant, and that a reasonable amount of
research had been undertaken in this category. Also, it appeared that the formal layer was well
studied in previous research. The informal research layer has had little attention.
In the informal layer, previous IdMS studies considered the perspective of legislation, such as
IdMS perceptions in an e-government context (Grimsley & Meehan 2007; Aichholzer & Straub
2010; Seltsikas & O‘Keefe 2010). There is a lack of research reported in the academic literature
that focused on Web-based IdMS and investigated self-regulation IdMS, such as that in e-
commerce and social media (Roussos, Peterson & Patel 2003; Adjei & Olesen 2011). Therefore,
Mixed Methods5%
Interview25%
Focus Group10%Documentry
Evidence10%
Survey15%
Observational Data10%
Mathimatical Model
5%
Event Study5%
Experiment10%
Empirical Evaluation
5%
Chapter 2: Literature Review (Identity Management Systems)
54
more research is needed focuses on self-regulatory IdMS that assumes rational behaviour from
online users consenting to services in exchange for the release of identity information.
When the findings of the previously categorized perspectives were examined (according to the
research focus and the nature of research), it was found that the analysis results accurately
corresponded to the TFI layers identified here. Most publications categorized within the
technological perspective corresponded to the technical layer of the TFI model. This finding is
consistent with Halperin’s (2006) argument that this type of research is characterized by the
exclusive attention given to the technical component of IS where identity and IdMS issues were
viewed though a purely technological lens. The technical perspective corresponds, to a certain
extent, to the formal layer, but the informal context of technology is almost never addressed.
The individual and business perspectives corresponded almost equally to the formal and
informal layers. The technical layer corresponded to the perspectives of businesses, providers
and, to a certain extent, of the individual users. Finally, the formal layer of the TFI model
corresponds directly to broad IdMS research, but the technical and informal contexts of general
issues are reasonably addressed (Figure 2.10).
Figure 2.10: Distribution of research focus perspectives over the TFI categories
30
7
3
7
10
10
8
15
6
6
4
0 5 10 15 20 25 30 35 40 45
Technological
Business
Individual
General
Technical Formal Informal
Chapter 2: Literature Review (Identity Management Systems)
55
The categorized research process also found that the categories corresponded to the TFI layers.
Most papers categorized within empirical and conceptual research corresponded to their
respective layer in the TFI model. However, the ‘not available’ category only corresponded to
the technical and formal layers (see Figure 2.11). The analysis found that empirical studies were
emerging but comprised a minor amount of research; the informal layer was adequately
addressed in the empirical research category, and the formal and technical layers had been
researched less. Quantitative research was not adequately represented, and just one study
employed the mix method. Conceptual research primarily corresponded to both the technical
and formal layers, but it also adequately corresponded to the informal layer. This indicates that
there is little exploration about IdMS from an informal perspective. Thus, further research to
explore and conceptualize users’ perceptions of IdMS is needed.
Figure 2.11: Distribution of IdMS by nature of research over the TFI categories
It is clear that empirical research in IdMS has limited documentation compared to the
conceptual type of work in all three layers of the TFI model. These findings also showed that
there was a lack of informal-type IdMS research within different perspectives identified in this
study. Figure 2.12 presents the IdMS research framework, providing all maps between the IdMS
perspectives identified in this study.
3
38
3
3
35
7
14
3
0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80
Empirical research
Conceptual research
Not available
Technical
Formal
Informal
Chapter 2: Literature Review (Identity Management Systems)
56
Figure 2.12: Identity management systems research framework Note 1: (x) indicates the number of studies in each category that was identified in this study. Note 2: studies classified with a ‘not available’ nature of research (10) are not included in this framework.
2.8.3.5. Application areas A wide range of application areas appear relevant to IdMS research, emphasizing the
importance of sectoral analysis in this emerging field of research. However, it is still very early
to allocate IdMS across entire sectors of corporate activity. Table 2.6 presents the classification
that was developed and applied to each paper. This classification sought to reflect the
application domain and primary topic of research.
Four application areas were dominant in the retrieved IdMS research. The most common
application was IdMS technologies and services (16%) which were usually approached from a
technical perspective. This application was approached in a very broad manner with several
studies focused on a specific type of identity management technology. Federated identity
management (FIM) and government topics also emerged as equally popular applications,
yielding 15% and 11% of studies respectively in each application. Most studies of government
applications highlighted and developed IdMS issues faced by stakeholders in government. The
Chapter 2: Literature Review (Identity Management Systems)
57
architecture and paradigm topic was the third emergent application (9%), and it was typically
drawn from a general, formal perspective. The final dominant applications that emerged were
crime detection and forensics and commerce/business applications, which yielded 8% and 7%
of the research respectively. Research related to crime detection and forensics considered IdMS
in relation to risk management and regulation, highlighting the critical challenges that
cybercrime poses and providing some concerns about identity theft and fraud. Studies focused
on commerce/business applications addressed the significance of IdMS as a vital marketing tool
for commercial enterprise. In addition; they addressed IdMS trust issues, discussing the
relationship between customers and service identity providers in e-commerce and financial
applications.
Table 2.6: Distribution of IdMS studies according to their applied application
Application Number % Application Number %
Technologies and Services
17 16 Education 3 3
Federated identity management
16 15 Social network 3 3
Government 12 11 E-transaction 2 2
Architecture and paradigms
10 9 Online community 2 2
Crime detection and forensics
8 8 Mobile 1 1
Business/commerce 7 7 Culture
1 1
Privacy enhancing technologies
6 6 Personalized services
1 1
Design 6 6 Ethics 1 1
Terminology 5 5 Information society 1 1
Online identity 3 3 Digital ecosystem 1 1
Total 90 100
Privacy-enhancing technologies, design and terminology areas were adequately documented in
the current literature, yielding 6%, 6% and 5% of the studies, respectively. Studies related to
privacy-enhancing technologies and design applications emerged from the technical level while
research focused on terminology emerged from the informal layer. Education, social networks,
Chapter 2: Literature Review (Identity Management Systems)
58
electronic transactions and online community applications were less frequently explored areas
in IdMS research. It was also remarkable that, among previous studies, only one paper’s main
topic was the use of IdMS in mobile and personalized services. Appendix 2.2 provides a
classification of research according to its application area.
2.8.4 Identity Management System Challenges
Our digital identities are essential to our interactions in the online world. However, IdMS that
manage and control digital identities face many challenges. Challenges associated with the
Internet stem from a lack of widely-deployed and easily-understood secure identity solutions
(Daemen & Rubinstein 2006).
Ongoing studies in IdMS encounter many challenges regarding the balance between usability,
privacy and security. Hence, suitable frameworks are needed that bring these sometimes
disparate aspects together with technical solutions that provide liability incentives for end-users
(Landau, Gong & Wilton 2009). A usable solution for mutual authentication has yet to be
proposed and developed in which both users and providers are required to provide credentials,
and the providers are authenticated to the users and vice versa (Josang & Pope 2005; Landau,
Gong & Wilton 2009). The existing literature has identified some major challenges to IdMS
which are mainly associated with design, usability, interoperability, privacy, security, trust, cost
and adoption (see Table 2.7).
Table 2.7: Identity management system challenges Perspective Challenge References
Design Dependencies, complex trade-offs and new user requirements.
Dwivedi et al. 2008; Williams, Rana & Dwivedi 2011; Venkatesh, Thong & Xu 2012). The aim
of this chapter is to establish the theoretical foundations of the current study by reviewing a
number of models and theories on user adoption of IS/IT, and identifying factors that affect
individual acceptance of IS/IT and WBST that could influence user adoption of IdMS.
This chapter is organized as follows. Firstly, the chapter defines ‘user adoption of new
technology’ and discusses the adoption phases of IT use. Secondly, this chapter presents a
review of a number of well-known models and behavioural theories on user adoption of IS/IT.
Thirdly, it provides a review of the literature on user adoption of WBST and presents a general
analysis and the findings of the literature. Fourthly, it identifies the factors included in this study
that affect user adoption of IdMS which have been examined in relation to individual adoption
Chapter 3: Literature Review (IS/IT Adoption)
68
of WBST. Finally, the chapter highlights the gaps identified in the literature and develops the
research questions.
3.2 Defining ‘User Adoption of Technology’ System acceptance/adoption is significant in measuring the success of IS/IT applications
(DeLone & McLean 1992). Determining user adoption of a technology is an important but
difficult part of human factors’ applications and research (Dillon 2001).User
acceptance/adoption is defined as “the demonstrable willingness within a user group to employ
information technology for the tasks it is designed to support” (Dillon & Morris 1996, p.4).
According to innovation diffusion theory (Rogers 2003), technology acceptance/adoption refers
to a process by which the new technology is selected for use by an individual or an
organization. User acceptance/adoption has been viewed as the crucial factor in determining the
success or failure of any technology (Davis 1993). Consequently, both technology adoption
researchers and practitioners are less interested in unplanned uses or non-use of technologies
and more concerned with understanding the factors impacting on the adoption of technologies
as intended by users who have a number of degrees of choice (Dillon & Morris 1996; Dillon
2001).
3.3 Adoption Phases When we examine individual’s beliefs and perceptions toward adoption of a product, it is
important to distinguish between adoption phases because, according to the theory of reasoned
action, studies need to be specific as to the target behaviour of interest (Ajzen & Fishbein 1980;
Karahanna, Straub & Chervany 1999). IS research suggests that initial adoption (or pre-
adoption) and post-adoption (or acceptance) are the two adoption phases of IT usage
(Karahanna, Straub & Chervany 1999; Bhattacherjee & Premkumar 2004). At the initial
adoption phase, end-user beliefs and perceptions are captured prior to adoption or after first
experience, with antecedents of usage for non-experienced users (Karahanna, Straub &
Chervany 1999). This phase differs in approach with the post-adoption phase which identifies
Chapter 3: Literature Review (IS/IT Adoption)
69
users’ beliefs about usage behaviour after they have already adopted and are using the
technology along with more experienced users (Karahanna, Straub & Chervany 1999). Initial
adoption beliefs are formed principally based on indirect experience (affect or cognition) with
technology whereas post-adoption usage beliefs are formed derived from past experience
(Karahanna, Straub & Chervany1999). For example, before using a particular technology, users
can build their initial beliefs and perceptions based on similar technologies or others’ opinions
about the technology (Wang & Benbasat 2005; Li et al. 2008). The dependent variables in post-
adoption studies are the ‘intention to use’ or ‘continue to use’ or the current level of usage
while, for initial adoption, these should be the behavioural intention such as the ‘intention to
use’ or ‘intention to adopt’ (Karahanna, Straub & Chervany 1999). However, previous research
has suggested a strong relationship between users’ pre-implementation expectations of a new
technology and their post-implementation experiences with the technology (Staples, Wong &
Seddon 2002).
The current research focuses on the initial adoption of IdMS for the following reasons. Firstly,
IdMS technologies and services are at the early stage and users do not have experience in using
them (Friedman, Crowley & West 2011; Landau & Moore 2012; Wang, Chen & Wang 2012).
Based on a diffusion of innovations perspective, users initially seek information about an
innovation which forms their attitude towards the innovation and their subsequent adoption
decision (Rogers 2003). The decision to willingly adopt a new technology is affected by users’
initial beliefs and perceptions of the technology’s characteristics (Moore & Benbasat 1991;
Rogers 2003). Therefore, initial beliefs are needed in a relationship in which the user does not
yet have meaningful or credible information about the technology (McKnight et al. 2002;
Belanger & Carter 2008). Secondly, because adoption is a dynamic process that develops over
time, researchers have noted the importance of studying the initial adoption, particularly in
cases of novel technology, such as IdMS, where users must overcome perceptions and risk
beliefs, before using the technology (McKnight et al. 2002; Gefen, Benbasat & Pavlou 2008; Li
et al. 2008; Luo et al. 2010). Thirdly, previous studies investigated the initial adoption of Web-
Chapter 3: Literature Review (IS/IT Adoption)
70
based applications and have found that initial beliefs and perceptions have a strong effect on
individual behavioural intentions towards novel technologies (Wang & Benbasat 2005; Li et al.
2008; Luo et al. 2010). Therefore, an investigation of the users’ initial adoption beliefs and
perceptions would enhance our understanding of why they adopt or reject the use of IdMS.
3.4 Review of Existing Technology Adoption Models and Theories During the previous years of IS research, a varied body of theoretical work has been gathered on
the diffusion and adoption of IT-based innovations. From a theoretical point of view, IS/IT
adoption and innovation research has tested many determining models and theories (see Table
3.1). Some of these theoretical models focus on the individual adoption of technology (e.g. the
technology acceptance model and the theory of planned behaviour) while other models have
focused on implementation success at the organizational level (e.g. the tri-core model and the
diffusion/implementation model). This study provides a review of theoretical models that have
focused on the individual level.
Table 3.1: Theories used in individual and organizational IT adoption research (adopted from Jeyaraj, Rottman & Lacity [2006])
Theory
Main author(s) Used in individual adoption studies
Used in organizational adoption studies
Innovation Diffusion Theory (IDT) Rogers (1983, 1995) X X
Perceived Characteristics of Innovations
Moore and Benbasat (1991)
X
Social Cognitive Theory (SCT) Bandura (1986) X
Technology Acceptance Model (TAM) Davis (1989) X
Technology Acceptance Model II (TAM2) Venkatesh et al. (2000)
X
Theory of Planned Behaviour (TPB) Ajzen (1991) X
Task–Technology Fit (TTF)
Goodhue and Thompson (1995)
X X
Theory of Reasoned Action (TRA) Fishbein and Ajzen (1975)
X
Unified Theory of Acceptance and Use of Technology (UTAUT)
Venkatesh et al. (2003)
X
Diffusion/Implementation Model Kwon and Zmud (1987)
X
Tri-Core Model Swanson (1994) X
Chapter 3: Literature Review (IS/IT Adoption)
71
The motivation for reviewing user adoption of IT models/theories was to provide a solid
theoretical foundation for the current research. The models/theories described in this literature
review were based on two criteria: 1) they focus on the individual behaviour level which is the
focus of this study; 2) they have in common the behavioural intention or/and the usage of
technology as the key dependent variable which could be suitable for investigating user
adoption of IdMS. Researchers have pointed out that the role of intention as a predictor of
behaviour (e.g. usage) is crucial, and this has been well established in the IS field (Ajzen 1991;
Taylor & Todd 1995; William et al. 2009; Venkatesh, Thong & Xu 2012). Therefore, applying
the technology adoption theories and understanding the different factors that act as drivers for
behavioural intention could be a consistent vehicle for understanding the adoption of IdMS.
Ten models/theories that meet the criteria mentioned above emerged from the literature review:
(1) theory of reasoned action (TRA); (2) theory of planned behaviour (TPB); (3) technology
acceptance model (TAM); (4) innovation diffusion theory (IDT); (5) unified theory of
acceptance and use of technology (UTAUT); (6) task–technology fit (TTF); (7) integrated TAM
and TTF model; (8) social cognitive theory (SCT); (9) cognitive dissonance theory (CDT); and
(10) the trust–risk framework.
These models/theories and their applicability for investigating user adoption of IdMS are
discussed in the following sub-sections.
3.4.1 Theory of Reasoned Action
The theory of reasoned action (TRA) is one of the most influential and fundamental theories of
human behaviour (Malhotra & Galletta 1999). The TRA has been drawn from social
psychology (Fishbein & Ajzen 1975; Venkatesh, et al. 2003). According to this theory, an
attitude towards a given behaviour and a subjective norm will impact on the behavioural
intention which results in an actual behaviour (Fishbein & Ajzen 1975) (see Figure 3.1).
Attitude towards behaviour can be defined as “an individual's positive or negative feelings
(evaluative affect) about performing the target behaviour” (Fishbein & Ajzen 1975). Subjective
Chapter 3: Literature Review (IS/IT Adoption)
72
norms refer to “the person's perception that most people who are important to him think he
should or should not perform the behaviour in question” (Fishbein & Ajzen 1975, p. 325).
Although the TRA is among the major theories of human behaviour and is widely used in social
psychology, it has some limitations (Malhotra & Galletta 1999). These limitations include a
significant risk of confusion among norms and attitudes as norms could be reframed as attitudes
and vice versa. Another limitation is the assumption that when the individual forms an intention
to act, she/he will be free to act without limitation (Ajzen 1991).The theory of planned
behaviour (TPB) tries to address these limitations (Malhotra & Galletta 1999).
Figure 3.1: Theory of reasoned action (TRA) (Source: Fishbein & Ajzen 1975, p. 302)
3.4.2 Theory of Planned Behaviour
The theory of planned behaviour (TPB) is anchored in the theory of reasoned action (TRA)
(Ajzen 1991). The TPB modifies the TRA by incorporating the construct “perceived
behavioural control” to address situations in which individuals lack substantive control over a
certain behaviour (Ajzen 1991). The TPB proposes that behaviour can be explained by
behavioural intention which is impacted by attitude, subjective norms and perceived
behavioural control (see Figure 3.2). As the TPB was derived from the TRA, the determinants,
attitude and subjective norms, are defined in similar ways. Perceived behavioural control is
defined as “the perceived ease or difficulty of performing the behaviour” (Ajzen 1991, p. 188).
The TPB is constructed in psychology and has not been widely used in the IS field (compared
with other models such as the TAM). Nevertheless, several IS researchers (Venkatesh & Davis
Chapter 3: Literature Review (IS/IT Adoption)
73
2000; Sun & Zhang 2006; Lee 2009b) have successfully applied this theory to the
understanding of individual acceptance and usage of diverse technologies. TPB is often praised
for including the influence of social factors (subjective norms) on technology acceptance (Lee
2009b). As the focus of the current study is the adoption of IdMS, which is considered as an
example of the acceptance of innovative technology intertwined with social systems and
personal characteristics, using TPB variables for our research model could provide a suitable
framework to examine user adoption of IdMS.
Figure 3.2: Theory of planned behaviour (TPB) (Source: Ajzen 1991, p. 182)
3.4.3 Technology Acceptance Model
In the context of IS, the technology acceptance model (TAM) has been used to study attitudes
towards a new technology and its acceptance. The TAM, which was proposed and developed by
Davis (1989), is widely used to describe the technology acceptance procedure within diverse
contexts. Of the models that have been proposed and examined, the TAM is arguably the most
widely accepted (Taylor & Todd 1995). The theoretical foundation for the TAM is based on the
TRA (Fishbein & Ajzen 1975). However, unlike the TRA, the conceptualization of the TAM
excludes the attitude construct in order to explain intention parsimoniously (Venkatesh et al.
2003).
The TAM presents two independent variables: perceived usefulness (PU), which is defined as
“the degree to which a person believes that using a particular system would enhance his or her
job performance” (Davis 1989, p. 320); and perceived ease of use (PEOU), which is defined as
Chapter 3: Literature Review (IS/IT Adoption)
74
“the degree to which a person believes that using a particular system would be free of effort”
(Davis 1989, p. 320). The TAM suggests that beliefs about ease of use and usefulness are
essential elements in determining user attitude towards using a new technology (Davis 1989),
whereas perceived usefulness has an effect on the use and “intention to use” (Davis, Bagozzi &
Warshaw 1989) (see Figure 3.3). The TAM is probably one of the most often used theoretical
models found in the IS literature. In early 2013, a search on Google Scholar found 14,574
citations of ‘TAM; Davis (1989)’ and 8,196 citations of ‘Davis, Bagozzi and Warshaw (1989)’.
Figure 3.3: Technology acceptance model (TAM) (Source: Davis, Bagozzi & Warshaw 1989, p. 985)
There are extended versions of the TAM. Venkatesh and Davis (2000) presented TAM2,
extending the original TAM to include subjective norms as an additional predictor of intention
in the case of mandatory settings. Venkatesh and Bala (2008) provided TAM3 which suggests
that perceived usefulness and perceived ease of use are driven by a number of other external
factors, such as individual differences, system characteristics, social influence and facilitating
conditions.
As the importance of individual characteristics is stressed, some variables have been suggested
to extend the original TAM (Kown & Wen 2010). New external variables and perceived
constructs have extended the TAM in accordance with the specific characteristics of the
technology, such as individual, task and system characteristics. Moreover, some researchers
Chapter 3: Literature Review (IS/IT Adoption)
75
have argued that basic models might not be sufficient to explain the adoption and use of diverse
types of technologies and services where specific features of the technology might play a
significant role (Mallat 2007). Thus, it is important to add some explanatory variables into the
TAM. King and He (2006) defined four main categories for external factors to extend the core
TAM model. These factors are as follows:
• Prior factors (or the inclusion of external precursors), such as situational involvement,
personal computer self-efficacy and prior usage or experience
• Factors suggested by other theories, such as task–technology fit, trust and risk
• Contextual factors, such as gender, culture and technology characteristics that may have
moderator effects
• Consequence factors, such as attitude and actual usage (see Figure 3.4).
Legris, Ingham and Collerette (2003) noted that there is no clear pattern with respect to the
choice of the external variables considered. Previous studies have listed various external
variables, such as demographic variables (Venkatesh et al. 2003); trust (Cho 2006; Ha & Stoel
2010); perceived enjoyment (Lingyun & Dong 2008; Sun & Zhang 2008), personal
innovativeness and social identification (Gwebu & Wang 2011; Lee et al. 2012); cost (Chong,
Chan &Ooi 2012) and future usefulness (Behrend et al. 2011) (see Appendix 3.1 for more
details). These studies confirm that external variables are completely mediated by perceived
ease of use and perceived usefulness; thus, the addition of such variables contributes slightly to
the explanation of the variations in system use. In fact, external variables provide a better
understanding of what influences perceived ease of use and perceived usefulness as their
presence shows the actions needed to encourage greater use (Lee, Kozar & Larsen 2003;
Bagozzi 2007).
Chapter 3: Literature Review (IS/IT Adoption)
76
Figure 3.4: The original TAM model and four categories of modifications (Source: King & He 2006, p. 641)
Some TAM-based empirical studies have provided meta-analyses and critical reviews (Lee,
Kozar & Larsen 2003; Legris, Ingham & Collerette 2003; King & He 2006; Bagozzi 2007;
Hirschheim 2007; Turner et al. 2010). These studies have confirmed the robustness of the TAM
model; however, some researchers have stressed that there are several limitations of the model
(Legris, Ingham & Collerette 2003; Bagozzi 2007). In general, criticism of the TAM is
categorized into three classes: (1) the methodology used for the TAM model; (2) the variables
and the relationships within the TAM model; and (3) the most significant limitation which is the
core theoretical foundation underlying the TAM model (Legris, Ingham & Collerette 2003;
Bagozzi 2007).
In their empirical research using the TAM, Legris, Ingham and Collerette (2003) noted that the
analysis of the results was not totally clear. They suggested that significant factors are not
included in the model. They concluded that the TAM is a useful model, but that it has to be
integrated into a broader model that included variables related to both human and social change
processes, and to the adoption of the innovation model. Bagozzi (2007) pointed out that that
there are poor theoretical relationships between different constructs formulated in the TAM. He
disputed that the intention and actual use relationship is theoretically strong, and noted that
behaviour could not be supposed to be a terminal goal. As an alternative, Bagozzi proposed that
Chapter 3: Literature Review (IS/IT Adoption)
77
behaviour must be treated as a means to a more primary goal. He also highlighted the possibility
of determining behaviour by adding measures for perceived usefulness and perceived ease of
use. In addition, he concluded that the TAM was a deterministic model and. thus, an
individual’s use was assumed to be fully determined by their intention to use. However, he
argued that an individual’s intention could be subjected to reflection and evaluation, which
might direct the person to reformulate his/her intention. Therefore, Bagozzi asserted that the
basic TAM model could not be appropriate for predicting and explaining system use.
Accordingly, to overcome the limitations of TAM, the current study adopts TAM constructs:
PU and PEOU (see Section 3.6.1) and extended the conventional TAM with new perceived
constructs and external factors (see Section 3.6). Moreover, this study integrated TAM variables
with some constructs suggested by other models, such as TTF and TPB, to provide better
understanding and prediction of the adoption of IdMS as discussed further in detail in Chapter
4.
3.4.4 Innovation Diffusion Theory
The innovation diffusion theory (IDT) was proposed by Rogers (1995, 2003). Rogers (1995)
visualized innovation adoption as a procedure through which an individual passes from initial
knowledge of an innovation, to forming an attitude towards the innovation, to a decision to
adopt or reject it, to the implementation of the new idea and then to confirmation of this
decision. According to Rogers (1995), diffusion theory categorizes five characteristics of
perceived innovations of acceptance of a technology:
• Relative advantage: “the degree to which an innovation is perceived as better than the
idea it supersedes”
• Compatibility: “the degree to which an innovation is perceived as being consistent with
the existing values, past experiences and needs of potential adopters”
• Complexity: “the degree to which an innovation is perceived as difficult to understand
and use”
Chapter 3: Literature Review (IS/IT Adoption)
78
• Trialability: “the degree to which an innovation may be experimented with on a limited
basis”
• Observability: “the degree to which the results of an innovation are visible to others”.
Rogers (2003) proposed that innovations with high relative advantage, trialability, compatibility
and observability and with less complexity would be adopted more rapidly than other
innovations with the opposite characteristics. In particular, relative advantage, compatibility and
lack of complexity have the greatest influence (Dillon 2001). Other researchers have suggested
the additional factors of image and trust to extend Roger’s model (Barnes & Huff 2003):
• Image: “the degree to which adoption and use of the innovation is perceived to
enhance one’s image or status”
• Trust: “the extent to which the innovation adopter perceives the innovation
provider to be trustworthy”.
Research models directly based on IDT often produces unsatisfactory findings in empirical tests
(Agarwal & Prasad 1998; Wu &Wang 2005).Although some IDT variables, such as compability
and relative advantage, have been successfully used to explain intention to use IT (Taylor &
Todd 1995; Karahanna, Straub & Chervany 1999; Wu &Wang 2005; Yang et al. 2012),
empirical evidence has shown that some variables employed in established theories, such as
TAM and TPB, which provide theoretical linkages between beliefs, attitudes, intentions, and
actions; are a better mechanism for explaining user adoption decision and behaviour (Taylor &
Todd 1995; Legris, Ingham & Collerette 2003; Venkatesh et al. 2003; King & He 2006;Turner
et al. 2010). As the current research aims to examine users’ beliefs, intentions and the linkage
between them toward IdMS adoption, IDT might be an inapplicable approach.
3.4.5 Unified Theory of Acceptance and Use of Technology
In 2003, a unified theory of acceptance and use of technology model (UTAUT) was established
with the aim of integrating the eight main competing user acceptance models (Venkatesh et al.
2003). The
reviewed in
model of P
the technol
Todd 1995
In the UTA
intention a
conditions.
expectancy
influence i
believe he
conditions
infrastructu
of the UTA
age, exper
technology
Figure 3
e integrated
n addition to
PC utilization
logy acceptan
); and social
AUT model
are performa
Performanc
y refers to pe
is defined a
or she shou
are “the deg
ure exists to
AUT model i
rience and v
y adoption an
3.5: Unified th
models inclu
o the motiva
n (MPCU) (T
nce model an
cognitive th
l illustrated
ance expect
ce expectanc
erceived ease
as “the degre
ld use the ne
gree to which
support use
is that it cons
voluntariness
nalysis.
heory of acce
C
7
uded the TR
ational mode
Thompson, H
nd the theory
heory (SCT)
in Figure 3
tancy, effort
cy is closely
e of use (Ve
ee to which
ew system”
h an individ
of the system
siders the ro
s of use, wh
eptance and ual. 2003
Chapter 3: L
79
RA, TAM, T
l (MM) (Da
Higgins & H
y of planned
(Bandura 19
.5, the four
t expectancy
y related to
enkatesh et a
h an individ
(Venkatesh
ual believes
m” (Venkate
le of some m
hich provide
use of technol3, p. 447)
Literature ReTPB and IDT
vis, Bagozzi
Howell 1994)
behaviour (C
986; Compea
major deter
y, social inf
perceived u
al. 2003; Hon
ual perceive
et al. 2003,
that an orga
esh et al. 200
moderating v
es a compre
logy (UTAUT
eview (IS/ITT theories a
i & Warshaw
); a model th
C-TAM-TPB
au & Higgins
rminants of
fluence and
usefulness, w
ng & Tam 2
es that impo
p. 451), and
anizational a
03, p. 453). T
variables, suc
ehensive fra
T) (Source: V
T Adoption)s previously
w 1992); the
hat combined
B) (Taylor &
s 1995).
behavioural
d facilitating
whilst effort
2006). Social
ortant others
d facilitating
and technical
The strength
ch as gender,
amework for
Venkatesh et
) y
e
d
&
l
g
t
l
s
g
l
h
,
r
Chapter 3: Literature Review (IS/IT Adoption)
80
The UTAUT model has distilled the contingencies and important factors related to the
prediction of behavioural intention to use a technology and technology use primarily in
organizational and mandatory contexts (Venkatesh et al. 2003; Al-Gahtani, Hubona & Wang
2007; Venkatesh, Thong & Xu 2012), in a cross-cultural research (Bandyopadhyay &
Fraccastoro 2007) and to examine cultural influence (Im, Hong & Kang 2011). In addition, most
studies applied and tested the UTAUT model to different technologies within a single country
(Al-Gahtani, Hubona & Wang 2007) or compared between two or more countries (Lee et al.
2007a; Im, Hong & Kang 2011). Although some studies (Im, Kim & Han 2008; Zhou 2010)
applied the UTAUT model in a voluntary context which is the focus of this study, they found
insignificant effects of some UTAUT constructs on behavioural intention. Therefore, the
UTAUT model could not be suitable for the current study because we did not focus on an
organizational or mandatory context. Moreover, the model would not deal with a specific
country and did not consider the culture in which the current study was conducted. However, in
our proposed model, some conditions, such as the facilitating conditions of IdMS, based on the
UTAUT were considered.
Recently, Venkatesh, Thong and Xu (2012) extended and developed the UTAUT to UTAUT2
in order to study acceptance and use of technology in a consumer use context. The UTAUT2
(Figure 3.6) incorporates three constructs into UTAUT: hedonic motivation, price value and
habit. Individual differences—that is, age, gender, and experience—are proposed to moderate
the effects of these constructs on behavioural intention and technology use. UTAUT2 could be a
suitable approach for understanding IdMS adoption. As this model was published lately after
the research model had been proposed, this study does not adopt this theory nor any of its
extended constructs.
Chapter 3: Literature Review (IS/IT Adoption)
81
Figure 3.6: Unified theory of acceptance and use of technology2 (UTAUT2) (Source: Venkatesh, Thong & Xu 2012, p. 160)
3.4.6 Task–Technology Fit
Task–technology fit (TTF) was developed by Goodhue and Thompson (1995) in order to gain
an understanding of the link between individual perception and information systems. TTF is
“the degree to which a technology assists an individual in performing his or her portfolio of
tasks. More specifically, TTF is the correspondence between task requirements, individual
abilities, and the functionality of the technology” (Goodhue & Thompson 1995, p. 216). TTF is
a combination of two systems of research streams: the TTF focus and the utilization focus (Cane
& McCarthy 2009). Thus, users should suppose that any given characteristic of a technology
will have diverse effects on acceptance, use and performance depending upon the type of user or
the task requirements (Goodhue, Klein & March 2000). TTF is the extent to which a technology
aids an individual’s acceptance if the functions of the technology (fit) correspond to the tasks
that must be performed (Cane & McCarthy 2009). A system function supports an activity if it
facilitates that activity (Dishaw, Strong & Bandy 2004). Hence, a technology will only be
accepted by individuals if its functions correspond with the tasks to be carried out. TTF models
have four key constructs: task characteristics, technology characteristics, fit between task
characteristics and technology characteristics, and the outcome variable(s) of individual
Chapter 3: Literature Review (IS/IT Adoption)
82
performance and/or technology utilization (see Figure 3.7). The definitions of TTF constructs
are presented as follows:
• Task Characteristics are actions taken by the individual to run inputs into outputs. Task
characteristics are those tasks that a user might use IT to perform.
• Technology Characteristics describe the tools, and include whether the IT is a single
system or a set of systems, policies or services.
• Utilization represents the action of individual using the technology to complete his or
her task. It is important to note that in this context, utilization is a measure of whether a
system is used, not a measure of the duration of its use.
• Performance Impacts imply improved efficiency, effectiveness or quality in the
accomplishment of an individual’s tasks. Performance impact is used as a surrogate
measure of IS success (Cane & McCarthy 2009, p. 110).
Figure 3.7: Basic task-technology fit (TTF) model (Source: Goodhue & Thompson 1995, p. 220)
TTF has been studied using qualitative, quantitative and mixed methods. From the qualitative
perspective, different methods have been employed to study TTF, such as an exploratory case
study (Gebauer, Shaw & Gribbins 2004) as well as individual cases and focus groups (Ip 2005).
Many researchers have extensively examined TTF using quantitative methods. These include
surveys (D’Ambra & Wilson 2004a, 2004b; Lee et al. 2012), experiments (Junglas, Abraham &
Watson 2008) and field studies (Dishaw & Strong 2003). In addition, mixed methods have been
used to test the TTF model, such as Chang’s (2010) study (see Cane and McCarthy [2009] for a
Chapter 3: Literature Review (IS/IT Adoption)
83
detailed discussion). All these studies have led to useful insights into the TTF model and the
effectiveness of utilization technologies.
The TTF model attempts to solve limitations deemed as the major weakness of the TAM
(Dishaw & Strong 1999). One weakness of the TAM in terms of its use for understanding IT
utilization is its lack of task focus. IT is a tool by which the user completes his/her tasks. Thus,
because of the lack of task focus in evaluating IT and its use, performance and acceptance
contribute to the varied results in IT evaluations (Goodhue & Thompson 1995). While the
concept of the TAM's usefulness consists of tasks, the addition of more task characteristics
could provide a better model of IT utilization. The TTF viewpoint addresses this problem
(Dishaw & Strong 1999). Accordingly, even though TTF is not as well-developed as the TAM,
TTF is a significant user evaluation construct in understanding and predicting the utilization of a
particular technology.
3.6.7 Integrated Model of TAM and TTF
An empirical study by Goodhue, Klein and March (2000) noted the difference between the
TAM and TTF. They observed that the TAM seeks to predict use, while TTF seeks to predict
performance. However, Dishaw and Strong (1999) and Moon and Kim (2001) showed that TTF
requires that the influence of a users’ behaviour be taken into account. Goodhue (1995)
proposed that utilization would be affected by TTF through the concept of perceived usefulness,
which is one of the core concepts in the TAM, but he does not provide empirical evidence in his
study. Many researchers have called for further research in which TTF is extended and
integrated with the TAM or vice versa to reinforce the ability to investigate and understand IT
use and provide design suggestions for a specific context (Goodhue 1995; Dishaw & Strong
1999; Legris, Ingham & Collerette 2003; Bagozzi 2007; Goodhue 2007; Cane et al. 2009; Lee et
al. 2012).
The first attempt to combine both the TTF and TAM was made by Dishaw and Strong (1999).
They suggested six paths to link the TAM and TTF (see Figure 3.8). The integrated TTF and
Chapter 3: Literature Review (IS/IT Adoption)
84
TAM model confirms that users’ beliefs regarding ease of use and usefulness are influenced by
characteristics of technology and task. Dishaw and Strong revealed that the integrated model
“provides more explanatory power than either model alone” (1999, p. 9). They found that the
utilization variance explained 36% with the TAM, 41% with TTF and 51% with the TAM/TTF.
Moreover, they noted that the weaknesses of these two models could be compensated for by
connecting them with each other.
Figure 3.8: Integrated TAM/TTF model (Source: Dishaw & Strong 1999, p. 13)
Klopping and McKinney (2004) integrated the TAM and TTF to study e-commerce adoption,
including the intention to shop online and make purchases. Klopping and McKinney found that
TTF affects perceived usefulness and perceived ease of use. They found that the TTF model is a
valuable addition to the TAM for online shopping tasks. They also argued that combined TTF
and TAM models provide a better instrument for predicting customers’ intentions and use rather
than the TAM alone.
Yen et al. (2010) studied users’ intention to use wireless technology using a combined
TAM/TTF model. Their result noted that both the TAM and TTF are robust models. They found
that both perceived ease of use and usefulness significantly affected users’ behavioural intention
Chapter 3: Literature Review (IS/IT Adoption)
85
to use wireless technology. Moreover, their study suggested a new relationship between
perceived usefulness and technology characteristics. This direct and significant influence
indicated that users can decide whether the technology would be helpful in accomplishing their
tasks directly from the evaluation of technology characteristics, rather than from indirect
influence of the perceived ease of use proposed by Dishaw and Strong (1999). Hence, the role
of technology characteristics in determining users’ intention to adopt technology is important
(Yen et al. 2010; Lee et al. 2012). Table 3.2 presents findings of previous studies that have
integrated the TAM and TTF.
Therefore, it is rational to expect a model that integrates both TAM and TTF variables to be
more effective in the explanation and prediction of user adoption of new IT systems such as
IdMS. The current study has integrated TAM constructs (PU and PEOU) with a number of TTF
model variables (fit, task and technology characteristics) to provide a better understanding and
prediction of the adoption of IdMS (see sections 3.6.1, 3.6.2 and 3.6.3).
Table 3.2: Previous studies that integrate TAM/TTF Reference Technology Findings
Dishaw and Strong (1999)
Software utilization
The model provides more explanatory power than either model alone.
Klopping and McKinney (2004)
e-commerce adoption
Support for the use of the TAM to predict online shopping activity, both intention to shop online and to make purchases. Also found that TTF was a valuable addition to online shopping tasks.
Gebauer , Shaw and Gribbins (2004)
Mobile business application
Found inconclusive results for the validity of TTF constructs.
Chang (2010) Online auction Consumer familiarity with the agent’s functionality was positively associated with seven dimensions: online auction site’s task, agent’s technology, task–technology fit, perceived ease of use, perceived usefulness, perceived playfulness, intention to use tool, and negatively associated with perceived risk.
Yen et al. (2010)
Wireless technology
The results indicated that both the TAM and TTF are robust models by themselves. They found that the users’ intention to adopt wireless technology was determined directly by fit between characteristics of task and technology as well as users’ perceived usefulness and ease of use.
Lee et al. (2012)
Mobile financial services
Perceived task technology from a task characteristic view significantly affects perceived usefulness.
Chapter 3: Literature Review (IS/IT Adoption)
86
3.4.8 Social Cognitive Theory
The social cognitive theory (SCT) (Bandura 1986) (also called social learning theory [SLT]) is a
widely accepted theoretical model of individual behaviour and adoption of IT-based
innovations. The SCT provides a framework for predicting, understanding and changing human
behaviour. This theory identifies human behaviour as an interaction of personal factors,
behaviour and the environment (Bandura 1986). The concept of self-efficacy (SE) is a key
element in the SCT. SE refers to an individual’s capability to perform a specific task (Chan &
Lu 2004).
Some studies have found evidence in the relationship between SE and computer use (Compeau,
Higgins & Huff 1999), technology innovation adoption (Chan & Lu 2004) and performance in
Web applications (Liaw et al. 2006). All these studies have found that individuals with high
computer self-efficacy (CSE) are able to use different computer applications, while those with
low CSE perceived their capabilities as limited to particular software or a computer system.
These studies have argued the need for further research to explore the role that SE has in
computing behaviour. The self-efficacy is an important component that comes from users'
beliefs regarding their capability (the skills and resources that they possess) and intentions to
use new IT (Venkatesh et al. 2003; Chan & Lu 2004). The current study attempts to understand
IdMS adoption as a function of an underlying situation of self-efficacy of the users. Hence, the
SCT could be a useful approach for this study.
3.4.9 Cognitive Dissonance Theory
The cognitive dissonance theory (CDT) was developed by Leon Festinger (1957). This theory
has been provided from consumer behaviour research and has been used in a variety of
disciplines including management, marketing, communication, technology adoption
(Karahanna, Straub & Chervany 1999) and IT usage (Bhattacherjee & Premkumar 2004).
According to this theory, use of a product may change an individual's cognitions (i.e. opinions,
attitudes, perceptions and needs) with respect to use of the product (Karahanna, Straub &
Chapter 3: Literature Review (IS/IT Adoption)
87
Chervany 1999). Therefore, beliefs that have led to initial adoption may not be the same as the
beliefs after the use of the product (Karahanna, Straub & Chervany 1999). Klonglan and
Coward (1970) in the innovation diffusion literature supported this notion and they suggested
that economic variables may be important in explaining use, while sociological variables may
be more important in explaining mental adoption of innovations.
In IT usage contexts, the CDT proposes that user’s pre-usage cognitions (e.g. attitude and
beliefs) are generally based on second-hand information, such as that communicated via
interpersonal or mass media channels, industry reports or vendor claims (Bhattacherjee &
Premkumar 2004). As IdMS are novel technologies and many people have no experience using
them, the users’ beliefs and perceptions toward IdMS could be based on indirect experience or
cognition with IdMS (Karahanna, Straub & Chervany 1999; Li et al. 2008). Therefore, the CDT
is a suitable approach for examining issues related to users’ initial adoption of IdMS.
3.4.10 Trust–Risk Framework
The trust–risk framework suggests that “in the situation in which potential risks are present,
trust plays an important role in determining one’s (trusting/risk-taking) behaviour” (Malhotra,
Kim & Agarwal 2004, p. 341). This model has been used to explain different individuals’
behaviours in a variety of uncertain environments, including the employee–organizational
relationship (Mayer, Davis & Schoorman 1995; McKnight et al. 1998); consumer–firm
relationships (Jarvenpaa & Tractinsky 1999) and consumer–Web vendor relationship
(McKnight et al. 2002; Malhotra, Kim & Agarwal 2004). The trust–risk model has also been
used in previous technology adoption research to investigate individuals’ risk, trust and privacy
perceptions toward diverse Web-based technology such as e-commerce (e.g. Lou 2002;
Malhotra, Kim & Agarwal 2004), e-government services (Belanger & Carter 2008) and social
networking (Lo 2010). This model is suitable for testing individual behaviours in an uncertain
environment such as during the initial adoption of a product (Lou 2002; Malhotra, Kim &
Agarwal 2004). In addition, this model involves trust and risk as a suitable lens through which
Chapter 3: Literature Review (IS/IT Adoption)
88
to examine the phenomenon of behavioural intention towards risky actions such as personal
information disclosure on the Internet (Lo 2010). This is the case with the IdMS artefact. This
uncertainty raises the importance of examining the factors that comprise the dimensions of the
users’ perceived risks and the mechanisms that are effective in helping users overcome their
uncertainties about IdMS. Therefore, the trust-risk model is a suitable approach for examining
user’s perceptions of trust and risk and their effect on behavioural intentions toward using
IdMS.
3.4.11 Conclusion of Review of Technology Adoption Models and
Theories
From the viewpoint of the above reviewed models and theories, the decision of individuals to
perform a particular behaviour is affected by a variety of factors. Each factor is suggested by a
particular model. Each basic model has some limitations which does not make it sufficient to
explain the adoption of IdMS in this study. Although some factors have different names in the
diverse models, they represent the same concept and their definitions are very similar and close
to each other. For example, the perceived usefulness construct in the TAM is obviously close to
both the relative advantage construct in the IDT and performance expectancy in the UTAUT. In
addition, perceived ease of use in the TAM is close to complexity in the IDT and effort
expectancy in the UTAUT (Venkatesh et al. 2003; Cho 2006; Hong & Tam 2006). Moreover,
subjective norm in TRA is relatively close to image and visibility in the IDT as well as to social
influence in the UTAUT. Furthermore, facilitating conditions in the UTAUT is similar to
perceived behavioural control in the TPB and self-efficacy in the SCT (Venkatesh et al. 2003).
Based on the above conclusion, it can be proposed that the decision of users to adopt IdMS is
likely to be affected by factors which originate from the above review of technology adoption
models/theories such as perceived ease of use, perceived usefulness, risk, subjective norms, etc.
These factors are introduced and identified further in Section 3.6. Also, they will be explained
and discussed in detail in Chapter 4, including their measurement and the justification for their
Chapter 3: Literature Review (IS/IT Adoption)
89
likely impact on user behavioural intentions toward IdMS. Furthermore, the current research
integrated and adopted a number of these models and theories (i.e. TAM, TTF, TPB and trust-
risk model) as theoretical foundation for explaining user adoption of IdMS as will be discussed
in the research model development in Chapter 4.
3.5 User Adoption of Web–based Services and Technologies
This section develops the literature review on user adoption of Web-based services and
technologies (WBST). The aim of this review was to identify factors that affect individual
adoption of WBST. We define WBST as services and technologies that are usable only with an
active Internet connection and their primary communication protocol; which allow individuals
to perform a wide range of financial and non-financial activates through the Web, and often
require users to disclose personal information in order to use them such as online shopping,
Internet banking and social networking. Because of the lack of studies on user adoption of IdMS
and as this study focuses on Web-based IdMS, we believe that the literature associated with
WBST might offer valuable insights into innovative IdMS adoption because of the similarity in
terms of human users interacting with Web systems (Luo et al. 2010). However, difference
existed in consumer’s perception of Web systems value. For example, both online shopping and
IdMS services require users to disclose some identity information but the perceived benefits and
risks associated with each system are different. More discussion on the different between IdMS
and other Web systems are addressed further in Chapter3 (see Section 3.9).
This section is divided in two parts: the first part explains the research methods employed to
carry out the literature review (Section 3.5.1), while the second part presents a general overview
and some findings of the literature (Section 3.5.2). The section’s conclusion highlights some
gaps identified in the user adoption of WBST literature (Section 3.5.3).
Chapter 3: Literature Review (IS/IT Adoption)
90
3.5.1 Research Method
Similar to the approach taken in the IdMS literature (discussed previously in Chapter 2, Section
2.8.2), we used a structured literature review to assess the current literature in WBST
Digital Library and Google Scholar were used to select the related articles. The articles were
searched for by using a number of key words including acceptance, adoption, diffusion,
intention, use, Web and perception.
The selected studies were defined based on a set of inclusion criteria: firstly, the article was to
have been published in primary journals or conferences; secondly, the research needed to have
examined or reviewed adoption and diffusion of WBST by individuals; thirdly, the research
needed to have reviewed or commented on the adoption of theories or factors that affected
individual adoption of WBST; fourthly, ‘behaviour intention’ or ‘usage intention’ was to be the
Chapter 3: Literature Review (IS/IT Adoption)
91
dependent variable examined in individual adoption; and, finally, the study was to have carried
out one or more empirical, conceptual, literature analyses or meta-analyses of research.
The initial selection of 420 primary publications was made based on a review of the title,
keywords and abstract. At this stage, only primary publications that appeared to be completely
irrelevant were excluded. In total, 118 selected articles met the criteria and then were carefully
categorized and analyzed in detail.
In order to conduct an in-depth analysis of the research literature on user adoption of WBST, the
following questions were posed:
1. What was the purpose of the study?
2. What was the principal focus of research?
3. What models or theories of technology adoption were used?
4. What types of technologies/services were studied?
5. What are those factors that have an effect on individual acceptance of technology?
Previous literature analyses showed that the above mentioned questions allow researchers to
successfully synthesize technology-adoption research (Alavi & Carlson 1992; Standing,
Standing & Love 2010; Hoehle, Scornavacca & Huff 2012). The next section presents the
findings of the literature analysis.
3.5.2 Analysis and Findings
3.5.2.1 Number and year of publication
After in-depth investigation, 118 studies were selected for further analysis of which 90.3% were
journal articles and 9.7% were conference papers (see Appendix 3.2). Table 3.3 presents the
findings according to year of publication. The largest number of studies (16) appeared in 2010,
closely followed by 2012,2008 and 2011 which each had a total count of 15,14, and13 studies
respectively. A slightly lower number of studies appeared in the other years. Our findings
Chapter 3: Literature Review (IS/IT Adoption)
92
demonstrate that there are increasing levels of interest and research activity in the individual
adoption of Web-based services and technologies.
Table 3.3: Studies published between 2003 and 2012 Year No. % Year No. %
2003 7 6 2009 8 7
2004 10 8 2010 16 14
2005 12 10 2011 13 11
2006 11 9 2012 15 13
2007 12 10 Total 118 100
2008 14 12
3.5.2.2 Classification of publications
After the in-depth analysis, we classified the selected studies into three categories. Table 3.4
presents this classification as well as the number and frequency of the studies in each category
(See Appendix 3.1 for more details related to this classification).
Table 3.4: Studies according to subject category Classification of Studies No. %
Based on technology adoption models/theories 71 60
Not based on technology adoption models/theories 32 27
Literature analysis 15 13
Total 118 100
3.5.2.3 Studies according to adoption theories
In order to identify the foundation theoretical models on technology adoption employed by the
authors, we analyzed 71 studies that were based on technology adoption theories. Among the
five theoretical models reviewed in Section 3.4 (the TAM, TPB, IDT, UTAUT and TTF), the
TAM emerged as the most popular, appearing in more than half of the studies (59%). This was
followed by TTF at 19.8%, UTAUT at 10.8%, TPB at 6% and the others, such as TRA, TAM2
and SCT, at 4.5%. No study employed the IDT model alone. Table 3.5 presents the intersections
and distribution of theoretical models revealed in the sample.
Chapter 3: Literature Review (IS/IT Adoption)
93
Table 3.5: Intersection of theoretical models Models/Theories TAM TPB IDT UTAUT TTF Other Total
TAM 27 3 4 0 6 2 42
TPB - 3 0 0 0 1 4
IDT - - 0 0 0 1 1
UTAUT - - 1 6 2 1 10
TTF - - - - 11 0 11
Other - - - - - 3 3
Total 27 6 5 6 19 8 71
3.5.2.4 Studies according to focus of the research
Each article was classified into one of the following three categories: consumer, business and
general. Table 3.6 describes the characterizations of each category and the distribution of
studies across the three categories. The findings indicate that a large percentage of WBST
adoption research had been focused on consumer issues. This supports Wu et al.’s (2011a)
argument that employees and businesspersons from all types of organizations are potential users
of business-based technologies and that there is a lack of Web-based applications in the
workplace setting.
Table 3.6: Focus of the WBST adoption research Category Definition No. %
Consumer Consumer behaviour, acceptance of consumer-focused WBST 66 55.9
Business Organization impact, individual adoption of WBST at workplace 30 25.4
General General issues about adoption of WBST, broad and unspecified focus 22 18.6
Total 118 100
3.5.2.5 Studies according to technology/service examined
Table 3.7 lists the various range of Web-based services and technologies examined in the 118
publications that yielded the findings. This classification was based on the objective stated in
each study. It was clear that the findings revealed different Internet-based technologies and
applications as was the aim of this research. Significantly however, this result indicated that no
study examined online identity or IdMS technologies and services.
Chapter 3: Literature Review (IS/IT Adoption)
94
Table 3.7: Web-based services and technologies examined Category Technology/System
Communication (6)
MS Messenger; Wireless PDA; Wireless technology(2);email; Broadband triple play
Internet/online (33)
Internet (3); online shopping (10); online service (5); airline online service; Internet banking (4); online trading; online auction; travel Web services (2); online tax; online recommendation; online transaction (2); online marketplace
Internet applications and technologies (30)
E-commerce (7); Web 2.0 services(2); video sharing; social networking (7); social bookmarking; E-tourism; blog; Weblog technologies; E-government Services (4); WoredaNet E-government services; ubiquitous commerce; health care services; I-mode
IS/IT application (20)
Open source software (OSS); Web-based negotiation support systems (NSS); cloud computing; data warehouse software; focal system; decision support system; software (3); Web-based unified modelling language (UML) (2); MP3 player; prepayment metering systems; firewalls; word processing; location aware marketing (LAM), location-based services (2); RFID; National Identity System (NID)
Mobile (17) Mobile Internet; mobile payment services (3); mobile information system (2); mobile locatable information systems; mobile banking (4); mobile wireless (2); mobile commerce (2);mobile Internet; mobile financial services
Website (5) Web board; search engine; website (2); Web-based company
Note: the numbers in parentheses indicate how many of the technologies/services examined fell into a given category.
3.5.2.6 Factors affecting user adoption of WBST
Table 3.8 presents 65 factors identified among the selected papers that were analyzed and
classified into 12 categories based on which the theoretical construct attributes examined in
each study. The numbers in parentheses in Table 3.8 indicate how many of the factor attributes
reviewed fell into a given category. These external factors were in addition to the factors found
in existing theoretical adoption models. It is important to note that most of these factors, which
were proposed by the authors, are in the conceptual stage or have not been thoroughly validated
or developed.
Almost 88% of the previous studies investigated factors such as perceived ease of use,
perceived usefulness, personal innovativeness and social norms that had originated from the
technology adoption models. The analysis indicated that only 19 (16%) papers had examined
risk perceptions, 20 (17%) examined trust and 18 (15%) examined privacy concerns. Among
these studies, only four papers had conceptualized and examined all three factors (i.e. risk, trust
and privacy) in one research paper (Malhotra, Kim & Agarwal 2004; Bansal, Zahedi & Gefen
Chapter 3: Literature Review (IS/IT Adoption)
95
2010; Liao, Liu & Chen 2011; Zhou 2011). However, these studies examined these factors as
single constructs and Malhotra, Kim and Agarwal (2004) proposed only information privacy
concerns as a multi-dimensional construct. Furthermore, only 10 (8 %) studies investigated
individual characteristics and just 16 papers (13.6%) examined situational factors. These results
are consistent with previous research that stated that the impact of individual difference factors
on technology adoption had been paid a little attention in previous work (Malhotra & Galletta
2005; Sun & Zhang 2006; McCoy, Galletta & King 2007; Djamasbi, Strong & Dishaw 2010;
Zhou et al. 2011). The result indicated that there was a lack of research investigating security
factors (risk, trust and privacy), individual characteristics and situational variables on user
adoption of WBST.
Table 3.8: Factors affecting user adoption of WBST Category Factor Attributes
3.5.3 Gaps in the Literature on Adoption of Web–based Services and
Technologies
The review of the extant literature revealed several individual IS/IT adoption theories and
models aid in the exploration and prediction of user adoption of WBST. Moreover, the review
revealed that previous studies have addressed an extensive range of factors related to user
adoption of WBST, but most of these studies have not relied on strong theoretical foundations.
In addition, although many researchers have examined factors such as usefulness, ease of use,
enjoyment, etc. which drive individuals to adopt or reject IT products in general, research on
WBST adoption that focused on security factors, such as risk, trust and privacy, had been
limited (Gefen, Benbasat & Pavlou 2008; Im, Kim & Han 2008; Sheng, Nah & Siau 2008; Luo
et al. 2010; Shin 2010; Liao, Liu & Chen 2011; Zhou 2011; Li 2012). Furthermore, the majority
of prior studies that examined the effect of risk, trust and privacy beliefs on individual
behaviour typically tested them as a single construct (e.g. Cho 2006; Dinev & Hart 2006; Lee
2009b; Bansal, Zahedi & Gefen 2010). There is a lack of research investigating and testing
these variables as a multi-dimensional construct (Junglas, Johnson & Spitzmuller 2008; Luo et
al. 2010; Liao, Liu & Chen 2011; Li 2012). Research on information security behaviour and
security factors should be defined from the users’ perspective and its conceptualization should
result in a multi-faceted construct (Crossler et al. 2013).
Previous studies have focused on online users’ willingness to provide information (e.g.
Malhotra, Kim & Agarwal 2004; Bansal, Zahedi & Gefen 2010; Li, Sarathy & Xu 2010; Xu et
al. 2011). However, there was a lack of research focused on the degree to which information
disclosure and intention to disclose might influence behaviour and on what other factors might
affect the relationship (Metzger 2004; Norberg, Horne & David 2007; Lowry, Cao & Everard
2011). Studies investigating online information disclosure and their antecedents have been
limited (Metzger 2004; Norberg, Horne & David 2007; Li, Sarathy & Xu 2010; Lowry, Cao &
Everard 2011). In addition, our findings indicated that there was a lack of research investigating
individual differences such as individual characteristics and situational variables affecting the
Chapter 3: Literature Review (IS/IT Adoption)
97
adoption of WBST. Overall, the literature highlighted that no research had examined user
adoption of Web-based IdMS. In addition, there was no empirically-tested model in this
context. Therefore, there was also a clear gap in this field regarding a conceptual perspective.
These gaps offered a research opportunity to empirically examine the factors that made users
adopt or reject the IdMS.
3.6 Factors Affecting User Adoption of Identity Management
systems (Background and Theoretical Concepts) After an extensive review of previous studies on individual adoption of WBST, we identified
65 factors related to user adoption of WBST (see Table 3.8). These factors were previously
reviewed and summarized in Section 3.5.2.6. Another study (Jeyaraj 2006) identified 67
independent variables affecting user acceptance of IT that had been used in individual adoption
studies.
Clearly, it is not possible to examine all significant factors of a phenomenon in one study as it
leads to unmanageable complexity. In addition, factors could be diverse in nature, which make
it difficult to include them in a specific context. Therefore, decisions regarding the inclusion of
some factors must be made and reasoned arguments to justify these decisions should be given
(Hair et al. 2007).
Accordingly, this section aims to introduce the included factors in this study, discusses the
reasons for choosing them and identifies their theoretical concepts that are fundamental for the
development of the conceptual model of the current research. In addition to the TAM constructs
(perceived usefulness and ease of use) and TTF constructs (fit, task and technology
characteristics), perceived risk, trust, privacy concerns, situational and individual difference
variables (i.e. subjective norms, facilitating conditions, cost, experience and demographic
variables) were included in the current study to investigate their role in user adoption of IdMS.
These factors are also explained and discussed in detail in Chapter 4, including their
Chapter 3: Literature Review (IS/IT Adoption)
98
measurement and the justification for their likely impact on user behavioural intentions toward
IdMS.
3.6.1 Perceived Ease of Use and Perceived Usefulness
As discussed previously in Section 3.4.3, the TAM provides perceived usefulness (PU) and
perceived ease of use (PEOU) as dormant variables to explain the behaviour intentions.
However, in the case of an IS that focuses on IdMS, researchers have not examined whether the
two perceptions and external variable constructs are sufficient for explaining the behavioural
intentions.
This study adopted TAM constructs (i.e. PU and PEOU) for four reasons. Firstly, the TAM is
capable of explaining user behaviour across a broad range of end-user technologies. Although
the TAM has aided the understanding of IS/IT adoption, many researchers have suggested that a
deeper understanding of factors contributing to ease of use and usefulness was needed (Lee,
Kozar & Larsen 2003; Bagozzi 2007; Benbasat & Barki 2007). Venkatesh and Davis (2000)
noted that a better understanding of PU and PEOU would enable the design of efficient
organizational interventions that might lead to increased use and user acceptance of new IT
systems. In addition, some researchers, including Amoako-Gyampah and Salam (2004), Wixom
and Todd (2005) ,Venkatesh (2006) , and Schilke and Wirtz (2012) suggested more TAM
studies on IT artefacts, multi-user systems and more complex technologies such as IdMS. The
TAM has previously been applied to diverse contexts and its adoption phenomena typically
related to complex technologies, such as the e-library (Hong et al. 2002) and firewalls (Kumar,
Mohan & Holowczak 2008), suggesting that these TAM variables could also be applied to the
case of IdMS.
Secondly, of the models that have been proposed and examined for user adoption of technology,
the TAM is arguably the most widely accepted (King & He 2006; Williams et al. 2009). The
TAM has been examined for the causal relationships between task, human or organizational
characteristics by researchers in several high-use Internet-based technology products, the
Chapter 3: Literature Review (IS/IT Adoption)
99
environment and services. This includes e-commerce (e.g. Lingyun & Dong 2008; Ha & Stoel
2009); the World Wide Web (e.g. Vijayasarathy 2004); online service (e.g. Cho 2006); Internet
banking (e.g. Cheng, Lam & Yeung 2006; Lee 2009b); mobile technology (e.g. Schierz, Schilke
& Wirtz 2010; Lee et al. 2012); and open source software (OSS) (e.g. Gwebu & Wang 2011)
(see Appendix 3.1 for more details). Overall, most of these studies provided strong evidence to
support the TAM as an approach for predicting system usage behaviour. As IdMS adoption is
an example of Web-based technology adoption, the TAM should thus be an applicable
approach.
Thirdly, despite recent extensions to the TAM such as the TAM3 model (Venkatesh & Bala
2008) and revisions such as the UTAUT model (Venkatesh et al. 2003), the basic TAM model
has high reliability and explanatory power, and obtains high levels of robustness. Thus, the
TAM is a suitable basis for an illustrative application case (King & He 2006; Recker &
Rosemann 2010). In addition, existing measurement items for TAM constructs have repeatedly
been shown to be robust and to display excellent reliability and validity in a wide diversity of
settings (e.g. Lee, Kozar & Larsen 2003; King & He 2006; Recker & Rosemann 2010).
Finally, although individual-level technology adoption research, specifically TAM-related
research, is one of the most widely-studied areas of IS research, there are still a number of
productive research avenues, including the role of individual characteristics (Djamasbi, Strong
& Dishaw 2010), as well as new and different contexts (Benbasat & Barki 2007; Turner et al.
2010). Turner et al. (2010) argued that “it should be possible to predict future technology use by
applying the TAM at the time that a technology is introduced” (p. 464). Benbasat and Barki
(2007) proposed that different adoption contexts have to obtain diverse specific beliefs as
antecedents, and that these specific beliefs would present more actionable suggestions to design
and practice than simply arguing for increased usefulness. Recently introduced, IdMS are in the
early stage and researchers have not examined whether PU and PEOU perceptions and external
variable constructs remain sufficient for explaining users’ behavioural intentions to adopt IdMS.
Therefore, PU and PEOU are both necessary and appropriate for examining them in this study.
Chapter 3: Literature Review (IS/IT Adoption)
100
3.6.2 Task and Technology Characteristics
Task–technology fit (TTF) is a critical construct both before and after individual decisions about
technology use (Goodhue 2007). Users intend to use an IT product if it meets their task
requirements (Dishaw, Strong & Bandy 2004). The TTF model clearly includes task
characteristics and technology characteristics (see Section 3.4.6). The extant literature indicates
that many studies have examined and measured TTF constructs in different contexts, such as
computer-based information systems (CBIS) (e.g. Vlahos, Ferratt & Knoepfle 2004); unified
modelling language (UML) (e.g. Grossman et al. 2005); personal digital assistants (PDA) and
mobile commerce (e.g. Lee, Cheng & Cheng 2007); mobile information systems (e.g. Gebauer,
Shaw & Gribbins 2010); Web usage (e.g. D’Ambra & Wilson 2004a, 2004b); and blogs (e.g.
Shang, Chen & Chen 2007) (see Appendix 3.1 for more details). These studies examined
different applications that are all used for specific tasks.To the best of our knowledge, TTF has
not been previously considered for IdMS and has not been assessed regarding its suitability for
particular combinations of tasks and technology.
The current research employs TTF constructs (fit, task and technology characteristics) for the
following motives. The system and technological levels are principally focused on the
technology itself (Cho 2006). IdMS would be associated with products or services that assist
Internet users in their online tasks. Therefore, IdMS are regarded as a tool to control
communication in addition to performing complicated tasks, such as managing and controlling
online identity. Consequently, the adoption and use of IdMS may be perceived as difficult and
generally TTF should be considered. Researchers suggested that studies on new technology
adoption should include an examination of its compatibility with the current style (Cho 2006).
Moreover, the extent to which the technology itself can be adopted determines whether or not a
change is success. An investigation using the TTF model variables provides an understanding of
the hypothesis involved in comprehending technology use and clarifies technical areas needing
future examination (Cane & McCarthy 2009).
Chapter 3: Literature Review (IS/IT Adoption)
101
3.6.3 Fit
3.6.3.1 Defining and measuring fit in IS/TTF research
Fit models that reveal the gap between what technologies are able to provide and what the
technologies are expected to support are critical instruments in IS. They have been successfully
applied to explain and predict IT utilization, adoption and performance (Goodhue & Thompson
1995; Junglas, Abraham & Watson 2008). Examining the fit of an IT to a user‘s task is a
frequent focus of human computer interaction (HCI)/IS research (Dishaw & Strong 2005).
The user‘s intention to use the technology should come from the fit between tasks and functions
(Yen et al. 2010; Lee et al. 2012). A method of conceptualizing and measuring fit can be found
in TTF. Some TTF researchers have investigated the fit conceptualization and measurement in
different contexts. A number of these studies have examined the effect of fit on performance
(Goodhue & Thompson 1995), tool usage (Dishaw & Strong 1998, 1999, 2005) and intention to
use (Yen et al. 2010). However, to our knowledge, no research has conceptualized and
measured fit, and examined its effect on users’ intention to use in the IdMS context. Therefore,
the current study aimed to conceptualize fit and its relationship to the users’ intention to use
IdMS.
Venkatraman (1989) proposed a conceptual framework derived from the concept of fit. Fit is
identified from six different perspectives for its conceptualization: fit as moderation, fit as
mediation, fit as matching, fit as gestalts, fit as profile deviation and fit as covariation
(Venkatraman 1989) (see Table 3.9). Fit as moderation, mediation and matching identify a
relationship between just two variables, whereas fit as gestalts, profile deviation and covariation
identify a relationship between many variables. While these six perspectives are described in the
context of strategy research, they apply equally well to HCI/IS research focusing on the fit
between IT and tasks (Dishaw & Strong 2005).
Chapter 3: Literature Review (IS/IT Adoption)
102
TTF is defined as the degree to which the functionality of a technology matches the task and the
abilities of the individual who performs the task (Goodhue & Thompson 1995). In this study,
we decoupled fit from current utilization, and the operationalization of TTF was defined as “the
degree to which a technology does or could meet your task needs” (Goodhue, Littlefield &
Straub, p. 458). IS/TTF research has examined methods for conceptualizing and measuring TTF
to determine which particular IT fits a particular task (see Table 3.9). However, a number of
researchers have pointed out that there has been a lack of distinction between the conceptual
understanding of fit and its measuring schemes (Venkatraman 1989; Junglas, Abraham &
Watson 2008). To the best of our knowledge, no study has yet conceptualized or measured the
fit concept in the IdMS context.
Junglas and Waston (2003) noted that there is limited process in defining and measuring fit.
They defined fit as ideal, under or over; this reveals the ideal mappings of task needs and
technology functionality in the context of ubiquitous commerce (u-commerce). Junglas and
Waston identified three dimensions for task characteristics—time dependency, location
dependency and identity dependency—and four dimensions for the technology characteristics of
u-commerce, specifically ubiquity, uniqueness, universality and unison. Junglas, Abraham and
Watson (2008) tested how various fit levels affect individual performance across different tasks
performed with mobile locatable information systems. They examined efficiency and
effectiveness with regards to diverse levels of technology fit and with regards to different kinds
of tasks. The results of a wireless laboratory experiment with 112 subjects showed that subjects
perceive differences between under and ideal, as well as under and over, fit conditions when
exposed to tasks that include localization components.
Chapter 3: Literature Review (IS/IT Adoption)
103
Table 3.9: Fit conceptualization used in TTF research Fit
perspective Definition Reference Context
Fit as moderation
“is based on contingency perspective that operationalizes fit as a statistically derived interaction relationship between two variables that predicts the third” (Cane & McCarthy 2009, p. 108)
Goodhue and Thompson (1995); Goodhue (1995) Dishaw and Strong (1998, 1999, 2003); Strong, Dishaw and Bandy (2006)
Computer system Software maintenance tool
Fit as matching
"a theoretically defined match between two related variables" (Venkatraman 1989, p. 430)
Nance and Straub (1996); Dishaw Strong and Bandy (2004) Junglas, Abraham and Watson (2008)
Knowledge work Software maintenance tool Mobile locatable IS
Fit as profile deviation
"the degree of adherence to an externally specified profile" (Venkatraman 1989, p. 433)
Zigrus and Buckland (1998); Zigrus et al. (1999); Murphy and Kerr (2000); Dennis, Wixom and Vandenberg (2001) Junglas, Abraham and Watson (2008) Gebauer, Shaw and Gribbins (2010) Lee et al.(2012)
Group support systems (GSS) Mobile locatable IS Mobile IS Mobile financial services
Fit as gestalts
“is a multivariate perspective to fit as opposed to fit as moderation, mediation and matching, which are based on a bivariate fit approach” (Cane & McCarthy 2009, p. 108)
Benslimane, Plaisent and Bernard (2002)
WWW /E-commerce
Fit as mediation
“statistically derived as the mediating mechanism and there can be two or more variables in the specification of fit” (Cane & McCarthy 2009, p.108)
NA NA
Fit as covariation
"a pattern of covariation or internal consistency among a set of underlying theoretically related variables" (Venkatraman 1989, p. 435)
Klopping and McKinney (2004) Ferrat and Vlahos (1998) D’Ambra and Wilson (2004)
E-commerce Computer-based information systems (CBIS) WWW
3.6.3.2 Conceptualizing the fit (fit as moderation)
Venkatraman (1989) has argued that researchers should “justify their specification of fit within
a particular research context” (p. 439), as each conceptualization of fit has implications for the
analytical techniques used to test the relationships. Therefore, this study viewed fit as
moderation (interaction). Fit as moderation is a common conceptualization in the HCI/IS
Chapter 3: Literature Review (IS/IT Adoption)
104
literature. In this perspective, IT is a moderator that impacts the resulting outcome measure
(performance of a task or utilization of the technology) (Dishaw & Strong 2005). Fit as
moderation has two direct effects and an interaction effect (Venkatraman 1989). The statistical
model includes task and technology main effects and an interaction effect between task and
technology, each of which directly impacts on an outcome variable (see Figure 3.9).
Goodhue and Thompson (1995) used the fit as moderation approach and developed an original
instrument with the following eight dimensions to test the TTF construct: the quality of data;
locatability of data; authorization; data compatibility; training and ease of use; production
timeliness; systems reliability; and the IS‘s relationship with users. This instrument was later
refined and validated to a 12-dimensional construct (Goodhue 1998), without considering the
available IT functionality or tasks needed. Goodhue, Klein & March (2000) also proposed the
following 11 items for the exploration of information integration: consistency; educational
training; helpfulness of system; reliability of the system; accessibility of information;
meaningfulness of information; the right data; ease of use of the system; understandability;
familiarity with a database system; and familiarity with programming; these were all used as a
starting point. The researchers have revealed that as a new combination of task and technology
occurs, new measurement items must be developed (Dishaw & Strong 1998). This makes the
applicability of the instrument too specific and raises the concern of validity across contexts
(Junglas, Abraham & Watson 2008). Hence, the operationalization of the TTF model in a
specific context is difficult as the task and technology must be specified (Dishaw & Strong
2005).
Dishaw and Strong (1998) used the fit as moderation conceptualization in the context of
software maintenance support tools. They developed TTF as a computed match between the
available IT functionality and the functionality needed to complete multiple tasks. Their model
involved two dimensions of fit: production fit and coordination fit. The first model included
production functionality in the technology, characteristics of production tasks and production
fit, which is the interaction of production technology with production tasks. The other model
Chapter 3: Literature Review (IS/IT Adoption)
105
was similar, but focused on coordination functionality, coordination tasks and coordination fit.
Dishaw and Strong have continued using the fit as moderation concept; they have explored the
addition of other explanatory variables to TTF models, but have focused on the single
dimension of production fit. They examined the addition of TAM variables to TTF (Dishaw &
Strong 1999), task and tool experience variables (Dishaw & Strong 2003) and self-efficacy
(Strong, Dishaw & Bandy 2006).
Figure 3.9: Statistical model for task-technology fit as moderation (Source: Dishaw & Strong 2005, p. 2404)
3.6.4 Perceived Risk
3.6.4.1 Perceived risk in IdMS
Perceived risk presents an individual’s assessment of the relative probability of negative or
positive outcomes of a given transaction or situation (Cho 2006). New threats to online
consumers emerge as the Internet continues to evolve into a more social and interactive space.
These threats target the relationship between consumers and online services by attacking the
identity at the core of their relationship (Friedman,Crowley & West 2011). Identity management
is often viewed as a set of processes and technologies to manage the risks associated with
identity (Seltsikas & O’Keefe 2010). The implementation of new IdMS brings with it new risks.
We argue that understanding how the risks arising from new IdMS deployed in online service
are perceived and addressed may be critical to the individual’s acceptance of online services.
Chapter 3: Literature Review (IS/IT Adoption)
106
In the early adoption stage of an IT-enabled artefact such as IdMS, individuals are uncertain
about not only the services or product but also the soundness of the underlying technology
platform (Luo et al. 2010). Therefore, this dual uncertainty raises the importance of studying the
factors that constitute the major dimensions of the users’ perceived risks and the mechanisms
that are effective in helping consumers overcome their uncertainties about the services, products
or underlying technical platform.
3.6.4.2 Definition of perceived risk
Perceived risk (or uncertainty) influences people’s confidence in their decisions (Im, Kim &
Han 2008). Perceived risk refers to the expectation that a high potential for loss is associated
with the release of personal information to the organization (Dowling & Staelin 1994).
Featherman and Pavlou (2003) defined perceived risk as ‘‘the potential for loss in the pursuit of
a desired outcome of using an e-service’’ (p. 454). Cunningham (1967) specified two major
types of perceived risk: performance and psychosocial. Cunningham divided performance into
three categories: (1) economic, (2) temporal and (3) effort. He divided psychosocial risk into
two kinds: psychological and social. He further identified perceived risk as having six
dimensions, which are performance, financial, opportunity/time, safety, social and
psychological loss. Featherman and Pavlou (2003) classified perceived risk into seven types
called “seventh risk facets” which were: (1) performance, (2) financial, (3) time, (4)
psychological, (5) social, (6) privacy and (7) overall risk (see Table 3.10).
Anxiety is a UTAUT construct similar to perceived risk (Venkatesh et al. 2003). However,
anxiety is mainly about the concerns and fears about trying a new technology rather than a long
term impact, thus it differs from perceived risk. In a practical sense, perceived risk remains
unchanged for some time, whereas anxiety can be mitigated (Im, Kim & Han 2008).
Perceived risk includes two forms: behavioural and environmental uncertainty (Cho 2006;
Belanger & Carter 2008). Behavioural risk arises due to the belief that online service providers
may behave in an opportunistic manner by taking advantage of the impersonal nature of the
Chapter 3: Literature Review (IS/IT Adoption)
107
electronic environment. Exposing personal data to a third party could be an example of
opportunistic behaviour (Cho 2006). Environmental risk is derived from the underlying
technological infrastructure and exists because of the unpredictable nature of Internet-based
technology, which is beyond the control of both online service providers and individuals (Cho
2006; Belanger & Carter 2008). For instance, environmental uncertainty is inherent in the IdMS
medium due to the unpredictable nature of the Internet and wireless technologies, which are
often beyond the control of the individual user (Luo et al. 2010).
IS/IT studies have confirmed the importance of perceived risk as an inhibitor to user adoption of
emerging-IT artefact and Internet-based services and technologies, including e-commerce
government (Belanger & Carter 2008) and mobile services (Luo et al. 2010). However, little is
known about how perceived risk affects user acceptance of IdMS.
Table 3.10: Description and definition of perceived risk facets (adopted from Featherman and Pavlou [2003])
Perceived Risk Facet
Definition
Performance risk
The possibility of the product malfunctioning and not performing as it was designed and advertised and therefore failing to deliver the desired benefits.
Financial risk The potential monetary outlay associated with the subsequent maintenance cost of the product and the recurring potential for financial loss due to fraud.
Time risk Consumers may lose time when making a bad purchasing decision by wasting time researching and making the purchase, learning how to use a product or service only to have to replace it if it does not perform to expectations.
Psychological risk
The risk that the selection or performance of the product will have a negative effect on the consumer’s peace of mind or self-perception.
Social risk Potential loss of status in one’s social group as a result of adopting a product or service, looking foolish or untrendy.
Privacy risk Potential loss of control over personal information, such as when information about you is used without your knowledge or permission. The extreme case is where a consumer is ‘‘spoofed’’ meaning a criminal uses their identity to perform fraudulent transactions.
Overall risk A general measure of perceived risk when all criteria are evaluated together.
Chapter 3: Literature Review (IS/IT Adoption)
108
3.6.5 Trust
3.6.5.1 Trust in technological artefacts and IdMS
In most previous studies, trust was initially advanced in the context of interpersonal
relationships in which trust targets are human (Wang & Benbasat 2005; Gefen, Benbasat &
Pavlou 2008; Li et al. 2008; Hwang & Lee 2012). Most trust research has focused on virtual
team members or a web vendor, and therefore the trustee has been human, or a group of humans
(Li et al. 2008). The role and nature of trust in technological artefacts remain unclear (Wang &
Benbasat 2005; Li et al. 2008; Luo et al. 2010). In the technological artefact context, trust has
been identified similarly to interpersonal trust in that it reveals the willingness of the truster to
‘‘behaviourally depend on a piece of software (e.g., a statistical system) to do a task”
(McKnight 2005). Recent IS trust research has been applied to the relationship between humans
and technology and has identified trust in technology when the trustee is a technological
artefact, such as a recommendation agent (Wang & Benbasat 2005), an information system (Li
et al. 2008) and mobile banking (Luo et al. 2010). Research findings have showed that
components of trust in technological artefacts and in humans do not differ significantly. This
indicates that individuals not only use technological artefacts as tools but also form trusting and
social relationships with them (Wang & Benbasat 2005). Therefore, we identify trust in IdMS as
an extension of interpersonal trust and a technological artefact that has been studied both in
other contexts and in the recent literature on IS.
Gefen, Benbasat and Pavlou (2008) argued that “[y]et, we do not have a conceptual framework,
nor taxonomy of constructs, to guide such research by identifying the constructs of importance
and for deriving propositions “(p. 281). Therefore, they suggested developing a theory or a
number of theories that identify the IT artefact constructs that have the potential to increase trust
in the online environment, and they further specify how these constructs can be incorporated
into technology adoption models. Little empirical evidence exists to support the nomological
validity (construct validity) of applying trust to technological artefacts. Wang and Benbasat’s
Chapter 3: Literature Review (IS/IT Adoption)
109
(2005) research is the first empirical study to examine trust in online recommendation agents.
However, to the best of our knowledge, the nomological validity of trust in IdMS has not yet
been empirically examined. Therefore, empirical testing is needed regarding whether or not
trusting beliefs hold true for IdMS. To examine the nomological validity of trust in IdMS and
reveal the relative importance of different trusting beliefs, this study has followed Wang and
Benbasat (2005) and Gefen, Benbasat and Pavlou (2008) and has tested integrated trust–
technology adoption theories and external factors in the context of IdMS.
3.6.5.2 The importance of trust in IdMS
Trust plays a critical role in exchange relationships, including unknown risks in the online
environment (Gefen, Karahanna & Straub 2003). With respect to the adoption of IdMS, users
face similar situations and must rely on trust to overcome their risk perceptions because many
online interactions require the user to disclose identity information. Trust in IdMS is a
behavioural belief related to the perception of security in using a particular IdMS technology
(Greenwood et al. 2007). This may be guaranteed by a security identity provider and a service
provider by using specific mechanisms such as encryption or digital signatures. Although IdMS
are reliable and include measurement against risks (Poetzsch et al. 2009), potential risks may
come from multiple sources, such as the vulnerability of Internet communication platforms and
the reasonable technical and operational safeguards of the identity service provider or a service
provider. Many identity management researchers have suggested that the trust relationship
among the parties (user, identity provider and service provider) using IdMS should be
Although different measures and sub-diminutions of privacy concerns have been robustly
developed, the majority of prior studies that examine the influence of privacy concerns on
individual behaviour typically test them as a single construct (e.g. Sheng, Nah & Siau 2008;
Chapter 3: Literature Review (IS/IT Adoption)
116
Bansal, Zahedi & Gefen 2010; Liao, Liu & Chen 2011). There is a lack of studies that
investigate and test privacy concerns as a multi-dimensional construct (Junglas, Johnson &
Spitzmuller 2008; Li 2012).
3.6.6.4 Australian Privacy Principals
Australian Privacy Principles (APPs) are part of the Privacy Act 1988.The Privacy Act 1988 is
concerned with protecting personal information of individuals from unauthorised collection,
disclosure and use by private sector organisations and Commonwealth government agencies
(Ludwing 2010). APPS replace the National Privacy Principles (NPPs) which apply to certain
private sector organisations, and the Information Privacy Principles (IPPs) which apply to
Commonwealth agencies. APPs include 13 principals as the following (Ludwing 2010; Privacy
Law 2012):
1. Open and transparent management of personal information: emphasises that an entity should first plan how it will handle personal information before it collect and process it.
2. Anonymity and pseudonymity: ensures that an individual is permitted to interact with entities while not identifying herself / himself, or by using a pseudonym.
3. Collection of solicited personal information: ensures that personal information should only be collected where it is necessary.
4. Receiving unsolicited personal information: ensures that personal information that is received by an entity is still afforded privacy protections, even where the entity has done nothing to solicit the information.
5. Notification of the collection of personal information: sets out the obligations on entities to ensure that individuals are aware of certain matters at the time of collection of their personal information.
6. Use or disclosure of personal information: sets out the circumstances in which entities may disclose or use personal information that has been collected or received.
7. Direct marketing: sets out limitations on organisations that disclose or use personal information to promote services or sell goods directly to individuals.
8. Cross-border disclosure of personal information: ensures that the obligations to protect personal information set out in the Australian Privacy Principles cannot be avoided by disclosing personal information to a recipient outside Australia.
9. Adoption, use or disclosure of government related identifiers: ensures that organisations (not agencies) do not refer to an individual within their own systems according to identifiers (e.g. Medicare numbers) issued by government agencies. In addition, it prevents the facilitation of unlawful data-matching by organisations through disclosure and use of such identifiers.
Chapter 3: Literature Review (IS/IT Adoption)
117
10. Quality of personal information: protects the quality of personal information collected, disclosed and used by entities.
11. Security of personal information: imposes specific obligations about protecting personal information.
12. Access to personal information: ensures that an individual has access to her/his personal information that entities hold about them and can correct the information where it is incomplete, irrelevant inaccurate, or out-of-date. 13. Correction of personal information: imposes obligations on entities to correct personal information if it is incomplete, irrelevant inaccurate, or out-of-date.
This study adopts some APPS to address IdMS users’ privacy concerns as discussed further in
Chapter 4(see Section 4.9.1).
3.6.7 Individual Difference Variables
The characteristic of individual difference is important for human computer interaction research
and IS success (Dillon & Watson 1996; Hong et al. 2002). In this study, individual differences
are characteristics of individuals that include demographic variables and situational variables
(Alavi & Joachimsthaler 1992; Agarwal & Prasad 1999). Including individual characteristics in
our proposed model was important for several reasons from the point of view of using
theoretically meaningful constructs. In general, there is increasing evidence that individual
differences influence users’ choices and acceptance of technology (Agarwal & Prasad 1999;
Hong et al. 2002; Strong, Dishaw & Bandy 2006; Djamasbi, Strong & Dishaw 2010;
Venkatesh, Thong & Xu 2012). Although theoretical variables are generally robust, they do not
always adequately explain user behaviour (Venkatesh, Thong & Xu 2012). For example, the
TAM does not pay sufficient attention to internal factors that impact on cognition and
Many IT acceptance studies have ignored the moderating impacts of individual factors (Sun &
Zhang 2006; Zhou et al. 2011) although several researchers have acknowledged that the absence
of such variables is a limitation (e.g. Davis, Bagozzi & Warshaw 1989). Sun and Zhang (2006)
examined the moderating effects in user technology acceptance and argued that, when a
complex context is faced (such as IdMS), additional factors (moderating) are needed to capture
the complexity of the context. Chin Marcolin and Newsted (2003) examined and validated the
significant effect of moderating variables on existing models of user technology acceptance.
Their empirical study confirmed that the inclusions of a moderating variable could increase the
model’s explanatory power although the impact was limited. Similarly, identity management
research mentioned the crucial role of individual characteristics and situational factors on IdMS
adoption (Dhamija & Dusseault 2008; Poetzsch et al. 2009). This study defines demographic
variables as the characteristics relating to individual users, such as gender, age and education
(Alavi & Joachimsthaler 1992). Situational variables refer to the characteristics particular to the
context, such as experience, subjective norms, facilitating conditions (skill level of the user and
familiarity or knowledge), and cost (Agarwal & Prasad 1999). Further discussion on the
individual difference variable will be presented in Chapter 4.
3.7 Overall Gaps in the Literature After the in-depth review of the extant literature on IdMS (Chapter 2) and on user adoption of
IS/IT (Chapter 3), we have identified the following gaps:
Major gap
There was no study which had investigated the adoption of IdMS and empirically examined the
factors affecting users’ behavioural intention to adopt IdMS.
IdMS literature gaps
• Perceptions of online identity and IdMS from individual perspectives have been rarely
explored in previous research.
Chapter 3: Literature Review (IS/IT Adoption)
119
• Studies that focus on context and the use of IdMS, especially from the IS perspective,
have been paid little attention.
• Issues related to IdMS such as usability, risk, trust and privacy have been intensively
explored from the technological perspective: the theoretical, social and regulatory
dimensions of these issues are less frequently addressed in the extant literature.
• There is a lack of empirical and behavioural research in identity management and IdMS
contexts.
• No theoretical model has been proposed and tested to better understand user adoption of
IdMS.
Gaps in the literature on user adoption of IS/IT and WBST
• Factors that influence user adoption of IdMS have not been examined or determined:
this is a significant gap.
• There is a lack of studies that examine the security factors (risk, privacy and trust) and
the relationship among them in the context of IT adoption studies and the IdMS field.
• Studies that have focused on online information disclosure and their antecedents have
been limited.
• There is a lack of theoretical and conceptual frameworks guiding IT artefact research.
• The nature and role of the trust in IT artefact remain unclear and little research has been
undertaken.
• Studies that have conceptualized or measured the fit concept in non-work settings are
limited, and no study to date has examined the IdMS context.
• The influence of individual factors (demographic and situational characteristics) and
their direct and moderating impact on user acceptance of IT have received little
attention in prior works and have not yet been examined in the context of IdMS.
Chapter 3: Literature Review (IS/IT Adoption)
120
3.8 Research Questions The literature review was guided by the initial research question: what factors affect the
adoption of identity management systems from the user’s perspective? Below are the research
sub-questions, which aim to achieve the set objectives of this study:
1) To what extent do the factors (perceived ease of use, usefulness, risk, trusting beliefs,
trust in the Internet, information disclosure, privacy concerns, fit, cost, facilitating
conditions and subjective norms) affect users’ behavioural intentions to adopt IdMS?
2) How do users perceive these factors that affect IdMS adoption?
3) How does prior experience of IdMS (SSO) affect the adoption of IdMS?
4) Do individual differences have any effect on user adoption of IdMS?
These questions address the gaps identified in the literature. Through the answers to these
questions, this study will contribute to the existing body of knowledge of user adoption of
IdMS, WBST and IS/IT.
3.9 Why Studying the Adoption of IdMS is Different to Any Other IT Artefact The adoption of IdMS is a complex process due to their scope and the implementation impact
related to the user’s information security (Cameron, Posch & Rannenberg 2009; Poetzsch et al.
2009; McLaughlin, Briscoe & Malone 2010). IdMS are different in a number of ways from the
IS/IT that have been examined in previous technology adoption studies. Most of the prior
studies have examined relatively simple IT, such as personal computers, email systems, and
word processing and spreadsheet software (Hong et al. 2002; Im, Kim & Han 2008). IdMS are
also different from the IT artefacts and Internet-based services that have been investigated in
previous studies such as a recommendation agent (Wang & Benbasat 2005) and online/mobile
banking (e.g. Lee 2009a; Luo et al. 2010). IdMS are much broader in nature. IdMS are complex
artefacts including not only the enabling technology, but also the content, services, architecture,
standards, distributed environments and even institutions (Cameron, Posch & Rannenberg 2009;
Chapter 3: Literature Review (IS/IT Adoption)
121
Alpar, Hoepman & Siljee 2011). IdMS enable interactions and security of financial and non-
financial transactions, as well as the exchange of private and sensitive information among
people, service providers, organizations and institutions via the Internet (Garcia, Oliva & Perez-
Belleboni 2012).
The differences between IdMS and other Web-based services (e.g. email and online shopping)
are based on the applicability of the scope. The scope for those services is limited to the single
user sharing the information across one enterprise (online provider). However, the Web-based
IdMS has a wider scope of applicability and interoperability (Cameron, Posch & Rannenberg
2009). As we discussed previously in Chapter 2 (See Section 2.3), IdMS require three parties:
the users, the IdMS provider and the Web service (which is whatever we may access via the
IdMS). Therefore, with an IdMS, users provide their identity details to the IdMS which will
then maintain and manage the identity data of the user providing the user with access to Web
services. Therefore, with an IdMS, the user relationship is much broader as it is placed with the
provider of the IdMS, that is, the identity provider as well as the Web service (e.g. internet
banking; online shopping; credit card management) thus the relationship is different; therefore,
the nature of trust and risk is different (Cameron, Posch & Rannenberg 2009). The usage of
IdMS requires the provision of detailed information attributes whereas other related Web-based
services have a relatively narrow scope and, as a result, the exposure of information is of a
limited scale allowing the users to reduce the risk perceptions associated with their identity
information (Halperin & Backhouse 2008).
Overall, the perceptions and beliefs such as trust, risk and privacy concerns are considerably
higher in IdMS than other Web-based services and technologies for the following reasons:
firstly, advancements and open standards in IdMS technologies and services have increased the
amount of users’ identity information that should be provided when using an IdMS (Bertocci,
Serack & Baker 2007). Secondly, the IdMS allow the mutual sharing of identity information
among different subscribers that allows third parties to identify users, and the misuse of data can
occur at the level of the IdP and SP which increases the risk of identity information being
Chapter 3: Literature Review (IS/IT Adoption)
122
damaged (Poetzsch et al. 2009). Thirdly, all identity information would be stored and collected
via a limited identity provider, thus users face bigger risk and privacy concerns instead of facing
the smaller risk which occurs when different information is stored in different sites (Hovav &
Berger 2009). Finally, users can access, control, and manage their digital identity from
anywhere and at any time with complete freedom and can decide which identities are required
to be shared with other trusted parties and under which circumstances (Cao & Yang 2010). This
paradigm moves the control of digital identities from service providers to the users (Bertocci,
Serack & Baker 2007; Poetzsch et al. 2009; Cao & Yang 2010). Therefore, new variables
reflecting the perceptions of a wide range of providers are needed to address the decision to
adopt IdMS. Correspondingly, the scope of IdMS is likely to be quite different. Owing to the
uniqueness of IdMS, it is imperative that the perceptions, beliefs and adoption of this complex
new technology be examined from the users’ perspective.
3.10 Summary The aim of this chapter was to provide a review of existing user adoption theories and identify
factors that could affect user adoption of IdMS. The chapter was organized as follows. Section
3.2 provided a definition of technology adoption and Section 3.3 discussed the initial adoption
stage adopted for the current study. Section 3.4 presented a review of a number of behavioural
and technology adoption models and theories that form the theoretical foundation of this study.
Section 3.5 reviewed and analyzed the literature related to individual adoption of WBST.
Section 3.6 introduced factors in this study that affect user adoption of IdMS. Section 3.7
addressed the significant gaps identified in IdMS, WBST and IS/IT adoption literature. Section
3.8 highlighted the research questions that aim to achieve the objectives of this study. Finally,
Section 3.9 clarified a justification of why study of the adoption of IdMS is different than study
of other IT artefacts that have been previously investigated in prior adoption and innovation
research. The next chapter will discuss the development of the conceptual research model and
associated hypotheses that will be used to guide this study.
Chapter 4: Conceptual Model and Research Hypotheses
4.1 Introduction This chapter discusses the development of the conceptual research model and research
hypotheses that will be used to guide this study. Firstly, the research model is presented. This is
followed by an in-depth discussion of each construct and the development of the hypotheses for
this research.
4.2 Research Model
A model is a set of statements or propositions or expressions of associations among constructs
(March & Smith 1995). A model is viewed simply as a description that represents how things are
(March & Smith 1995). The proposed model (Figure 4.1) is based on the IdMS and IS/IT
adoption literature as the study focuses on user adoption of IdMS. It was developed based on
integrating the behavioural theories and technology adoption models reviewed previously in
Chapter 3 (see Section 3.4), that is, TAM (Davies 1989), TTF (Goodhue & Thompson 1995),
TPB (Ajzen & Fishbein 1980; Ajzen 1991), and the trust–risk framework (Mayer, Davis &
The degree to which a user believes that using a particular IdMS would enhance managing and controlling his or her online identities.
TAM (Davis 1989; Davis Bagozzi & Warshaw 1989; Venkatesh & Davis 2000)
Perceived ease of use
The degree to which a user believes that using IdMS would be easy and free from effort.
TAM (Davis 1989; Davis Bagozzi & Warshaw 1989; Venkatesh & Davis 2000)
Fit The interaction between IdMS task and technology characteristics. TTF (Venkatraman 1989; Goodhue & Thompson 1995; Dishaw & Strong 1999; String et al. 2006)
Perceived risk The expectation that a high potential for loss is associated with the release of identity information to the IdMS providers and through the use of IdMS.
Trusting beliefs Comprising two dimensions: trust in the IdMS artefact (users’ perceptions regarding the integrity and ability of the IdMS as a technology providing management and maintenance of their online identities) and trust in IdMS providers (user’s perceptions regarding the integrity and ability of the IdMS providers providing the online identity service).
Trust, trust–risk model
(Mayer, Davis & Schoorman 1995; McKnight et al. 1998, Jarvenpaa & Tractinsky 1999; McKnight et al. 2002; Gefen, Karahanna & Straub 2003; McKnight 2005; Wang & Benbasat 2005; Li et al. 2008; Luo et al. 2010)
Trust in the Internet
Comprising two dimensions: situational normality (the user’s beliefs that the Internet environment is suitable, well ordered, and favourable for disclosing identity information and using IdMS), and structural assurance (the user’s beliefs that technological and legal Internet protections, such as data encryption, would safeguard him/her from loss of money, privacy or identity information).
Trust, trust–risk model
(McKnight et al. 2002; Pavlou 2003; Li et al. 2008)
Information disclosure
An exchange where users had disclosed their identity information for the purpose of using Web-based services for both financial and non-financial transactions.
SET information privacy
(Chelune 1987; Metzger et al. 2004; Norberg, Horne & David 2007; Lowry, Cao & Everard 2011; Xu et al. 2011)
Privacy concerns The subjective view and the sense of threat that individuals have about how IdMS providers are using or would use their identity information, comprising seven dimensions: awareness, notice, collection, choice control, error, improper access and unauthorized secondary usage.
SCT information privacy
(Smith, Milberg & Burke 1996; Malhotra, Kim & Agarwal 2004; Liu et al. 2005; Dinev & Hart 2006; Xu et al. 2011)
Chapter 4: Conceptual Model and Research Hypotheses
164
Cost An individual’s perception that using an IdMS provides possible expenses for managing and maintaining identity information.
The degree to which an individual believes that an organizational and technical infrastructure (e.g. accessibility to the Internet, the familiarity and availability of resources of users) supports the use of the IdMS.
TPB ,UTAUT (Venkatesh et al. 2003; Cho 2006; Im, Kim & Han 2008)
Subjective norms The person's perception that most people who are important to him/her think he/she should perform the behaviour in question (using an IdMS).
Notes: The theory of reasoned action (TRA), theory of planned behaviour (TPB), technology acceptance model(TAM), task–technology fit (TTF), cognitive dissonance theory (CDT), social contract theory (SCT), social exchange theory (SET), unified theory of acceptance and use of technology (UTAUT).
Chapter 5: Research Design and Methodology
5.1 Introduction The objective of this chapter is to outline the methodological considerations used to conduct the
study. The chapter begins by introducing the positivist research paradigm, the use of the
quantitative method and Web survey, followed by explaining the procedure for sampling and
collating the research data. The chapter then describes the statistical techniques that have been
used to validate and analyse the data as well as to estimate the parameters of the research model.
The instrument development is discussed in detail in Chapter 6.
5.2 Research Paradigm
Because paradigms vary in terms of the fundamental assumptions they carry to an
organizational investigation, researchers must commit to a single paradigm (Mingers 2001). A
paradigm can be defined as the “basic belief system or world view that guides the
investigation” (Guba & Lincoln 1994, p. 105). In that regard, this study proposes a positivist
research that involves “precise empirical observations of individual behaviour in order to
discover … probabilistic causal laws that can be used to predict general patterns of human
activity” (Neuman 2003, p. 71). Table 5.1 shows the components of the positivist paradigm in
addition to other paradigms. The purpose of the positivist approach is to determine the objective
and social reality. It is an attempt to increase the predictive understanding of phenomena by
measuring variables, testing theories and making assumptions about a phenomenon arising from
the sample in a fixed population (Orlikowski & Baroudi 1991). Accordingly, the aim of this
study is to understand the factors that influence user adoption of IdMS and their effects on
behavioural intention.
Chapter 5: Research Design and Methodology
166
Table 5.1: Characteristics of the positivist paradigm in social science (Source: Sarantakos 2005)
The present study has adopted explanatory research design. According to Hair et al. (2007),
explanatory research focuses on the cause-and-effect relationship, explaining what cause
produces what effect. The research model relies on concepts, constructs and relationships that
are drawn from different theories and previous studies. The aim of this study is to measure some
variables and explain the causal relationships among the constructs. Thus, the explanatory
research approach is utilized for this study.
5.3 Methodological Approach
A quantitative methodology has been selected as appropriate for the explanatory nature and the
positivist paradigm adopted by this study (Straub 1989; Straub, Gefen & Boudreau 2005).
Moreover, a quantitative approach provides statistical evidence from a large sample about
Straub 2011; MacKenzie, Podsakoff & Podsakoff 2011). Figure 6.1 represents the steps which
were followed for the development of the research instrument and scale validation. The first step
in the instrument development process was to identify the domains of the constructs. The
researcher must clarify the definition of the construct, indicating what is included and what is
excluded in that given domain (Churchill 1979; Moore & Benbasat 1991, MacKenzie, Podsakoff
& Podsakoff 2011). This stage was discussed previously in the development of the conceptual
model in Chapter 4.
The remaining steps will be explained in the following sections.
Chapter 6: Instrument Development
199
Figure 6.1: Overview of instrument development procedure (Source: MacKenzie, Podsakoff & Podsakoff 2011, p. 296)
6.2 Item Creation and Identification
The objective of the item creation stage is to ensure content validity of the measurement items
(Moore & Benbasat 1991; Gefen, Rigdon & Straub 2011). Items must fit the content domains of
the construct definitions to show content validity (Gefen, Rigdon & Straub 2011). Consequently,
the first stage should be a conceptual definition of each construct of interest and should include a
list of initial items that closely match the dimensions of these construct definitions (MacKenzie,
Podsakoff & Podsakoff 2011). The original and adopted construct definitions used in this study
were described previously in Chapter 4.
This study follows Moore and Benbasat‘s (1991) procedure for creation of the list of items with
the following steps:
Chapter 6: Instrument Development
200
(1) Examine the literature for existing scales.
(2) Analyse the reliability of all measurements.
(3) Analyse and categorize all items, verifying their applicability to the research.
(4) Add items for constructs where all dimensions were not covered.
(5) Revise items—clarity of wording, adapt to agreement scale.
(6) Re-evaluate items, revise wording, and eliminate redundant or ambiguous items.
Adopting items from existing, already validated scales is one way of realizing a low
measurement error when generating candidates for items (Churchill 1979). Therefore, the initial
items created were based on two domains of the IS/IT research literature. The first domain was in
previous studies on IS/IT adoption from which sets of items were identified that previous studies
had shown to obtain the highest levels of validity and reliability. The second domain was in the
identity management literature which was searched in order to derive items from relevant
concept definitions in the IdMS domain. The next sub-section illustrates the construct
operationalization and initial item creation.
6.2.1 Construct Operationalization
Construct operationalization refers to the selection of a set of measurements (also called items or
indicators) that represents a theoretical construct in the best possible way (Swanborn 1987). It is
possible to adopt measures that have already been developed in previous studies or to develop
new measures from scratch (Churchill 1979; Neuman 2003). Hence, we adopted most of the
measures from the well-established literature with minor modifications to fit the context of this
study and designed some new items especially for this study. It is worth noting that, for these
items, it is the first time that they have been measured in the context of IdMS. Therefore, they
have been tested for reliability and validity in this study as is described in more detail in Sections
6.6.3 and 7.3. Table 6.1 to Table 6.5 present and describe the initial items created for this study
and their source.
Chapter 6: Instrument Development
201
How many items or indicators there should be for each latent construct is still an open debate in
the literature (Gefen, Rigdon & Straub 2011). Davis (1989) and Moore and Benbasat (1991)
suggested that at least 10 items per construct are needed to realize reliability levels of at least
0.80. Gefen, Rigdon & Straub (2011) implied that three indicators loading totally on one
common factor would statistically identify the individual factor measurement models. They also
argue that including multiple associated constructs within a single confirmatory factor model will
allow a model to achieve identification with fewer observed measures per construct (Gefen,
Rigdon & Straub 2011). However; Hinkin (1998) argued that there is no fixed rule guiding how
many items each construct should have. Regardless of the actual number of items in each
construct, it is very important to guarantee that the domain of each construct is sufficiently
sampled (Straub, Boudreau & Gefen 2004). Initially, the total number of items for each construct
ranged from two to 11 items per construct (see Tables 6.1 to 6.5).
Chapter 6: Instrument Development
202
Table 6.1: Initial items for first-order constructs Construct Item
Code Item Source
Intention To Use (INTU)
INTU1 INTU2 INTU3
I will definitely consider using IdMS. I predict I would use IdMS to manage my online identity. I am willing to use IdMS in the future.
(Davis 1989; Venkatesh et al. 2003)
Intention To Disclose Identity Information (INTD)
INTD1 INTD2× INTD3× INTD4® INTD5®
I would not hesitate to provide my identity information to an online service provider. It is important to me to protect my online identity. I am concerned with the consequences of sharing my identity information. I am likely to share my identity information online in the future. I believe my identity information is well-protected online.
(Bansal, Zahedi & Gefen 2010; Belanger & Carter 2008; Fogel & Nehmad 2009; Malhotra, Kim & Agarwal 2004)
Perceived Usefulness (PU)
PU1 PU2 PU3 PU4× PU5®
If I were to adopt an IdMS, it would enable me to improve the ability of managing my online identity in online transactions. If I were to adopt an IdMS, it would enhance my efficiency managing my online identity. If I were to adopt an IdMS, the effect of managing and controlling my online identity would improve. If I were to adopt an IdMS, it would make managing of my online identity easier. Overall, it will be useful using an IdMS.
(Davis 1989; Yu et al. 2005)
Perceived Ease of Use (PEOU)
PEOU1 PEOU2 PEOU3 PEOU4 PEOU5×
Learning how to use IdMS would be easy for me. I will find using an IdMS easy for me. It will be easy to manage and control my online identity using an IdMS. I will be skilful in using an IdMS. Overall, it will be easy to use an IdMS.
(Davis 1989 )
Perceived Risk (RISK)
RISK1 RISK2 RISK3 RISK4
Using an IdMS to manage and control my online identity would be risky. Using an IdMS subjects my online identity to potential fraud. Using an IdMS would add great uncertainty to my online transactions. Using an IdMS exposes me to an overall risk.
(Featherman & Pavlou 2003; Dinev & Hart 2006)
Cost (COST) COST1 COST2 COST3
I think the implementation cost of using an IdMS is high. I think the access cost of using an IdMS is high. I think the transaction fee for using an IdMS is high.
(Wu & Wang 2005; Chong , Chan & Ooi 2012)
Chapter 6: Instrument Development
203
Facilitating Conditions (FC)
FC1 FC2 FC3 FC4
I can easily access the Internet. I am confident about using the Internet. I have the resources necessary to use an IdMS. I have the knowledge necessary to use an IdMS.
(Venkatesh et al. 2003; Cho 2006)
Task Characteristics (TASK)
TASK1* TASK2* TASK3* TASK4* TASK5*
By using IdMS, I can create my online identity. By using IdMS, I can update my online identity. By using IdMS, I can delete my online identity. By using IdMS, I can control my online identity. By using IdMS, I have complete choice over what a particular online identity I release to a particular online service provider.
By using an IdMS, I would avoid going to an agency (such as bank) to update my identity information. By using an IdMS, I would control and manage my online identity anytime and anywhere. By using an IdMS, I can identify myself online. By using an IdMS, getting authorization to access my online identity would be easy. By using an IdMS, getting authentication to access my online identity would be easy. By using an IdMS, I would gain access to multiple resources. By using an IdMS, I would register and enrol myself to multiple service providers By using an IdMS, I would disclose the least amount and type of identity information. IdMS would enable my online identity to be used within systems based on different technologies. I can use IdMS in different operating systems with multiple Internet browsers. IdMS would provide me a consistent user experience for the management of identity information.
(D'Ambra & Wilson 2004a) (Goodhue & Thompson 1995)
Note*: New items created for this study Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1and Appendix 6.2); therefore, they were not included in the analysis. Note®: Items INTD4, INTD5, PU5 were reverse coded during data analysis. INTD4 reversed to INTD2; INTD5 to IND3; PU5 to PU4.
Chapter 6: Instrument Development
204
Table 6.2: Initial items for third-order trusting beliefs
Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1 and Appendix 6.2); therefore, they were not included in the analysis.
Third-order construct
Second-order construct
First-order construct
Item Code
Item Source T
rust
ing
Bel
iefs
(T
B)
Tru
st in
IdM
S A
rtef
act (
TIA
) Benevolence (TAB)
TAB1 TAB2 TAB3
I believe that an IdMS would act in my best interest. If I required help, an IdMS would do its best to help me. An IdMS would be interested in my well-being, not just its own.
(McKnight et al. 2002; Li et al. 2008)
Competence (TAC)
TAC1 TAC2 TAC3 TAC4
An IdMS would be competent and effective in managing my online identity. An IdMS would perform its role of managing my online identity very well. Overall, an IdMS would be a capable and proficient Internet online identity provider. In general, an IdMS would be very knowledgeable about online identities.
(McKnight et al. 2002; Li et al. 2008)
Integrity (TAI)
TAI1 TAI2 TAI3 TAI4×
An IdMS would be truthful in its dealings with me. I would characterize an IdMS as honest. An IdMS would keep its commitments. An IdMS would be sincere and genuine.
(McKnight et al. 2002; Li et al. 2008)
Tru
st in
IdM
S P
rovi
ders
(T
IP)
Benevolence (TPB)
TPB1 TPB2 TPB3
I believe that IdMS providers act in my best interest. If I required help, IdMS providers would do their best to help me. IdMS providers are in my well-being, not just their own.
(McKnight et al. 2002; Li et al. 2008)
Competence (TPC)
TPC1 TPC2 TPC3 TPC4
IdMS providers are competent and effective in managing my online identity. IdMS providers would perform its role of managing my online identity very well. Overall, IdMS providers are to be a capable and proficient Internet online identity provider. In general, IdMS providers are very knowledgeable about online identities.
(McKnight et al. 2002; Li et al. 2008)
Integrity (TPI)
TPI1 TPI2 TPI3 TPI4×
IdMS providers are truthful in their dealings with me. I would characterize IdMS providers as honest. IdMS providers keep their commitments. IdMS providers are e sincere and genuine.
(McKnight et al. 2002; Li et al. 2008)
Chapter 6: Instrument Development
205
Table 6.3: Initial items for third-order trust in the Internet Third-order construct
Second-order construct
First-order construct
Item Code
Item Source
Inst
itutio
nal–
base
d tr
ust :
Tru
st in
the
Inte
rnet
(T
I)
Situ
atio
nal N
orm
ality
(T
SN
)
Benevolence (TSNB)
TSNC 1 TSNC 2 TSNC 3
I feel that most Internet providers would act in a customer’s best interest. If a customer required help, most Internet providers would do their best to help. Most Internet providers are interested in customer well-being, not just their own wellbeing.
(McKnight et al. 2002)
Competence (TSNC)
TSNC 1 TSNC 2 TSNC 3
In general, most Internet providers are competent at serving their customers. Most Internet providers do a capable job at meeting customer needs. I feel that most Internet providers are good at what they do.
(McKnight et al. 2002)
Integrity (TSNI)
TSNI 1 TSNI 2 TSNI 3
I am comfortable relying on Internet providers to meet their obligations. I feel fine doing different transactions including business on the Internet since Internet providers generally fulfil their agreements. I always feel confident that I can rely on Internet providers to do their part when I interact with them.
(McKnight et al. 2002)
Structural Assurance (TSA)
TSA1 TSA2 TSA3 TSA4
The Internet has enough safeguards to make me feel comfortable using it to perform different transactions. I feel assured that legal and technological structures adequately protect me from problems on the Internet. I feel confident that encryption and other technological advances on the Internet make it safe for me to do transactions there. In general, the Internet is now a robust and safe environment in which to perform online transactions.
(McKnight et al. 2002)
Chapter 6: Instrument Development
206
Table 6.4: Initial items for second-order privacy concerns Second-order construct
First-order construct
Item Code Item Source
Pri
vacy
Con
cern
s Awareness (PAWN)
PAWN1× PAWN2® PAWN3® PAWN4®
IdMS providers should disclose the way the data are collected, processed, and used. It is very important to me that Iam aware and knowledgeable about how my identity information will be used. IdMS providers should explain why they would collect identity information. IdMS providers should explain how they would use the information collected about me.
(Malhotra, Kim & Agarwal 2004; Liu et al. 2005)
Collection (PCOL)
PCOL1 PCOL2 PCOL3 PCOL4×
It bothers me when an online service provider asks me for identity information. When an online service provider asks me for identity information, I sometimes think twice before providing it. It bothers me to give my identity information to so many online service providers. I'm concerned that online service providers are collecting too much identity information about me.
(Smith, Milberg & Burke 1996)
Control (PCON)
PCON1 PCON2
Consumer online privacy is really a matter of consumers’ right to exercise control and autonomy over decisions about how their information is collected, used and shared. I believe that online privacy is invaded when control is lost or unwillingly reduced as a result of an online transaction.
(Malhotra, Kim & Agarwal 2004)
Choice (PCH)
PCH1 PCH2 PCH3×
IdMS providers should give me a clear choice before disclosing identity information about me to third parties. IdMS providers have a mechanism to review and change incorrect identity information. IdMS providers should give me a choice to alter and delete my online identity.
(Liu et al. 2005)
Unauthorized Secondary Usage (PSU)
PSU1 PSU2 PSU3
When people give identity information to IdMS providers, they should never use the information for any other reason. IdMS providers should never sell the identity information in their databases to other companies. IdMS providers should never share identity information with other companies unless it has been authorized by the individuals who provided the information.
(Smith, Milberg & Burke 1996)
Improper Access (PIA)
PIA1 PIA2
IdMS providers should devote more time and effort to preventing unauthorized access to identity information. IdMS should take more steps to make sure that unauthorized people cannot access identity information in their computers’ databases.
(Smith, Milberg & Burke 1996)
Error (PERR)
PERR1 PERR2 PERR3
IdMS providers should take more steps to make sure that the identity information in their files is accurate. IdMS providers should have better procedures to correct errors in identity information. IdMS providers should devote more time and effort to verifying the accuracy of the identity information in their databases.
(Smith, Milberg & Burke 1996)
Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1 and Appendix 6.2); therefore, they were not included in the analysis. Note®: Items PAWN2, 3 and 4 were reverse coded during data analysis. PAWN2 reversed to PAWN1; PAWN3 to PAWN2; PAWN4 to PAWN3.
Chapter 6: Instrument Development
207
Table 6.5: Initial questions related to usage, control and demographic variables
Note: Constructs marked with * were modified after the expert panel phase (see Section 6.3.1 and Appendix 6.2).
Following the detailed descriptions for all the initial measurement items as presented in
Tables 6.1 to 6.5, we briefly highlight their operationalization below.
Construct Question Options for answers
Internet Experience
How long have you been using the Internet? o less than 1 year o between 1 and 3 years o between 4 and 7 years o between 8 and 10 years o 10 years or more
Internet and Web Services Usage Frequency
Approximately, how many hours per week you use each of the following online services and applications:
• Internet • Facebook • LinkedIn • Online Shopping • Internet Banking
o Do not use o <1 h o 1-4 h o 4-10 h o 10 -30 h o 30-60 h o < 60 h
Information Disclosure*
I often disclose my personal information and access my online data for:
O Non-financial transactions O Financial transactions
IdMS Knowledge* How would you rate your knowledge of identity management systems?
o know nothing o little knowledgeable o somewhat knowledgeable o knowledgeable o very knowledgeable
Prior use of IdMS *
Have you used any identity management system service or technology (e.g. single sign- on system)?
O Yes O No
Subjective Norms* Do you know anyone who is using an identity management system? If Yes , What percentage of the people you know are using an identity management system?
O Yes O No ____ %
Demographic Variables
Age : Gender : Education:
O 18-30 O 31 -40 O 41-50 O 51-60 O >60 O Female O Male O High school O Certificate or Diploma O Bachelor’s Degree O Master’s Degree or higher.
Chapter 6: Instrument Development
208
Consistent with our earlier conceptualization, the intention to use (INTU) was measured by the
extent to which a user had the predilection, willingness and gave consideration to using an IdMS
in the future (Davis 1989; Venkatesh et al. 2003). We measured the intention to disclose identity
information (INTDU) by the extent to which a user intended to engage their future intentions in
three specific risky behaviours—provide the online provider identity information (one item),
share identity information online (two items), and the protection of identity information (two
items) (Malhotra, Kim & Agarwal 2004; Belanger & Carter 2008; Fogel & Nehmad 2009).
Perceived usefulness (PU) was measured by five items that indicated the extent to which a user
believed that using a particular IdMS would enhance the control and management of his/her
online identities across the Web (Davis 1989). Perceived ease of use (PEOU) was also measured
by five items that specified the extent to which a user believed that using a particular IdMS to
manage his/her online identities would be free from effort (Davis 1989). We specified four
reflective indicators to measure perceived risk (RISK): the likelihood of identity theft (one item),
four pretesting techniques including cognitive interview, behaviour coding, conventional
interview (telephone interview) and expert review. They found that expert panels identified the
largest number of different problem types and was the least expensive method: the expert panels
and cognitive interview were the only techniques to identify a number of problems that would
affect data analysis.
Chapter 6: Instrument Development
212
Panel experts independently conduct an expert review on an assigned questionnaire determining
whether each item was problematic. Firstly, we determined the composition of the expert panel.
Expert panels are usually a small group of people (3-8) that includes subject matter experts and
professionals experienced in survey design, data collection and data analysis (Czaja & Blair
1996; Ramirez 2002). Therefore, the panel members were selected based on their individual
expertise in IdMS, questionnaire design and survey deployment. The expert panel was composed
of two identity and access management specialists who were an identity fraud consultant and an
IdMS architect, one Web service designer and developer, one e-research analyst and three IS
professors. We then asked each expert if she/her can help us in this phase. Each expert received
via email a file containing a copy of the research instrument and a questionnaire review form.
(For the initial draft questionnaire and review form from this phase, see Appendix 6.1). The draft
questionnaire and review form were designed so that each item had a ’problem indicator box’
which the panel member marked if he/she perceived a potential problem. Space was provided at
each question for notes about suspected problems and for giving feedback and suggestions. This
procedure was suggested by Ramirez (2002) as the vehicle for prompting commentary of the
reviewer, either written or spoken.
According to MacKenzie, Podsakoff and Podsakoff (2011, p. 304), two related judgments must
be made when assessing content validity: (1) is the individual item representative of an aspect of
the content domain of the construct? (2) are the items as a set collectively representative of the
entire content domain of the construct? Therefore, the panel members were asked to judge these
two issues. They were also asked to complete the questionnaire, comment on matters such as
wording, clarity and logical order, and suggest improvements (Straub 1989). Each expert was
asked to complete the form and to email it to the researcher. Feedback was received on average
five days after sending the review form.
Consistent with the panel’s feedback, several changes were made to the questionnaire (see
Appendix 6.2). In general, the expert panel was a useful and valuable phase in the development
of the questionnaire. The insightful and rich suggestions provided by the panel allowed the
Chapter 6: Instrument Development
213
researcher to further develop the content validity of the constructs as well as to fine tune some of
the items.
6.3.2 Questionnaire Design
The data collection process in this study was conducted using Web-based surveys (as discussed
in Chapter 5, Section 5.4.2). Thus, once the scale items were revised and pretested, the next stage
was the instrument design and the online questionnaire evaluation (Presser et al. 2004). Web
questionnaires should focus on their visual aspects and the survey should be designed in such a
way as to reduce the non-response rate (Crawford, Couper & Lamias 2001; Presser et al. 2004;
Hair et al. 2010; VanGelder, Bretveld & Roeleveld 2010). Some factors such as targeted
respondents’ interest, time constraints, questionnaire complexity, as well as lack of visual appeal
should be considered as they have an impact on response rates to surveys (Crawford, Couper &
Lamias 2001; Goeritz 2006). Questionnaire length does not influence the amount of missing data
or response rates (Rothman et al. 2009; VanGelder, Bretveld & Roeleveld 2010). In that regard,
the survey response procedure was organized and streamlined as much as possible in order to
potentially increase participation in the survey. Thorough attention was paid to the survey design,
layout, flow and wording as well as to offering a small incentive (Presser et al. 2004; Goeritz
2006; VanGelder, Bretveld & Roeleveld 2010). The survey questionnaire was organized as
follows (for the final questionnaire design used in this study, see Appendix 6.3):
A) Pre-survey 1. Consent
B) Survey Questionnaire 1. Introduction 2. Part 1: Questions related to Usage and Experience 3. Part 2: Questions related to Behavioural Intentions 4. Part 3: Questions related to Technology Perceptions 5. Part 4: Questions related to Risk Perceptions 6. Part 5 :Questions elated to Trust 7. Part 6: Questions related to Privacy Concerns 8. Part 7:Questions related to Attitude towards IdMS 9. Part 8:Questions related to Facilitating Conditions, Cost and Subjective Norms 10. Part 9: Demographics
C) Post-survey
1. Thank you note 2. Link to receive a gift.
Chapter 6: Instrument Development
214
The pre-survey stage included the drafting of the Participant Information Statement and Consent
Form in accordance with the requirements of the Human Research Ethics Advisory (HREA)
Panel of the University of New South Wales. This section highlighted information regarding the
objective and focus of the study, participation criteria, confidentiality, voluntariness and
anonymity. In addition, it emphasized information regarding the incentives offered for taking
part in the survey which were a summary of the study findings and a $5 Amazon voucher.
The survey question sections contained introductions and questions related to the construct
variables developed in this study. The introduction was designed to emphasize the aim and focus
of research and to provide a clear definition, background and some examples of IdMS.
This was followed by questions related to usage and experience of online services and
applications as well as IdMS. Although most of these questions were not required for the analysis
of this study, they would further notify the researcher concerning key characteristics of the
sample and add insights into aspects related to IdMS usage thus enriching the interpretation of
the data. The questions in Part 1 related to behavioural intentions: intention to use and intention
to disclose identity information. The questions in Part 3 contained questions related to
technology perceptions and contained the items from PU and PEOU. Part 4 focused on the
perceived risk construct. Part 5 contained questions related to trust in IdMS providers, trust in the
IdMS artefact and trust in the Internet. Part 6 included items related to privacy concerns. Part 7
contained questions related to individuals’ attitude towards IdMS including the task and
technology characteristics of IdMS. Part 8 focused on questions related to situational variables
contained items from facilitating conditions, cost and subjective norms. Finally, Part 9 collected
demographic information (age, gender, education and country).
The post-survey section included a thank you note and provided a link so respondents could
provide an email address to receive a $5 Amazon gift voucher. Respondents had the option to
accept the inducement or not. Including the link in the thank you note ensured that only
Chapter 6: Instrument Development
215
individuals who had completed the survey were able to get the gift. Also, using a separate
database to store email addresses ensured the protection of respondents’ anonymity.
6.3.3 Survey Pre-tests
Pre-tests were conducted to evaluate whether the mechanics for collecting the questionnaire were
Petter, Straub & Rai 2007; MacKenzie, Podsakoff & Podsakoff 2011).
This study modelled all underlying constructs as reflective variables based on the literature, the
expert views as well as the decision criteria of MacKenzie, Podsakoff and Jarvis (2005), Petter,
Straub and Rai (2007), Freeze and Raschke (2007) and MacKenzie, Podsakoff and Podsakoff
(2011) which are discussed as follows. Firstly, the indicators are reflective if they are
interchangeable. This means that indicators have a common theme and the same content. It also
implies that dropping one of the items would not change the conceptual meaning of the construct
as measurements are manifestations of constructs. Secondly, the indicators are reflective if the
direction of causality is from constructs to items. This indicates that changes in the underlying
constructs cause changes in the items. Therefore, based on the logic of model specification and
Chapter 6: Instrument Development
218
nature of causality in the conceptual model, all underlying constructs in this study were carefully
specified as reflective variables, ensuring that each construct presented a common latent variable
with reflective items and showing that changes in a construct were reflected by changes in the
measurements (Freeze & Raschke 2007; Petter, Straub & Rai 2007). However, it is important to
note that one control construct (Web services’ usage) was modelled as a formative variable (see
Chapter 7, Section 7.6). Table 6.6 shows the measurement model specification.
Table 6.6: The measurement model specification Constructs Type References Third-Order Constructs Trusting Beliefs Reflective McKnight et al. (2002); Li et al. (2008)
Trust in the Internet Reflective McKnight et al. (2002); Li et al. (2008)
Second-Order Constructs Trust in IdMS providers Reflective McKnight et al. (2002); Li et al. (2008) Trust in IdMS artefact Reflective McKnight et al. (2002); Wang and Benbasat
(2005); Li et al. (2008) Privacy Concerns Reflective Smith, Milberg and Burke (1996); Malhotra, Kim
and Agarwal (2004); Junglas, Johnson and Spitzmuller (2008)
Unidimensional (First-Order) Constructs Intention to use Reflective Davis (1989 ) Venkatesh et al. (2003)
Intention to disclose identity information
Reflective Belanger and Carter (2008); Fogel and Nehmad (2009); Bansal, Zahedi and Gefen (2010)
Information disclosure Reflective Malhotra, Kim and Agarwal (2004); Metzger (2004); Xu et al. (2011)
Perceived usefulness Reflective Davis (1989); Davis Bagozzi and Warshaw (1989)
Perceived ease of use Reflective Davis (1989); Davis Bagozzi and Warshaw (1989)
Perceived risk Reflective Featherman and Pavlou (2003); Dinev and Hart (2006)
Benevolence, competence and integrity of IdMS providers
Reflective McKnight et al. (2002); Gefen, Karahanna and Straub (2003)
Benevolence, competence and integrity of IdMS artefact
Reflective McKnight et al. (2002); Gefen, Karahanna and Straub (2003); Wang and Benbasat (2005)
Awareness, collection, control, choice, secondary usage, improper access and error
Reflective Smith, Milberg and Burke (1996); Malhotra, Kim and Agarwal (2004); Liu et al. (2005)
Task characteristics; technology characteristics; fit
Reflective Goodhue and Thompson (1995); D'Ambra and Wilson (2004a); Strong, Dishaw and Bandy (2006)
Cost Reflective Wu and Wang (2005)
Facilitating conditions Reflective Venkatesh et al. (2003); Cho (2006)
Subjective norms Reflective Taylor and Todd (1995); Venkatesh and Davis (2000)
Prior SSO use Single Item N/A Internet usage frequency Single Item Castaneda, Munoz-Leivaa and Luquea (2007);
Kim (2008) Web service usage frequency Formative N/A
Age, gender and education Single item Venkatesh et al. (2003); Venkatesh, Thong and Xu (2012)
Chapter 6: Instrument Development
219
6.5 Pilot Study The next stage of the instrument development process was a "full-scale" pilot study (Moore &
The measurement quality of the reflective higher-order factors was tested following the
suggestions of Chin (1998b) and MacKenzie, Podsakoff and Podsakoff (2011). We assessed the
strength of the relationship between the third- and second-order constructs and their first-order
dimensions. All first-order dimensions and second-order factors were found to have significant
path coefficients. The result confirmed that the standardized loadings of the first-order latent
variables on the second-order constructs (trust in IdMS, trust in IdMS providers, situational
normality and privacy concerns) were either equal to or above 0.70 (Chin 1998a; MacKenzie,
Podsakoff & Podsakoff 2011) (see Table 6.10). Similarly, the loadings of the second-order
latent variables on the third-order trusting beliefs and trust in the Internet variables were equal
to or above 0.70 (Chin 1998b; MacKenzie, Podsakoff & Podsakoff 2011) (see Table 6.10). The
results also showed that all of these loadings were significant at p < 0.001. Furthermore,
Cronbach's alpha, CRs and AVEs of the second-order and third-order factors were greater than
0.80 and 0.50 respectively as shown in Table 6.10 (Fornell & Larcker 1981; Chin 1998a; Gefen,
Chapter 6: Instrument Development
229
Rigdon & Straub 2011). These results thus provided evidence of the reliability and the validity
of higher-order constructs in the pilot study phase.
Table 6.10: Results of confirmatory factor analysis and descriptive statistics of higher-order measurements (pilot study)
Construct Mean Std. Dev
AVE CR α No of items
Item Loadi-ng
Std. Err
t - value
Trusting Beliefs
5.489 .759 0.508
0.953
0.947
20 TIA TIP
0.960 0.964
0.007 0.006
144.907 156.437
Trust in Internet
5.401 .868 0.547
0.940
0.930
13 TSA TSN
0.916 0.976
0.013 0.004
73.241
225.763 Trust in IdMS Artefact (TIA)
5.527 .791 0.545
0.922
0.905
10 TAB TAC TAI
0.919 0.815 0.887
0.012 0.030 0.012
76.724 27.488 72.297
Trust in IdMS Providers (TIP)
5.451 .789 0.551
0.924
0.907
10 TPB TPC TAI
0.933 0.827 0.891
0.009 0.025 0.013
106.221 33.766 69.738
Situational Normality (TSN)
5.409 .869 0.552
0.916
0.895
9 TSNB TSNC TSNI
0.823 0.882 0.893
0.018 0.020 0.012
45.275 43.637 75.685
Privacy Concerns
5.713 .711 0.502
0.931
0.920
17 PAWAN PCH PCOL PCON PERR PIA PSU
0.828 0.765 0.651 0.650 0.836 0.847 0.815
0.022 0.030 0.044 0.060 0.022 0.019 0.022
38.66 25.345 14.889 10.824 37.669 44.434 37.259
6.6 Scale Refinement After individual discussions with three IS researchers, it was decided to add and modify a
couple of the items in order to better represent these new aspects (Hinkin 1998; MacKenzie,
Podsakoff & Podsakoff 2011). The new items received face validation from two academics and
later were subjected to the main study pre-test phase (MacKenzie, Podsakoff & Podsakoff
2011). Some responses suggested adding previous identity theft as an individual variable to
control some concerns such as risk and privacy. In that regard, one question was added
regarding previous experience of identity theft: “Have you been the victim of identity theft?”
Regarding the risk construct, one new item was added: RISK5”Using an IdMS increases the risk
of my online identity being stolen in the future” which aimed to measure the likelihood of
Chapter 6: Instrument Development
230
identity theft in the future and to improve risk reliability. Two items regarding the structural
assurance construct were modified: SA3”I feel confident that encryption and other technological
advances on the Internet make it safe for me to do transactions there” was changed to “I feel
confident that encryption and other technological advances on the Internet make it safe for me
to use an IdMS”. In addition, SA4: ”In general, the Internet is now a robust and safe
environment in which to perform online transactions” was modified to “I feel confident that
encryption and other technological advances on the Internet make it safe for me to use an
IdMS.” The purpose of this change was to make the question suitable for the context’s setting.
6.7 Summary This chapter has outlined the procedure undertaken to develop the research instrument.
Section 6.2 explained the development of the initial pool of items used in this research.
Section 6.3 illustrated the initial measurement refining procedures with the expert panel and
described the survey design and pre-test phase. This was followed by Section 6.4 that discussed
the measurement model specifications (the use of reflective or formative modelling). Section 6.5
presented the pilot study and refinement of the items via confirmatory factor analyses. Finally,
Section 6.6 presented the revised scales and research model.
The measurement refinement process provided some insight regarding the research model and
reduced the number of underlying constructs items used in the questionnaire from 103 to 87 (by
approximately 15%). Overall, the measurement model for the pilot study was considered
satisfactory with the evidence of adequate reliability (α and CR > 0.70) and convergent validity
(AVE > 0.50 and significant loadings > 0.70, p < 0.001) for all the constructs (see Tables 6.8
and 6.10) and discriminant validity ( AVE > correlations) for the first-order constructs (see
Table 6.9). As a result, all constructs were confirmed to be satisfactory and were used for the
main study to assess the model parameters and to test the research hypotheses in the next
chapter.
Chapter 7: Data Analysis and Results (Main Study)
7.1 Introduction
Once the pilot study was concluded and the research instrument was fully developed, the next
stage was to test the theoretical model using a large sample survey. Consequently, the purpose of
this chapter is to explain the results of the main study, as well as to test the research model and
related hypotheses. Firstly, the details enclosing the main survey are described. This is followed
by in-depth data analyses of the findings and the assessment of the research model.
7.2 Sampling Procedure As discussed in Chapter 5, the target population of interest in this study encompassed people
using social networking, specifically Facebook and LinkedIn users, and the data collection
method used was a Web-based survey questionnaire. The main study applied the same ethics
application as was used in the pilot study, approved by the Human Research Ethics Advisory
(HREA) Panel of the Australian School of Business, The University of New South Wales (See
Appendix 6.4). The aim of this stage was to gather more responses than those yielded from the
pilot study (>150). As discussed in Chapter 5 (Section 5.5.5) and applied in the pilot study, the
survey link was advertised in a banner through Facebook and LinkedIn sites using Facebook Adv
and LinkedIn Adv. The advertisements ran for four weeks in 2012 from August 17 to September
14. The advertisements were targeted at people who were over 18 years age and located in
Australia, USA, UK, Canada and India as explained previously in Sections 5.5.5 and 5.5.2.3.
Thus, only Facebook and LinkedIn users who fulfilled our criteria were able to gain access to the
survey and participate in the study. In addition, respondents were offered a $5 Amazon gift as
incentive (see Section 5.5.4).
In total, 840 people clicked on the advertisement and were directed to the survey website. It was
interesting to note that of these 840 individuals, 296 (35%) stopped at the introduction part and
Chapter 7: Data Analysis and Results
232
did not access the questionnaire. The initial analysis of the data set found that 544 (65% of the
individuals directed to the survey website) did not complete the questionnaire and exited the
survey at some point prior to completion. Among 361 completed responses, 29 surveys were
excluded. Nine responses were ruled out due to the fact, as was discussed in Chapter 5 (Section
5.5.2.2), that participants did not have knowledge about IdMS. A total of 20 data sets were
removed because they were invalid, either having the same answer to most questions or having
completed the survey in less than the average time (10 minutes). Therefore, 332 usable data sets
(39.5% of total clicks on the survey; 61% of questionnaires accessed) were used for further
analysis. The response rate exceeds the minimum threshold level (> 60%) for a Web survey
(Cook, Heath & Thompson 2000; Gosling et al. 2004). The sample size yielded was considered
adequate as it fulfilled the criteria for conducting confirmatory factor analysis using PLS as
previously discussed in Section 5.5.3 (Chin 1998a; Marcoulides, Chin & Saunders 2009; Hair et
al. 2012). Further considerations about the sample are presented in the next sub-section.
7.2.1 Profile of Respondents
Tables 7.1 and 7.2 show the demographics of the subjects and sample characteristics. The
subjects were mostly comprised of males (69.3%). An explanation of this disproportionate
number of females and males is because most of respondents are LinkedIn users (11.1% are not
LinkedIn users). LinkedIn has more male users than female users comparing with other social
networking sites, such as Facebook, that have significantly more female users than male users
(Hampton et al. 2011; Duggan & Brenner 2013). Our result is consistent with a survey conducted
by the Pew Research Center’s Internet and American Life Project that found that twice as many
men (63%) as women use LinkedIn (Hampton et al. 2011).
The ages ranged from 18-40 (85.2%) and 14.7% were older than 40 years. The sample was
relatively highly educated (87% had a Bachelor’s Degree or higher). These findings are in line
with recent survey reports that show that most social networking users are under 40 years of age
and well-educated (Hampton et al. 2011; Pring 2012a; Duggan & Brenner 2013). Most of the
subjects were from Australia and the United States, which represented 34.9% and 37% of
Chapter 7: Data Analysis and Results
233
participants respectively. The demographics analysis showed that 18.1% of the respondents had
been a victim of identity theft. This result corresponds to a previous report which argued that
English-speaking countries have the most identity fraud victims (Business Wire 2008; Finklea
2012).
Table 7.1: Demographics of Respondents Category Frequency Percent
Gender
Male 230 69.3
Female 102 30.7
Age (years)
18 - 30 101 30.4
31 - 40 182 54.8
41 - 50 37 11.1
51 - 60 9 2.7
> 60 3 0.9
Education High school 4 1.2
Certificate or Diploma 38 11.4
Bachelor’s Degree 214 64.5
Master’s Degree or higher 76 22.9 Country Australia 116 34.9
USA 123 37
UK 28 8.4
Canada 21 6.3
India 44 13.3
Of the total number of respondents, 15.7% did not use Facebook, whereas 11.1% did not have a
LinkedIn account. The majority of the respondents were highly active Internet users, as 84.4%
spent more than 10 hours online every week. It was also interesting to observe that only 3.3% of
the respondents did not use online shopping and 1.8% were not users of Internet banking. Our
findings indicated that social networkers, particularly Facebook and LinkedIn users, were active
online users and relatively intensive e-commerce users. These results are consistent with
previous research that reported that social networkers are the largest users of Internet services
(Nielson 2011; Pring 2012a, 2012b). Thus, the sample was appropriate for our study.
With respect to past online personal information disclosure, 4.5% of the sample indicated that
they had never provided identity information on the Web for non-financial transactions and 6.6%
Chapter 7: Data Analysis and Results
234
indicated a similar abstention from Web-based financial transactions. Respondents often
provided their personal information more than once a week for both financial (79, 23.8%) and
non-financial transactions (119, 35.8%).
Of the respondents, 217 (65.3%) indicated that they had used a type of IdMS particularly SSO
solutions (accessing a site by using their existing account from an online service provider). This
finding is consistent with a previous research study conducted by Blue Research
(http://www.blue-research.com/) , a market and management research firm used by technology
companies like Microsoft and Intel, which found that the majority of Web users (66%) saw SSO
as an alternative and attractive solution for accessing a website, and preferred to be offered this
service by websites, compared with 34% who preferred traditional sign-in methods (e.g.
passwords) (Olsen 2011).
Table 7.2: Sample Characteristics
Category Frequency Percent
Category Frequency Percent
Internet Usage Online Shopping Usage < 1 h 1 0.3 Do not use 11 3.3 1 - 4 h 10 3.0 Once a week 47 14.2 4 - 10 h 41 12.3 Twice a week 35 10.5 10 - 30 h 146 44.0 Three times a week 84 25.3 30 - 60 h 90 27.1 More than three times 91 27.4 > 60 h 44 13.3 Once a day 30 9.0
Facebook Usage More than once a day 34 10.2
Do not use 52 15.7 Internet Banking Usage
< 1 h 47 14.2 Do not use 6 1.8
1 - 4 h 47 14.2 Once a week 26 7.8
4 - 10 h 118 35.5 Twice a week 68 20.5
10 - 30 h 43 13.0 Three times a week 106 31.9
30 - 60 h 23 6.9 More than three times 66 19.9
> 60 h 2 0.5 Once a day 25 7.5
LinkedIn Usage More than once a day 35 10.5
Do not use 37 11.1 Prior Use of SSO
< 1 h 97 29.2 Yes 217 65.3
1 - 4 h 84 25.3 No 115 34.7
4 - 10 h 68 20.5 Identity Theft Victim
10 - 30 h 35 10.5 Yes 60 18.1
30 - 60 h 11 3.4 No 272 81.9
> 60 h 0 0
Chapter 7: Data Analysis and Results
235
Among the SSO solutions and IdMS technologies listed on the survey, Windows Live ID (92%)
and Google ID (88%) were the most known applications by this sample. These front-runners
were followed by Web single sign-on (75%), PayPal Access (69%) and Facebook Connect
(62%). Information Cards technology (28%) was the least well-known application. Table 7.3
presents the awareness of respondents regarding IdMS services and technologies.
Table 7.3: Knowledge of sample about IdMS applications
Application Knowledge
Microsoft Passport(Windows Live ID) 92%
Facebook Connect 62%
OpenID 45%
Card Space(Information Cards) 28%
Web single sign -on 75%
Password-management tools and software 46%
Google ID 88%
PayPal Access 69%
Cloud identity management software 32%
Others 1%
None of the above 2%
7.2.2 Verifying data characteristics
During the data collection procedure, the survey system was designed to verify whether the data
sets were complete, and alerted respondents to errors if any questions were left unanswered
(Gosling et al. 2004). As a result, all 332 data sets were complete and there was no need to
perform a missing data analysis (Hair et al. 2010; Gefen, Rigdon & Straub 2011). Another issue
to be considered during data analysis is to test normal data distribution assumptions (Gefen,
Rigdon & Straub 2011). As we discussed previously in Chapter 5 (Section 5.9.2), due to this
study having used PLS, there was no need to examine the normality of the data sets (Chin 1998a;
Table 7.7: Results of the structural model and hypotheses testing Hypotheses Associations
Path Coefficient
Std. Error
t- value Supported
H1 Intention to disclose Intention to use 0.185* 0.073 2.522 Yes
H2b H2a
Perceived usefulness Intention to use Perceived usefulness Intention to disclose
0.312*** -0.043
0.067 0.056
4.691 0.765
Yes No
H3 Perceived ease of use Intention to disclose
0.205**
0.079
2.595
Yes
H4a H4b
Perceived risk Intention to use Perceived risk Intention to disclose
0.059 0.054
0.031 0.037
1.918 1.462
No No
H5a H5b H5c H5d H5e
Trusting beliefs Intention to use Trusting beliefs Intention to disclose Trusting beliefs Perceived usefulness Perceived ease of use Trusting beliefs Trusting beliefs Perceived risk
0.245* 0.228* 0.418*** 0.151*** -0.290*
0.110 0.098 0.091 0.044 0.129
2.219 2.322 4.588 3.464 2.248
Yes Yes Yes Yes Yes
H6a H6b H6c
Trust in Internet Intention to use Trust in Internet Intention to disclose Trust in Internet Trusting beliefs
-0.026 0.417*** 0.683***
0.054 0.098 0.072
0.470 4.249 9.440
No Yes Yes
H7 Information disclosure Intention to
disclose 0.236*** 0.054 4.347 Yes
H8a H8b H8c H8d
Privacy concerns Intention to disclose Privacy concerns Information disclosure Privacy concerns Perceived risk Privacy concerns Trusting beliefs
-0.223** -0.109* -0.012 0.139
0.086 0.051
0.049 0.072
2.607 2.106
0.239 1.918
Yes Yes
No No
H9a H9b H9c H9d
Fit Intention to use Fit Perceived ease of use Fit Perceived usefulness Fit Privacy concerns
0.279* 0.683*** 0.424*** 0.766***
0.109 0.029 0.085 0.043
2.552 23.434 5.015 17.783
Yes Yes Yes Yes
H10a H10b H10c
Cost Intention to use Facilitating conditions Intention to use Subjective norms Intention to use
-0.104* -0.016 0.008
0.049 0.033 0.023
1.971 0.4821 0.3644
Yes No No
Note: *p < 0.05; **p < 0.01; ***p < 0.001.
7.4.2 Moderate Effect
The study assumed that some predicted relationships in the research model would be different for
SSO experience and SSO inexperience. Hypotheses related to the moderating effects of previous
use of SSO were tested with the multi-group analysis suggested by Chin (1998b, 2010) and
Henseler and Fassott (2010). The sample was divided into SSO users and SSO non-users, and the
whole model was re-estimated for both sub-groups. The multi-group analysis was carried out by
Chapter 7: Data Analysis and Results
250
testing the effects of the previous SSO experience with the PLS-generated path coefficients and
their standard errors. The results of these tests are shown in Table 7.8.
The results demonstrate a difference between SSO users and non-users. The positive influence of
intention to disclose identity information on intention to use was significant for SSO non-users
(β = 0.306; p < 0.001), but not significant for users. This supports H11a, which predicted the
positive relationship between the behavioural intention to disclose identity information and
intention to use an IdMS was stronger among SSO non-users than users. In support of H11b, the
positive relationship between perceived usefulness and intention to use were stronger among
SSO non-users (β = 0.34; p < 0.001) than users (β = 0. 19; p < 0.1). The positive relationship
between trusting beliefs and intention to use was also significant and stronger for the SSO non-
users (β = 0.251; p < 0.1). H11d, on the negative relationship between privacy concerns and
intention to disclose identity information (β = 0.189; p < 0.1), and H11e, on the negative
association between cost and intention to use (β = -0.174; p < 0.001), were all shown to be
significant and stronger than for the SSO non-users.
Table 7.8: Results of moderating hypotheses Hypo-theses
Associations (SSO non-users > SSO users)
SSO non-users M = 115
SSO users N = 217
Supported
β Std. Error
β Std. Error
H11a Intention to disclose Intention to use
0.306*** 0.074 0.052 n.s. 0.044 Yes
H11b Perceived usefulness Intention to use
0.340*** 0.062 0.190* 0.079 Yes
H11c Trusting beliefs Intention to use
0.251* 0.099 0.143n.s. 0.091 Yes
H11d Privacy concerns Intention to disclose
0.189* 0.077 -0.14n.s. 0.095 Yes
H11e Cost Intention to use -0.174*** 0.036 -0.030n.s. 0.035 Yes
Age and gender were not found to have significant effects. Although the influence of gender on
perceived ease of use was significant (β = 0.065, p < 0.01) the path coefficient was below the
critical value of 0.1 (Lohmoller 1989; Chin 2010; Carlson & Wu 2012). Education alone was
positively related to perceived risk (β = 0.137, p < 0.01). Thus this study fails to accept H12a,
that is, that demographic factors (age, gender and education) have a direct effect on users’
perceptions of IdMS. The results also showed that internet experience had a large positive effect
on intention to use, perceived usefulness and perceived ease of use (p < 0.001). Thus, the study
partially accepted H12b, that is, Internet usage frequency has a significant impact on users’
perceptions of IdMS. Web services’ experience were positively correlated with intention to
disclose, information disclosure and perceived risk (p < 0.001), whereas it was negatively related
to perceived usefulness (p < 0.001). Thus, H12c, that is, Web services’ usage frequency has an
effect on users’ perceptions of IdMS, was partially supported. Finally, the effect of previous
experience of identity theft was only positively significant on perceived risk (β = 0.125,
p < 0.01). Therefore, the predicted hypothesis (H12d), that is, previous experience of identity
theft has an effect on users’ perceptions of IdMS, was not accepted. The implications of these
findings are discussed in Chapter 8.
7.7 Overall Findings of Hypotheses Testing Table 7.12 shows the overall finding of hypotheses testing in this study.
Chapter 7: Data Analysis and Results
255
Table 7.12: Overall results of hypotheses testing
Hypotheses Results
Mai
n E
ffec
ts
H1: Intention to disclose identity information has a positive effect on users’ intention to use IdMS. Supported H2a: Users’ perceived usefulness of IdMS has a positive effect on intention to use. Supported
H2b: Users’ perceived usefulness of IdMS has a positive effect on intention to disclose identity information. Not Supported
H3: Users’ perceived ease of use of IdMS has a positive effect on intention to disclose identity information. Supported
H4a: Perceived risk has a negative effect on intention to use IdMS. Not Supported
H4b: Perceived risk has a negative effect on intention to disclose identity information. Not Supported
H5a: Trusting beliefs have a positive effect on intention to use IdMS. Supported
H5b: Trusting beliefs have a positive effect on intention to disclose identity information. Supported
H5c: Trusting beliefs have a positive effect on users’ perceived usefulness. Supported
H5d: Users’ perceived ease of use of IdMS has a positive effect on their trusting beliefs. Supported
H5e: Trusting beliefs have a negative effect on perceived risk. Supported
H6a: Trust in the Internet has a positive effect on intention to use IdMS. Not Supported
H6b: Trust in the Internet has a positive effect on intention to disclose identity information. Supported
H6c: Trust in the Internet has a positive effect on trusting beliefs of IdMS. Supported
H7: Past identity information disclosure has a positive effect on users’ behavioural intention to disclose identity information. Supported
H8a: Privacy concerns have a negative effect on intention to disclose identity information. Supported
H8b: Privacy concerns have a negative effect on users’ past online information disclosure. Supported
H8c: Privacy concerns have a positive effect on perceived risk. Not Supported
H8d: Privacy concerns have a negative effect on trusting beliefs. Not Supported
H9a: The fit between IdMS task and technology characteristics has an effect on users’ behavioural intention to use. Supported
H9b: The fit between IdMS task and technology characteristics has a positive effect on users’ perceived ease of use. Supported
H9c: The fit between IdMS task and technology characteristics has a positive effect on users’ perceived usefulness. Supported
H9d: The fit between IdMS task and technology characteristics has a positive effect on users’ privacy concerns. Supported
H10a: Cost has a negative effect on behavioural intention to use IdMS. Supported
H10b: Facilitating conditions have a positive effect on behavioural intention to use IdMS. Not Supported
H10c: Subjective norms have a positive effect on behavioural intention to use IdMS. Not Supported
Chapter 7: Data Analysis and Results
256
Mod
erat
ing
Eff
ects
H11a: The positive relationship between behavioural intention to disclose identity information and intention to use an IdMS will be stronger among SSO non-users than users.
Supported
H11b: The positive relationship between perceived usefulness and behavioural intention to use an IdMS will be more significant for SSO non-users than users.
Supported
H11c: The positive relationship between trusting beliefs and behavioural intention to use an IdMS will be stronger among SSO non-users than users.
Supported
H11d: The negative relationship between privacy concerns and behavioural intention to disclose identity information will be stronger among SSO non-users than users.
Supported
H11e: The negative relationship between cost and behavioural intention to use an IdMS will be stronger among SSO non-users than users.
Supported
Eff
ects
of
Con
trol
V
aria
ble
s H12a: Demographic factors (age, gender, and education) have an effect on users’ perceptions of IdMS. Not Supported
H12b: Internet experience has an effect on users’ perceptions of IdMS. Partially Supported
H12c: Web services’ experience has an effect on users’ perceptions of IdMS. Partially Supported
H12d: Previous experience of identity theft has an effect on users’ perceptions of IdMS. Not Supported
Chapter 7: Data Analysis and Results
257
7.8 Summary This chapter presented the results of the main study and tested the research model and related
hypotheses. Section 7.2 described the data collection procedures including the sample profile
and a verification of the data set characteristics. This was followed by an assessment of the
measurement properties of the research model in Section 7.3. Section 7.4 presented the results
of the main and moderating hypotheses, and Section 7.5 provided an examination of the
structural model evaluation. Section 7.6 described the impact of control variables. The final
section, Section 7.7, provided a summary of the overall findings of the hypothesis testing.
Implications of the findings, conclusions and limitations of the research are discussed in the
next chapter.
Chapter 8: Discussion and Conclusions
8.1 Introduction This chapter presents the empirical findings of the current study, outlines the answers to the
research questions and discusses the research hypotheses. It highlights significant contributions
and implications of the study for both theory and practice. The chapter also discusses research
limitations and future research directions and ends with concluding remarks.
The chapter is organized as follows. Firstly, the chapter presents a review of the objectives and
research questions of this study (Section 8.2). This is followed by a discussion of the findings
which address the answers of the research questions (Section 8.3). Then it discusses the
contributions and implications of the study for both research and practice (Section 8.4). Next,
the chapter discusses the limitations of the current study and provides future directions for
further research (Section 8.5). Finally, Section 8.6 highlights concluding remarks for the study.
8.2 Research Objectives and Questions The main objective of this study was to provide a better understanding of the factors influencing
IdMS adoption by users. In doing so, it aimed to understand the relationship between IdMS and
technology adoption. Therefore, the initial research question that guides this study was: what
factors affect the adoption of identity management systems from the user’s perspective? In
order to answer this question, the following objectives were set in Chapter 1:
- To understand the state of IdMS research through an examination of the existing IdMS
literature;
- To identify the factors that may affect the adoption of IdMS;
- To develop and validate a user adoption model of IdMS;
- To investigate and understand the perceived drivers and barriers of users to adopt IdMS.
Chapter 8: Discussion and Conclusions
259
The first three objectives were successfully accomplished by the comprehensive literature
review on IdMS, user adoption of IS/IT, and Web-based services and technologies (presented in
Chapters 2 and 3). The literature review allowed the identification of theoretical concepts that
were fundamental for the development of the conceptual model for user adoption of IdMS
which was developed in Chapter 4. To achieve the set of objectives and answer the research
question, four research sub-questions were posed to guide the empirical phase of this study:
1) To what extent do the factors (perceived ease of use, usefulness, risk, trusting beliefs,
trust in the Internet, information disclosure, privacy concerns, cost, facilitating
conditions and subjective norms) affect users’ behavioural intentions to adopt IdMS?
2) How do users perceive these factors that affect IdMS adoption?
3) How does prior experience of IdMS (SSO) affect the adoption of IdMS?
4) Do individual differences have any effect on user adoption of IdMS?
In an effort to answer these questions, this study provided a theoretical framework to investigate
the salient antecedents of IdMS adoption which enable the study to efficiently answer the
research questions. Through the review of the research objectives and related research
questions, we can conclude that this study fulfilled its purpose and successfully developed and
validated a model of the factors that influence user adoption of IdMS. The findings of the study
are synthesized and its theoretical insights are discussed in the following sections.
8.3 Major Findings
Using empirical data, this study tested the conceptual model and proposed hypotheses .The
empirical results of the full sample and sample split led to several findings which are discussed
under four categories based on their efforts to answer the research questions in the following
sub- sections:
Chapter 8: Discussion and Conclusions
260
8.3.1 To What Extent Do the Factors Affect Users’ Behavioural
intentions to Adopt IdMS?
In regards to this question, the study found that the intention to use and intention to disclose
identity information, namely, behavioural intentions, were directly affected by some factors.
Firstly, the intention to disclose identity information, perceived usefulness, trusting beliefs, fit
and cost are significant factors for users’ behavioural intention to use IdMS.
The study confirmed that the intention to disclose identity information, perceived usefulness,
trusting beliefs and fit were significant determining factors for IdMS adoption. These variables
together explained 65% of the variance in the behavioural intention to use.
Secondly, perceived ease of use, trusting beliefs, trust in the Internet, privacy concerns and past
information disclosure are significant factors for users’ behavioural intention to disclose
identity information.
The study also found that perceived ease of use, trusting belief, trust in the Internet, privacy
concerns and past information disclosure had a significant effect on user intention to disclose
identity information on the Internet. These latent factors together explained 49% of the variance
in behavioural intention to disclose identity information.
The following paragraphs discuss the major findings derived from the results of the current
study regarding the role of the underlying factors towards behavioural intentions to adopt IdMS.
8.3.1.1 Intention to disclose identity information
The study revealed that disclosing identity information in the future plays an important role in
encouraging users to adopt IdMS. The behavioural intention to disclose identity information
was positively related to intention to use IdMS (β = 0.185) (H1). McKnight et al. (2002) found
low correlation between intention to disclose personal information and intention to purchase in
the e-commerce context, and suggested that this relationship be tested in other Web-based
contexts where sharing information more directly supported such IdMS. Our results support this
Chapter 8: Discussion and Conclusions
261
suggestion and found that the behavioural intention to disclose identity information had a
significant impact on the intention to use IdMS. Therefore, disclosing of identity information is
deemed critical when potential adopters evaluate the benefits of IdMS.
8.3.1.2 Perceived ease of use and perceived usefulness
The study found that perceived usefulness had a positive effect on the intention to use IdMS
(β = 0.312) (H2a).This finding implied that usefulness as perceived by users was still the core
determinant of adoption and lends further support to previous technology acceptance studies
that came to similar conclusions (e.g. Gefen, Karahanna & Straub 2003; Cho 2006; Lee 2009a;
Schilke & Wirtz 2012). In contrast, we found that perceived ease of use was significant and a
much stronger predictor of behavioural intention to disclose identity information than perceived
usefulness with standardized coefficients of 0.205 (H3) and -0.043 (H2b) respectively. This
implies that users may acknowledge the utility of an IdMS, but lack the motivation to use it if it
is not user friendly. Given that individuals often balance multiple roles and different technology
skills, they may not wish to spend the time needed to learn a new technology even if it is useful
(Behrend et al. 2010). With regard to IdMS specifically, it appears that users can acknowledge
the efficacy of IdMS in managing different online identities but may not use it if it requires
effort to learn to use. This finding is consistent with previous research which had shown a
stronger impact of ease of use compared to usefulness on the behavioural intention to use new
IT (e.g. Behrend et al. 2010; Lee 2009b). This study has confirmed that IdMS are more likely to
be adopted if they are easy to download, install and configure thus users do not need time to
learn how to use these systems (Dhamija & Dusseault 2008; Poetzsch et al. 2009). Our result
supports previous findings that showed that Internet users were very concerned about learning
how to use new Internet-based technologies (Featherman & Pavlou 2003; Lee 2009b). Thus, we
suggest that IdMS designers should focus on whether an IdMS tool is user-friendly.
Chapter 8: Discussion and Conclusions
262
8.3.1.3 Perceived risk
Perceived risk surprisingly was not found to have a significant negative association with the
intention to use (β = 0.059) (H4a). This result is similar to the finding reported by Chang
(2010). In addition, it was not related to the intention to disclose identity information (β =
0.054) (H4b). These results contradict previous studies that found perceived risk negatively
related to behavioural intentions (Malhotra, Kim & Agarwal 2004; Cho 2006; Luo et al. 2010).
Thus, the likelihood of identity theft and overall risk were not apparently influenced by the
perceived risk of using an IdMS. This finding possibly reflects subjects’ perceptions of the
limited scope of IdMS which do not typically provide financial transactions, where perceived
risk might intuitively be expected to be more significant (Landau, Gong & Wilton 2009;
Satchell et al. 2011). Another possible explanation is that, due to efficient data storage and
transfer capacities of Internet-based technologies and services, Internet users may believe that,
after they disclose identity information, the damage has already been done and thus they may
feel less inhibited about revealing that information online again (Metzger 2004). Thus, future
disclosure is not necessarily related to higher perceived risk in the Internet environment
(Metzger 2004; Norberg, Horne & David 2007). What this finding suggests is that risk
perceptions are not barriers that may reduce potential users' behavioural intention to adopt
IdMS. However, where IdMS services and technologies have been introduced, site developers
should pay particular attention to IT security and provide integrity evaluation to protect and
enhance their reputation.
8.3.1.4 Trusting beliefs
To confirm the appropriateness of employing trusting beliefs in new IT phenomena, this study
revealed that trusting beliefs, derived from two facets, is a salient antecedent to IdMS adoption.
The third-order trusting beliefs analysis indicated that the trusting beliefs factor had two
significant facets: trust in the IdMS artefact (β = 0.979) and trust in IdMS providers (β = 0.976).
This study showed that the second-order trust in the IdMS artefact was reflected by the
benevolence (β = 0.881), competence (β = 0.912) and integrity (β = 0.977) of the IdMS artefact
Chapter 8: Discussion and Conclusions
263
which explained 96% of the variance in trusting beliefs. It also showed that the second-order
trust in IdMS providers was reflected by the benevolence (β = 0.857), competence (β = 0.910)
and integrity (β = 0.866) of IdMS providers which explained 95% of the variance in trusting
beliefs. The significant loadings of the six trusting beliefs (competence, benevolence, and
integrity of the IdMS artefact and competence, benevolence, and integrity of IdMS providers)
indicate that all of them hold for trust in the IdMS. When interacting with IdMS, consumers
appear to treat the IdMS artefact and IdMS providers as “social actors” and perceive human
characteristics (e.g. benevolence and integrity) in the IdMS.
The results found that trusting beliefs have a high significant effect on the intention to use
(β = 0.245) (H5a) and the intention to disclose identity information (β = 0.228) (H5b). This
finding is consistent with prior studies in which trusting beliefs played a direct role in
technology adoption (Gefen, Karahanna & Straub 2003; Malhotra, Kim & Agarwal 2004; Cho
2006; Li et al. 2008; Hwang & Lee 2012). This study suggests that trusting beliefs stemming
from these important facets can significantly increase potential users' behavioural intention to
adopt IdMS. One possible explanation of this finding may be that most respondents’ experience
with the Internet was acquired through the use of simple information-based Web services and
technologies (McKnight et al. 2002; Li et al. 2008). Thus, respondents may have perceived that
the context with which they had had experience through interacting with Web services was the
same as the context in this study. Our results agree with previous studies (Wang & Benbasat
2005; Li et al. 2008) and suggest that when users have no prior interaction with a new system,
they will obtain information and use cognitive processes such as categorizing to make their trust
inferences based on reputation. Future research could examine the influence of dispositional
factors, such as personal trait, towards an IdMS provider and specific IdMS technology as trust
need to be defined in more specific terms than just general beliefs (McKnight et al. 2002).
Chapter 8: Discussion and Conclusions
264
8.3.1.5 Trust in the Internet
Institution-based trust, or trust in the Internet, is an essential element of IdMS adoption. In
aiming to provide a more accurate understanding of the Internet as the platform for IdMS, this
study developed a multi-dimensional higher-order trust construct. The third-order trust in the
Internet was reflected significantly by the second-order situational normality (β = 0.977) which
explained 95.5% variance, and first-order structural assurance (β = 0.907) which explained 82%
variance in the trust in the Internet factor. The results show that trust in the Internet had a high
impact on the intention to disclose identity information (β = 0.417) (H6b). However, it does not
have a direct impact on the intention to use (β = -0.026) (H6a) which contradicts a previous
study which has found this relationship to be significant (Belanger & Carter 2008). The possible
reason for the insignificant impact on the intention to use is that users may have relatively clear
knowledge about the soundness of the Internet as a platform and may have formed more
specific trust or risk beliefs through which different transactions can be made. Another possible
reason was that users do not need to adopt IdMS infrastructure themselves because this adoption
procedure is a task for the online providers who implement the IdMS (Poetzsch et al. 2009). The
significant impact of trust in the Internet on the intention to disclose identity information as
found in this study suggests that users believe that mechanisms are in place to ensure secure and
private data transmission over such an impersonal medium. Therefore, an effective strategy to
increase user awareness of the IdMS technologies implemented in the Internet would help to
increase user adoption of IdMS. Future studies should investigate how to influence consumers'
knowledge about IdMS on the Internet platform.
8.3.1.6 Information disclosure
This study shows that past information disclosure plays a very significant role in increasing
users’ behavioural intention to disclose identity information and to use an IdMS in the future.
The path coefficient of this positive relationship was 0.236, significant at alpha level of 0.001
(H7). The possible explanation for this finding could be that respondents in this study were
social networkers who were Internet-experienced (Boyd & Ellison 2008; Pring 2012a, 2012b).
Chapter 8: Discussion and Conclusions
265
Internet experience was found to be a factor in the decision to disclose personal information to
commercial websites (Metzger 2004). Our result supports previous findings that Internet users
with more experience are less concerned with privacy and are more willing to give identity
information online than less experienced users (Metzger 2004; Norberg, Horne & David 2007)
which differs from other studies that found that Internet experience was related to greater
mistrust and the wish to control personal information (Hoffman, Novak & Peralta 1999;
Jarvenpaa & Tractinsky 1999). Thus, this study could conclude that individuals who are
Internet-experienced and have a higher level of provision of sensitive information on the
Internet will continue to provide their identity information and participate in the early adoption
of IdMS services and technologies.
8.3.1.7 Privacy concerns
This study modelled privacy concerns as a second-order factor which was reflected by its first-
order dimensions, that is, awareness (β = 0.875); choice (β = 0.772); collection (β = 0.748);
control (β = 0.787); error (β = 0.823); improper access (β = 0.778); and unauthorized secondary
use (β = 0.851). Each of these dimensions of privacy concerns was significant (p < 0.001) and
of high magnitude, supporting our conceptualization of this factor as a second-order structure.
The privacy concerns factor negatively impacted on the willingness to disclose identity
information on the Internet. Our empirical results provided support for this hypothesis (β = -
0.223) (H8a), and were consistent with previous research that confirmed that Internet users with
more concerns with privacy were less willing to provide identity information online (e.g.
take into consideration enhancing the protection of user privacy as our findings revealed that
this feature plays an important role in increasing users’ intentions to adopt IdMS.
8.3.3 How Does Prior Experience of SSO Affect the Adoption of IdMS?
Ninth, the intention to disclose identity information, perceived usefulness, trusting beliefs,
privacy concerns and cost are significant determinations for IdMS adoption, but this is treated
very differently by SSO users and non-users. While these factors appear to be important drivers
for SSO non-users, users do not seem to regard them as significant.
In an effort to answer this question, the study examined and reported critical findings on the
moderating effects of prior IdMS use, that is, SSO experience on the research model. The result
of the sample split (presented earlier in Chapter 7, Section 7.4.2) shows a difference between
SSO users and non-users. While the proposed positive associations between the behaviour
intention to disclose identity information and the intention to use; perceived usefulness and the
Chapter 8: Discussion and Conclusions
273
intention to use; trusting beliefs and the intention to use; privacy concerns and the intention to
disclose; and the negative relationship between cost and the intention to use were more
significant for SSO non-users, such relationships were less or not at all significant for SSO
users. These findings can be explained by the notion of path dependency (Cohen & Levinthal
1990). Consistent with this theory, adopting IdMS is a process of having related experience with
similar or related technologies. Therefore, users who had experience with managing identities
using SSO tended to gain a deeper understanding of IdMS not only about its benefits but also its
inherent risks, exposing trusting beliefs and costs. Furthermore, consistent with the concept of
“switching” (Zhu et al. 2006), the existence of a previous IdMS (i.e. SSO) may bring more
incremental value for SSO users and thus make them more mindful of the risk of a new IdMS.
In contrast, users without any SSO use experience may be driven by the benefits and costs of
using IdMS and by concerns about falling behind on the technology curve, and thus might be
more willing to adopt IdMS as they may not pay sufficient attention to the risks.
The study provides some preliminary evidence to indicate that individuals with similar
technology experience (SSO users) are less likely to perceive the benefits, risk, trust and costs
regarding IdMS which may reduce their motivation to adopt IdMS. Our findings concur with
prior arguments in the technology adoption literature that, “competence with older technologies
may offer ‘traps’ which make it difficult to shift to new and potentially better technologies”
(Swanson 1994, p. 1082). Showing different migration patterns with prior technology path
dependence, the study provides support for path dependency in managing online identities’
migration, and suggests that the concept of path dependence in IdMS adoption is a complex and
interesting research topic warranting further investigation.
Chapter 8: Discussion and Conclusions
274
8.3.4 Do Individual Differences Have any Effect on User Adoption of
IdMS?
Finally, individual differences, specifically Internet and Web services’ experience, play an
important role in users’ perceptions towards IdMS adoption.
The empirical test of the model allowed us to answer this question by examining the impact of
control variables, that is, individual differences on the research model. This study tested the
effect of demographic variables (age, gender and education), Internet and Web services’
experience, and previous experience of identity theft on the endogenous constructs in the
research model.
The study confirms that demographic factors are not significant in IdMS adoption. Age and
gender were not associated with any endogenous variable in the model. Education was found to
have a small, positive effect on perceived risks, indicating that educated subjects reported more
risk perceptions with adopting IdMS. The possible interpretation for this significant correlation
was that our respondents were highly educated as 87% had a Bachelor’s degree qualification or
higher. Therefore, this study concurred and confirmed that the education level of the individuals
played a significant role in the risk perceptions inherited with adopting new technology
(Featherman & Pavlou 2003). However, the overall results, as expected, indicated that
demographic factors had no effect on users’ perceptions towards IdMS adoption. Our findings
conflict with previous empirical evidence that confirmed the role of demographic variables in
the technology adoption decision (Venkatesh et al. 2003; Venkatesh, Thong & Xu 2012) and
Web-based interaction (Zhou et al. 2011).
We also tested whether Internet and Web services’ experience had an effect on users’
perceptions of IdMS through their usage frequency of Internet and some Web services, that is,
Facebook, online shopping and Internet banking. The study predicted that both Internet and
Web services’ experience had an influence on users’ perceptions of IdMS (H12b, H12c). Our
Chapter 8: Discussion and Conclusions
275
findings (presented earlier in Chapter 7, Section 7.6) partially supported these two hypotheses.
The frequency of Internet usage was found to have a dominant and significant relationship with
intention to use, perceived usefulness and perceived ease of use. Frequency of Web services’
usage had a significant positive effect on the intention to disclose, information disclosure and
perceived risk, and had a negative impact on perceived usefulness. A potential explanation for
these significant relationships could be that, as our subjects were active Internet users, they were
more experienced in using the Internet and related services and, therefore, more capable of
capturing the benefits of IdMS and more aware of the risks inherent in the Internet environment.
This study confirms the previous research that found that the more experience obtained by users
on the Web, the less significant the functional barriers to online services and the greater the
perceptions over risk (Castaneda, Munoz-Leivaa & Luquea 2007). In addition, it concurs with
Metzger (2004) who found that Internet users with more experience were less concerned with
privacy and were more willing to provide information online than were less experienced users.
Overall, our results are consistent with the extant literature that emphasized the important role
of experience as an individual difference in the early stages of technology-based service
adoption (Venkatesh et al. 2003; Castaneda, Munoz-Leivaa & Luquea 2007; Kim 2008;
Venkatesh, Thong & Xu 2012). This study suggests that Internet users who are active on the
Web are more likely to provide their identity information and, consequently, they would be
more willing to adopt IdMS.
Finally, our results showed that previous identity theft experience was only found to be related
to risk perceptions. Therefore; the study did not confirm the expected hypothesis (H12d) which
predicted the effect of previous identity theft experience on users’ perception towards IdMS
adoption. The possible interpretation of the significant relationship between previous identity
theft experience and perceived risk could be due to the latter being measured by the likelihood
of identity theft indicators. Therefore, participants who were victims of identity theft may
consider that such an experience had already breached the security of the identity information
that they would consider might be stolen when using an IdMS. This finding supports the view
Chapter 8: Discussion and Conclusions
276
that many Internet users believe that they are vulnerable to identity theft and fraud while using
Web-based services (Lee 2009b). This finding also confirms the fact that identity theft is at the
top of the perceived risk in the minds of online users (Featherman & Pavlou 2003; Swartz
2009). As to the insignificance of previous identity theft experience in increasing users'
perceptions and concerns towards IdMS, one possible explanation could be respondents’
perception of the higher level of control inherent in the IdMS. Users tend to think of their
identities as being under their own control in their interaction with the IdMS provider: the
decision to initiate contact with a provider is voluntary, and identity information would be
disclosed only to complete the transaction requested (Maler & Reed 2008). Thus, even for
individuals who have been the victim of identity theft, they may not worry too much about their
privacy because of their higher levels of control over disclosing identity information. Our
results conflict with previous studies that found such an experience (previous privacy invasion
experience) had an influence on privacy concerns and on the behavioural intention to use Web-
based services (Li, Sarathy & Xu 2010; Xu et al. 2011). Accordingly, this study suggests that
previous identity theft experience has no impact on users’ behavioural intentions to adopt IdMS.
8.4 Contributions and Implications The current study has adopted one of the new frontiers of the IS/IT discipline: IdMS. This study
and its findings provide several contributions to the literature and implications for academics as
well as for practitioners.
8.4.1 Theoretical Contributions
From an academic perspective, this research contributes in several ways to the body of
knowledge of two emerging areas: IdMS and IS/IT adoption. This study adds theoretically to
the growing body of IS literature in general and to IS/IT and IdMS adoption research more
specifically.
Chapter 8: Discussion and Conclusions
277
8.4.1.1 Contributions to information system, technology adoption literature While the appearance of IdMS has attracted significant interest among researchers, its
theoretical development is still at an early stage. The development and evaluation of a
theoretical model for user adoption of IdMS extends the body of knowledge of technology
adoption theories that is one of the most mature and explored areas of IS, and of Web-based
services and technology acceptance research into the IdMS domain. In addition, it provides a
foundation for further research on user adoption of IdMS as the current study, as far as we are
aware, is the first attempt to empirically examine IdMS adoption from the user’s perspective.
This study contributes theoretically to both the TAM and TTF by extending the TAM/TTF
examining different antecedents of the IdMS artefact and providing an understanding of what
influences adoption in the contexts of IdMS use. Although TAM-based research has been
applied and used by a large number of studies, “TAM-based research has paid scant attention to
the antecedents of its belief constructs: most importantly, IT artefact design and evaluation”
(Benbasat & Barki 2007, p. 212). Furthermore, “it should be possible to predict future
technology use by applying the TAM at the time that a technology is introduced” (Turner et al.
2010, p. 464). Only being recently introduced, IdMS are in the early stage and researchers have
not examined whether usefulness and ease of use perceptions and external variable constructs
remain sufficient for explaining users’ behaviour towards using the IdMS artefact. In this study,
the TAM was extended to another behavioural intention variable, namely, the intention to
disclose identity information on the Internet which explained 49% of the variance. In addition,
external factors were added that were found to have influence on perceived ease of use,
perceived usefulness and behavioural intention to use. This suggests that our proposed model
supports the predictive validity and applicability of the TAM in Web-based technology such as
IdMS.
The extant TTF-based research has been focused on user adoption of IT in work settings (e.g.
Dishaw & Strong 1999, 2003; Gebauer, Shaw & Gribbins 2010; Yen et al. 2010) and rarely
Chapter 8: Discussion and Conclusions
278
considers the effect of the task–technology fit in non-work settings (Shang, Chen & Chen2007;
Chang 2010; Zhou, Lu & Wang 2010; Lee et al 2012). This study applies the TTF model to the
user adoption of IdMS in non-work settings. Specifically, the new measurement of IdMS task
and technology characteristics enables an understanding of how the interaction between these
values influences individual’s behavioural intentions towards using IdMS. In addition, it
provides a better understanding of how they have impacted on perceptions of the ease of use and
usefulness of IdMS.
This study has examined traditional fit model with regards to IdMS. Previous studies have
examined the effect of fit on performance (Goodhue & Thompson 1995) and tool usage
(Dishaw & Strong 1998, 1999, 2005). There is a lack of studies that examine the effect of fit on
behavioural intentions (Yen et al. 2010; Lee et al. 2012). Moreover, to our knowledge, no study
has conceptualized and measured fit, and examined its effect on users’ intention to adopt in the
IdMS context. The current study tries to fill this gap and contributes to fit models by
conceptualizing fit as moderation and examining its effect on users’ behavioural intentions
towards the use of IdMS.
There is a lack of theoretical and conceptual frameworks to guide IT artefact research (Gefen,
Benbasat & Pavlou 2008). This study has developed a model by identifying the IdMS artefact
constructs that have the potential to increase trust and reduce risk in the online environment, and
by specifying how these constructs can be incorporated into technology adoption models. In
addition, although previous studies had examined trust in the context of interpersonal
relationships between consumers and e-vendors (e.g. Gefen, Karahanna & Straub 2003; Luo et
al. 2010), the “social” associations between consumers and technologies were largely limited
(Wang & Benbasat 2005; Li et al. 2008). This study has examined trust in interpersonal
relationships (trust in IdMS providers) and in the relationships between user and technology
(trust in the IdMS artefact). To the best of our knowledge, this study is the first attempt to
investigate such trust relationships in terms of consumers’ intention to adopt new technology.
Chapter 8: Discussion and Conclusions
279
Wu et al. (2011b, p. 577) argued that “[a]lthough trust gained much attention from researchers
in recent years, the relevant empirical studies are still not enough for us to examine the effects
for the whole trust and TAM model.” More than previous empirical trust studies, this study has
shown that trust constructs relate to each other in organized, meaningful ways. This is important
as trust is “commonly used to describe both detailed phenomena (e.g. “I trust him to keep his
promise”) and higher order phenomena (e.g. “I just don’t trust the Web”) (McKnight et al. 2002,
p. 352). With the different trust constructs and their measures as presented in this study, trust
research can be carried out at either level of analysis. This study has confirmed that different
dimensions of trust play different roles in the adoption of emergent IT-enabled artefacts. Trust
in the Internet acts as an important mechanism to overcome the perceived risks inherent in the
online environment and increases online users’ willingness to disclose identity information.
Trusting beliefs which are formed from trust in the IdMS artefact and trust in IdMS providers
directly influence behavioural intentions to adopt, increase usefulness perceptions and overcome
the risk inherent in IdMS. Future studies should examine the antecedents and the effect of these
different dimensions of trust when considering the initial adoption stage of Web-based
technology artefacts.
Although many researchers have examined factors such as usefulness, ease of use, enjoyment
and so on, that drive individuals to adopt or reject IT products in general, Web-based service
and technology adoption research focusing on factors such as security, trust and privacy has
been limited (Dwyer, Hiltz & Passerini 2007; Gefen, Benbasat & Pavlou 2008; Im, Kim & Han
2008; Luo 2010; Shin 2010; Liao, Liu & Chen 2011; Li 2012). Recently, there has been
research which has attempted to establish the relationship between security-related factors such
as security, risk, trust and privacy by clarifying the slight differences in these similar variables
(Shin 2010; Zhou 2011). Therefore, this study has contributed to the literature by establishing
the correlations of inhibitory-related factors (privacy, risk and trust) and has addressed this gap
by examining users’ beliefs about risk, trust and privacy in the IdMS context.
Chapter 8: Discussion and Conclusions
280
Information security behavioural research and inhibitory factors should be investigated from the
individuals’ perspective and their conceptualization should result in multi-dimensional
constructs (Crossler et al. 2013).The majority of prior studies that have examined the influence
of trust and privacy concerns on individual behaviour have typically tested them as a single
construct (e.g. Cho 2006; Dinev & Hart 2006; Lee 2009b; Bansal, Zahedi & Gefen 2010;
Hwang & Lee 2012). There is a lack of studies that have investigated and tested these variables
as multi-dimensional constructs (Junglas, Johnson & Spitzmuller 2008; Luo et al. 2010; Wu et
al. 2011b; Li 2012). This study, to the best of our knowledge, is the first that has incorporated
and developed multi-dimensional trust and privacy concerns constructs to capture these security
factors and empirically examine their influence on technology adoption decisions. This study is
also the first attempt to examine and operationalize these factors in a multi-dimensional way in
the IdMS context. In particular, this study has considered one of the most significant gaps in the
technology adoption literature and has attempted to shed some light on the antecedents of the
belief constructs such as usefulness, trust and risk of novelty of a technology (IdMS) (Benbasat
& Barki 2007; Gefen, Benbasat & Pavlou 2008; Venkatesh, Thong & Xu 2012). This study
hopefully will stimulate further research and provide a useful lens through which to examine
behaviour associated with the acceptance of emerging innovative Web technology at its early
adoption stage. The study also contributes to a growing body of literature on the enhancement
of Web services and on mitigating Internet privacy concerns.
This study provides some steps towards understanding online consumers' privacy concerns
about information disclosure to online providers. Studies that have focused on online
information disclosure and their antecedents have been limited (Metzger 2004; Norberg, Horne
& David 2007; Li, Sarathy & Xu 2010; Lowry, Cao & Everard 2011; Li 2012). The current
study offers some empirical findings on why Internet users disclose identity information to
online providers examined with regard to when they are more or less likely to disclose.
However, this study does not consider the quality of information disclosure. We found that
privacy concerns are significant barriers to past information disclosure and the willingness to
Chapter 8: Discussion and Conclusions
281
disclose identity information in the future. In addition, the frequency of past information
disclosure increases users’ willingness to disclose identity information which has a significant
impact on users’ intention to use Web-based services and IdMS. This study demonstrates the
importance of privacy as an antecedent to online information disclosure. Also, it emphasizes
that technology perception factors such as perceived ease of use are important drivers at a
specific level of online users’ willingness to disclose sensitive information. Overall, the current
study’s findings provide insight into the nomological network of salient beliefs that affect
individuals’ online information disclosure and intention to disclose identity information on the
Internet. Further research on issues of privacy concerns and information disclosure is needed.
Future studies could examine other situational factors on information disclosure and privacy
concerns such as personal characteristics and the design of technology. They also should
examine how different categories of information might influence individuals’ willingness to
disclose identity information.
Empirical studies that address path dependency are scarce in the IS literature (Zhu et al. 2006).
Although there is limited empirical research that incorporates different technology standards’
migration pathways at the firm level (Zhu et al. 2006), there is no study which has empirically
addressed path dependency in technology adoption at the individual level. This is the first study
of which we are aware that seeks to fill this gap as it examines the migration from SSO systems
to IdMS in technology adoption. We found that prior use of SSO helped to reduce adoption
costs for IdMS use yet it brings more mindfulness of the risks of using IdMS. In contrast, SSO
non-users tended to evaluate the costs and benefits more and were less wary of the risks inherent
in IdMS use which increased their behavioural intentions to adopt IdMS. Our results supported
the notion of path dependency, and provide implications for research on technology adoption in
general. This study suggests that focusing on different generations in the trajectory of
technology and standards evolution might result in insights for research. Diverse generations of
technologies and standards tend to coexist in the market, such as wireless technology, cloud
Chapter 8: Discussion and Conclusions
282
computing, E-wallets and ubiquitous systems. Future research should examine the costs and
benefits of migrating along different paths to incorporate changes in technologies and standards.
This study modelled individual differences as a control variable having an effect on users’
perceptions of IdMS. Although some previous studies (e.g. Li, Sarathy & Xu 2010; Xu et al.
2011) have examined the effect of previous privacy invasion experience on e-commerce
acceptance, this is the first study of which we are aware that theorized the effects of previous
experience with identity theft on technology adoption. We have developed hypotheses regarding
how previous identity theft experience impacted on users’ perceptions towards IdMS adoption.
We found that Internet users who were identity theft victims were more likely to perceive more
risk with using IdMS, but this outcome did not affect their behavioural intentions towards
adopting IdMS. This study thus extends the nomological network related to Web-based
technology and use to include a new set of individual differences constructs and related
theoretical mechanisms.
Another major contribution of this work to the technology adoption research community is the
comprehensive review analysis conducted on the Web-based services and technologies adoption
literature.There are some reviews of literature and meta-analyses about specific IT adoption
models at the individual level (e.g. Lee, Kozar & Larsen 2003; King et al. 2006; Williams, Rana
& Dwivedi 2011) and the organizational level (e.g. Oliveira & Martins 2011). For example,
Williams, Rana and Dwivedi (2011) provided a systematic review of prior UTAUT model
research; Turner et al. (2010) conducted a systematic review of previous TAM studies; and
Cane and McCarthy (2009) presented a meta-analysis and examined the wide body of research
that had investigated TTF. However, most of these reviews had not investigated or provided an
analysis of the factors that affect individual adoption decisions. Although there were limited
papers that identified factors affecting individual acceptance of IT, they were either reviews of
existing IT adoption research prior to 2004 (Jeyaraj, Rottman & Lacity 2006) or were focused
on specific technology such as mobile commerce (AlHinai , Kurnia & Smith 2010; Zhang, Zhu
& Liu 2012). There have been limited comprehensive reviews of the literature related to IS/IT
Chapter 8: Discussion and Conclusions
283
adoption and diffusion research (Dwivedi et al. 2008; Williams, Rana & Dwivedi 2011). To the
best of our knowledge, our work is the first literature review that provides a comprehensive
analysis of user adoption of different Web-based services and technologies. In this study, we
review and discuss a number of well-known models and theories for technology adoption at the
individual level (as presented in Chapter 3, Section 3.4). In addition, we provide a
comprehensive analysis of user adoption of Web-based technologies and services and define
factors that appeared to be influencing users’ adoption decisions at the individual level (as
presented in Section 3.5.2). Our conceptual examination of various technology adoption studies
will help future researchers to observe the trends and to suitably design studies on technology
and Web-based services adoption and, consequently, significant contributions can be made to
both theory and practice.
8.4.1.2 Contributions to IdMS literature This study has also made some contributions to the IdMS literature as detailed below:
This research provided an assessment of the state of IdMS research and analyzes the extant
studies. Accordingly, we comprehensively reviewed the research on IdMS that had been
conducted in different fields. We also revealed the emergence of the IdMS research domain and
its current status by using a detailed analysis and taxonomy of 106 publications from key
research outlets. We also developed a framework derived from the TFI model which represents
an information system as being made up of technical, formal and informal layers. We classified
the IdMS studies, reviewed key findings and identified opportunities for future research into
IdMS. The findings of this review could provide value to researchers and a better understanding
of the state of the art in the IdMS domain thus theoretical and practical contributions could be
made. Detailed discussion on the findings of the IdMS literature review and the implications for
research are presented in Chapter 2 (see Section 2.8.7).
The distinction between real-world identity and digital/online identity has become more blurred
(Mont, Bramhall & Pato 2003). In addition, identity management is a new and emerging field
Chapter 8: Discussion and Conclusions
284
and its meaning and understanding have not yet been completely established and clarified
(Karch 2011; Lips & Pang 2008). According to Pfitzmann and Hansen (2010) who have been
collecting and developing consolidated terms about the basic concepts in relation to digital
identity since 2000, “[i]dentity management is a much younger and much less defined field – so
a really consolidated terminology for this field does not exist” (p. 6). The definition of IdMS is
confusing because the different stakeholders concerned (users, identity providers and service
providers) have different requirements and different perspectives (Alpar, Hoepman & Siljee
2011), therefore; its conceptualization is difficult (Seltsikas & O’Keefe 2010). For that reason,
the extant literature abounds with different definitions and understandings of IdMS based on the
context and focus of the research. This research has contributed to identity management and
IdMS research by providing an in-depth understanding of identity management on the Internet
and by discussing some definitions and features which are focused on the Web-based IdMS.
This study also takes into account the emerging technologies and standards used to develop the
system. In addition, it compares and examines the openness of identity management on the Web
as illustrated in the context of proprietary identity and open identity exchange using Web-based
IdMS.
The results of the review analysis indicated that a large proportion of IdMS research had been
focused on technical issues and that few researchers had focused at the individual or business
levels. In addition, the majority of current studies were focused on technical or design problems,
and the challenges of IdMS. Behaviours and perceptions of individuals towards online identity
and IdMS have been rarely explored in previous research. Designing IdMS is not just a
technological issue, but theoretical, social and regulatory dimensions must also be addressed
(Adjei & Olesen 2011). Our findings have also shown that there is a lack of empirical studies in
the IdMS context and specifically those which have used quantitative techniques. Moreover,
few theories have been applied to IdMS research and it does not yet have a theory to call its
own. In trying to fill these gaps and alleviate this shortcoming, our study is the first attempt to
develop a theoretical model for and to empirically examine user adoption of IdMS from the user
Chapter 8: Discussion and Conclusions
285
perspective by conducting a behavioural type of research using an explanatory quantitative
approach and, in particular, survey methodology.
8.4.2 Practical Implications
The design of new technology artefacts includes embedding existing theories from different
research domains into the development of a new piece of technology (Kuechler & Vaishnavi
2012). As new factors relating to user adoption of IdMS have been identified in this study and
have come to light, they might provide opportunities for creating or enhancing new IdMS tools.
This study has implications for practitioners, especially for designers and online service
providers, in Web-based applications and IdMS.
Although we found some factors that influenced behavioural intentions to adopt IdMS, this
study has revealed that trusting beliefs are a more influential factor, implying that increasing
trust in potential adopters is more important than providing benefits. Therefore, IdMS
developers need to search for risk-reducing mechanisms and trust-building strategies that might
help in inspiring high confidence in potential users. This study has suggested that IdMS
designers and providers should consider the development of benevolence, integrity and
competence dimensions in IdMS in order to develop flexible, reliable and long-term trust
relationships (McKnight et al. 2002).
Competence may be developed through providing statements of guarantee, search facilities and
recommendations about new IdMS services and benefits which facilitate the promise to be
made. IdMS providers may enhance the perception of their benevolence through long-term
customer service and regular communications with potential users, as well as through the
provision of information regarding privacy and security risks. In addition, IdMS providers may
enhance their honesty through seals from agencies such as Trust-e which helps Web providers
to build trust and enhance engagement across all their online channels. TRUSTe
(http://www.truste.com) is the leading online privacy solutions provider with a broad suite of
privacy services to help businesses build trust and increase engagement across all of their online
Chapter 8: Discussion and Conclusions
286
channels – including websites, mobile applications, advertising, cloud services, business
analytics and email marketing. IdMS designers could develop IdMS technologies’ benevolence
through focusing on the prevention of intrusion, fraud and identity theft through, for example,
developing methods to strengthen encryption and developing Web interfaces to authenticate
Web relationships. In addition, interventions in behaviour through joined forces, in trade
associations or industry groups (McKnight et al. 2002) and increased familiarity through
advertising (Lee 2009b) may promote the perception of the integrity of IdMS providers and
tools and enhance individual perceptions of IdMS use.
The findings of this study have demonstrated that reducing privacy concerns enhances the
willingness to share and disclose identity information on the Internet and thereby increases the
intention to adopt IdMS. The findings show that Web users trade off privacy concerns for the
benefits of information disclosure on IdMS. Therefore, IdMS providers should address users’
privacy concerns about disclosing information and the use of IdMS. IdMS providers should
offer to manage online identities’ services with benefits that balance customers’ privacy
concerns. This study has defined six principles of information practices to which service and
identity providers should adhere in order to ensure privacy. These principles are awareness,
Rather surprisingly, risk perceptions were not found to have a significant negative relationship
with the intention to use IdMS and the willingness to disclose identity information on the Web.
This possibly reflected the limited assessment of this factor which was evaluated only in
relation to the uncertainty and the likelihood of identity theft. Inclusion of more risk perceptions
such as performance, time, social and psychological loss may give a more complete assessment
of perceived risk, and could increase its apparent significance (Featherman & Pavlou 2003).
Researchers are therefore called to examine comprehensive risk perceptions in the context of the
acceptance of emerging innovative technology, such as IdMS, in its early adoption stage.
This study was limited to only one type of trust in IdMS providers and not to users’ beliefs
about familiar providers. The study also did not differentiate between trust in SPs and IdPs and
treated them holistically under the ‘trust in IdMS providers’ variable. Users may have pre-
existing trust with a SP and may interact for the first time with an IdP (initial trusting belief) or
vice versa when they use IdMS for the first time (Landau, Gong & Wilton 2009). Therefore,
trusting beliefs in IdMS providers in this study were not measured based on all possible
relationships with IdMS providers with whom the user may have familiarity and experience:
consumers are more willing to trust a particular online provider as they develop an ongoing
relationship with that provider (Hoffman, Novak & Peralta 1999). Prior research has found
differences in pre-existing trust and initial trust of service providers (Luo 2010). Future research
could therefore consider further differentiation of users’ trusting beliefs of IdMS providers as
well as comparing this between familiar versus unfamiliar providers: this could enhance the
understanding of trusting beliefs in IdMS.
Chapter 8: Discussion and Conclusions
292
This study has examined the effects of information disclosure and willingness to disclose
identity information on users’ behaviour intention. Information disclosure was measured using
two questions which reflected on the frequency with which respondents had disclosed their
personal information in the past to any website for financial and non-financial transactions. The
willingness to disclose identity information was measured using three items which reflected
respondents’ intentions to provide and share their identity information in the future. However,
the value, types and quality of identity information were not examined in this study. In addition,
as this study employed a self-reporting questionnaire for measuring participants’ perceptions
and usage behaviour, it is possible that respondents over-reported their answers (Straub, Gefen
& Boudreau 2005). Further research might measure the disclosure of identity information on the
Internet more directly rather than relying on self-reports and could ask the post-exposure
questionnaire to check off any false information that the respondents may provide to the
questionnaire (Metzger 2004).
This study did not examine the effect of computer-mediated communication (CMC) technology
factors such as the user interface functions of IdMS; nevertheless, we hoped that our results
would inform the design of IdMS interfaces. It has been noted that system interface is critical to
user performance on IT and has an important role in terms of user acceptance of new technology
(Lee, Kang & Kim 2007). In addition, IdMS are more likely to be adopted if they are easy to
download, install and configure which includes the authentication process and password
interfaces (Dhamija & Dusseault 2008). Therefore, a potential approach which incorporates
additional factors relevant to users’ decisions to adopt IdMS might be beneficial. Further
research could examine specific IdMS characteristics to investigate the effect of individual
interface features and compare the usability of IdMS design with existing interfaces to provide
best practices and design guidelines for implementing usable log-in interfaces on both SPs and
IdPs websites.
Chapter 8: Discussion and Conclusions
293
Finally, extensive efforts were taken to review all of the literature related to this study; however,
it is important to acknowledge that it is possible that some previous research may have been
overlooked in this process. In addition; this study has provided a comprehensive model for
IdMS adoption. While the current model includes the dominant factors that affect user adoption
of IdMS at the individual level, other factors which did not come to light in the current study
could explain and influence users’ behavioural intentions to adopt IdMS. We suggest that future
research should investigate additional and new constructs (e.g. personality traits, habits, ability
to manage different passwords; and reputation/experience with specific IdMS) that may help to
increase the adoption of IdMS. In addition, it would also be beneficial to explore the
antecedents of factors that were identified in this study such as perceived ease of use, risk,
privacy concerns and trusting beliefs, explaining how these factors affect users’ perceptions of
IdMS and further improving the explanatory power of these variables.
Chapter 8: Discussion and Conclusions
294
8.6 Concluding Remarks The main objective of this study was to identify and empirically examine the factors affecting
user adoption of IdMS. In order to achieve the objective, a structured review of the IdMS, IS/IT
and Web-based applications’ adoption literature was undertaken. Drawing upon behavioural and
technology adoption theories from the IS, psychology and economics literature, as well as the
context-specific characteristics of the IdMS, a conceptual model and a set of hypotheses were
developed. The research model was specified as a complex model with hierarchical and
unidimensional constructs. This study was conducted and the model was tested in the contexts
of social networking and e-commerce. Expert panels, survey pre-tests as well as a pilot study
with a total of 150 samples were conducted and analyzed to develop and validate the research
instruments. A total of 332 samples were analyzed to test the conceptual model in the main
study. This study applied PLS path modelling to assess the model and test the associations
among constructs. The findings of the study successfully verified satisfactory measurement and
structural properties of the research model, confirming most of the proposed hypotheses. In
addition, the study confirmed the significant effect of previous IdMS experience (prior use of
SSO) as a moderator variable. The study also confirmed the impact of some contextual and
individual differences variables on user adoption of IdMS.
This study is one of the first to empirically examine user adoption of IdMS and to explore
various categories of individual motivations in IdMS use. The main significant contribution of
this study lies in providing a theoretical user-adoption model relevant to IdMS. This study
contributes to the IdMS research by conducting behavioural, empirical research in IdMS which
helps to extend the body of knowledge of IS/IT adoption into the IdMS domain. The findings of
the study offer a road map and develop guidelines for IdMS providers and designers to achieve
user acceptance of IdMS. This study contributes to the successful use of IdMS by end-users. In
addition, the study has identified some technical areas needing further investigation. The
proposed framework also offers an increased understanding of users’ perceptions and concerns
which, in turn, could provide a tool that could be used to develop mechanisms and strategies
Chapter 8: Discussion and Conclusions
295
that will encourage IdMS adoption. Although this study was conducted in the domain of IdMS,
our findings may be of interest to any Web-based service or technology which deals with users’
identity information.
The study findings confirm that IdMS will be the alternative and attractive solution for
managing and maintaining online identities on the Internet. However, the overall adoption and
user acceptance of the IdMS artefact will be driven by end-users’ beliefs, perceptions and needs,
and their effects on users’ behavioural intention towards IdMS. This study suggests some
important factors which affect users’ behavioural intention to adopt IdMS including usefulness,
ease of use, task–technology fit, trusting beliefs, trust in the Internet, information disclosure,
privacy concerns and cost. Hence, the IdMS user adoption model will play an instrumental role
in increasing the user acceptance rate, evaluating technical areas, providing successful
implementation and creating security and privacy policies.We hope this study stimulates further
research and provides a useful lens through which to explore individuals’ beliefs and
perceptions in the context of adoption of IdMS and emerging innovative technology in its early
adoption stage.
References
296
References
Acquisti, A. & Grossklags, J. 2005, 'Privacy and Rationality in Decision Making', IEEE Security & Privacy, vol. 3, no. 1, pp. 26-33.
Adjei, K.J. & Olesen, H. 2011, 'Keeping Identity Private -Establishing Trust in the Physical and Digital World for Identity Management Systems', Vehicular Technology Magazine, IEEE vol. 6, no. 3, pp. 70 -9.
Agarwal, R. & Prasad, J. 1998, 'A conceptual and operational definition of personal innovativeness in the domain of information technology', Information Systems Research, vol. 9, no. 2, pp. 204–15.
Agarwal, R. & Prasad, J. 1999, 'Are Individual Differences Germane to the Acceptance of New Information Technologies?', Decision Sciences, vol. 30, no. 2, pp. 361–91.
Agre, P.E. 1997, ' Introduction', in P.E. Agre & M. Rotenberg (eds), Technology and privacy: The new landscape, The MIT Press, London.
Aichholzer, G. & Strauß, S. 2009, 'The Citizen’s Role in National Electronic Identity Management. A Case-study on Austria', Proceedings of the Second International Conference on Advances in Human-Oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC 09), IEEE Computer Society, Porto, Portugal, pp. 45-50.
Aichholzer, G. & Strauß, S. 2010, 'Electronic identity management in e-Government 2.0: Exploring a system innovation exemplified by Austria', Information Polity, vol. 15 no. 1-2, pp. 139–52.
Ajzen, I. 1991, 'The Theory of Planned Behavior.', Organizational Behavior and Human Decision Processes, vol. 50, no. 2, pp. 179-211.
Ajzen, I. & Fishbein, M. 1980, Understanding Attitudes and Predicting Social Behavior, Prentice-Hall, Englewood Cliffs,NJ.
Akerof, G.A. & Kranton, R.E. 2000, 'Economics and Identity', The Quarterly Journal of Economics, vol. 115, no. 3, pp. 715-53.
Al-Gahtani, S.S., Hubona, G.S. & Wang, J. 2007, 'Information technology (IT) in Saudi Arabia: Culture and the acceptance and use of IT', Information and Management, vol. 44, no. 8, pp. 681–91.
Al-Sinani, H.s., Alrodhan, W.A. & Mitchell, C.J. 2010, 'CardSpace-Liberty integration for CardSpace users', Proceedings of the Ninth Symposium on Identity and Trust on the Internet (IDtrust 10), ACM, New York, USA.
Al-Sinani, H.S. & Mitchell, C.J. 2010, 'Using CardSpace as a Password Manager', Proceedings of Policies and Research in Identity Management, Second IFIP WG 11.6 Working Conference, Oslo, Norway.
Al-Sinani, H.S. & Mitchell, C.J. 2011, 'Client-Based CardSpace-OpenID Interoperation', Proceedings of the Twenty-Sixth International Symposium on Computer and Information Sciences(ISCIS 2011), London, UK, pp. 387-93.
Alavi, M. & Carlson, P. 1992, 'A Review of MIS Research and Disciplinary Development', Journal of Management Information Systems, vol. 8, no. 4, pp. 45 - 62.
Alavi, M. & Henderson, J.C. 1981, 'An evolutionary strategy for implementing a decision support systems', Management Science, vol. 27, no. 11, pp. 1309-22.
References
297
Alavi, M. & Joachimsthaler, E.A. 1992, 'Revisiting DSS Implementation Research: A Meta-Analysis of the Literature and Suggestions for Researchers', MIS Quarterly, vol. 16, no. 1, pp. 95-116.
Alesandro, A., Friedman, A. & Telang, R. 2006, 'Is There a Cost to Privacy Breaches? An Event Study', Proceedings of the Twenty-Seventh International Conference on Information Systems, Milwaukee, WI.
AlHinai, Y.S., Kurnia, S. & Smith, S.P. 2010, 'The adoption of mobile commerce services by individuals: A Current State of the Literature', Proceedings of 21st Australasian Conference on Information Systems, Brisbane,Australia.
Al-Omoush, K.S., Yaseen, S.G. & Alma’aitah, M.A. 2012, 'The impact of Arab cultural values on online social networking: The case of Facebook', Computers in Human Behavior, vol. 28, no. 6, pp. 2387–99.
Alpar, G., Hoepman, J. & Siljee, J. 2011, 'The Identity CrisisSecurity, Privacy and Usability
Issues in Identity Management', The Computer Research Repository (CoRR), vol. 1101.
Alrodhan, W. & Mitchell, C. 2009, 'Improving the Security of CardSpace', EURASIP Journal on Information Security, vol. 2009.
Alvarez, R.M., Sherman, R.P. & VanBeselaere, C. 2003, 'Subject Acquisition for Web-Based Surveys', Political Analysis, vol. 11, no. 1, pp. 23-43.
Amoako-Gyampah, K. & Salam, A.F. 2004, 'An extension of the technology acceptance model in an ERP implementation environment', Information & Management, vol. 41, no. 6, pp. 731–45.
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Pellegrino, G. & Sorniotti, A. 2013, 'An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations', Computers & Security, vol. 33, pp. 41–58.
Armitage, A. & Keeble-Allen, D. 2008, 'Undertaking a Structured Literature Review or
Structuring a Literature Review: Tales from the Field', The Electronic Journal of Business Research Methods, vol. 6, no. 2, pp. 103 - 14.
Armstrong, J.S. & Overton, T.S. 1977, 'Estimating Non-Response Bias in Mail Surveys', Journal of Marketing Research, vol. 14, pp. 396-402.
Arora, S. 2008, ' National eID card schemes: A European overview', Information Security Technical Report, vol. 13, no. 2, pp. 43–53.
Atinc, G., Simmering, M.J. & Kroll, M.J. 2012, 'Control Variable Use and Reporting in Macro and Micro Management Research', Organizational Research Methods, vol. 15, no. 1, pp. 57-74.
Atkinson, J.W. 1964, An introduction to motivation, Oxford, England: Van Nostrand.
Attewell, P. & Rule, J.B. 1991, Survey and other methodologies applied to IT impact research: experiences from a comparative study of business computing, Harvard Business School Press, Boston, Massachusetts.
Back, M.D., Stopfer, J.M., Vazire, S., Gaddis, S., Schmukle, C., Egloff, B. & Gosling, S.D. 2010, 'Facebook Profiles Reflect Actual Personality, Not Self-Idealization', Psychological Science, vol. 21, no. 3, pp. 372-4.
Bagozzi, R.P. 2007, 'The Legacy of the Technology Acceptance Model and a Proposal for a Paradigm Shift.', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 244-54.
Bagozzi, R.P. & Yi, Y. 1988, 'On the evaluation of structural equation models', Journal of the Academy of Marketing Science ,vol. 16, no. 1, pp. 74–94.
References
298
Balasubramaniam, S., A.Lewis, G., Morris, E., Simanta, S. & B.Smith, D. 2009, 'Identity Management and its Impact on Federation in a System-of-Systems Context', Proceedings of the Third Annual IEEE International Systems Conference, IEEE, Vancouver, Canada.
Baldoni, R. 2012, 'Federated Identity Management Systems in e-Government: the Case of Italy', Electronic Government: An International Journal, vol. 9, no. 1, pp. 64-84.
Bandura, A. 1986, Social Foundations of Thought and Action: A social cognitive theory, Prentice-Hall, Englewood Cliffs,NJ.
Bandyopadhyay, K. & Fraccastoro, K.A. 2007, 'The Effect of Culture on User Acceptance of Information Technology', Communications of the Association for Information Systems, vol. 19, no. 1, pp. 522-43.
Banker, R.D. & Kauffman, R.J. 2004, 'The Evolution of Research on Information Systems: A Fiftieth-Year Survey of the Literature in Management Science', Management Sience, vol. 50, no. 3, pp. 281- 98.
Bansal, G., Zahedi, F.M. & Gefen, D. 2010, ' The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online', Decision Support Systems, vol. 49, no. 2, pp. 138-50.
Barati, S. & Mohammadi, S. 2009, 'An Efficient Model to Improve Customer Acceptance of Mobile Banking', Proceedings of the World Congress on Engineering and Computer Science, vol. 2, San Francisco, USA.
Barclay, D., Higgins, C. & Thompson, R. 1995, 'The Partial Least Squares (PLS) Approach to Causal Modeling: Personal Computer Adoption and Use as an Illustration', Technology Studies, vol. 2, no. 2, pp. 285-309.
Barnes, S.J. & LHuff, S. 2003, ' Rising Sun: imode and the wireless internet.', Communications of the ACM, vol. 46, no. 11, pp. 97-84.
Bauer, M., Meints, M. & Handsen, M. 2005, D3.1: Structured overview on prototypes and concepts of identity management systems, FIDIS, viewed 24 December 2011 <http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf>.
Beggs, A. & Klemperer, P. 1992, 'Multi-period Competition with Switching Costs', Econometrica, vol. 60, no. 3, pp. 651-66.
Behrenda, T.S., Wiebeb, E.N., Londonb, J.E. & Johnsonc, E.C. 2011, 'Cloud computing adoption and usage in community colleges', Behaviour & Information Technology, vol. 30, no. 2, pp. 231–40.
Belanger, F. & Carter, L. 2008, 'Trust and risk in e-government adoption', Journal of Strategic Information Systems vol. 17, no. 2, pp. 165–76.
Benbasat, I. & Barki, H. 2007, 'Quo vadis, TAM?', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 211-8.
Benbasat, I. & Weber, R. 1996, 'Research commentary: Rethinking "diversity" in information systems research', nformation Systems Research, vol. 7, no. 4, pp. 389-99.
Benslimane, Y., Plaisent, M. & Bernard, P. 2002, ' Applying the Task-Technology Fit Model to WWW-based Procurement: Conceptualization and Measurement', Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03), Hawaii.
Bertino, E. & Takahashi, K. 2010, Identity Management: Concepts, Technologies, and Systems, Artech House.
References
299
Bertocci, V., Serack, G. & Baker, C. 2007, Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities, Addison-Wesley Professional.
Bhargav-Spantzel, A., Camenisch, J., Gross, T. & Sommer, D. 2007, 'User centricity: taxonomy and open issues', Journal of Computer Security, vol. 15, no. 5, pp. 493-527.
Bhattacherjee, A. 2001, 'Understanding Information Systems Continuance:An Expectation-Confirmation Model', MIS Quarterly, vol. 25, no. 3, pp. 351-70.
Bhattacherjee, A. & Premkumar, G. 2004, 'Understanding changes in belief and attitude toward information technology usage: a theoretlcal model and longitudinal test', MIS Quarterly, vol. 28, no. 2, pp. 229-54.
Birrell, E. & Schneider, F. 2012, Federated Identity Management Systems:A Privacy-based Characterization, Technical Report , Cornell University.
Bohrnstedt, G.W. 1970, 'Reliability and validity assessment in attitude measurement', in G.F. Summers (ed.), Attitude measurement, Rand-McNally, Chicago.
Booth, A.L. & Nolen, P. 2012, 'Gender differences in risk behaviour: does nurture matter?', The Economic Journal, vol. 122, no. 558, pp. F56–F78.
Borcea-Pfitzmann, K., Hansen, M., Liesebach, K., Pfitzmann, A. & Steinbrecher, S. 2006, 'What user-controlled identity management should learn from communities', Information security technical report, vol. 11, no. 3, pp. 119–28.
Boyd, D.M. & Ellison, N.B. 2008, 'Social network sites: Definition, history, and scholarship', Journal of Computer-Mediated Communication, vol. 13, pp. 210–30.
Brody, R.G., Mulig, E. & Kimball, V. 2007, 'Phishing, pharming and identity tthef', Academy of Accounting and Financial Studies Journal, vol. 11, no. 3, pp. 43-7.
Buchanan, T., Paine, C., Joinson, A.N. & Reips, U.-D. 2007, 'Development of Measures of Online Privacy Concern and Protection for Use on the Internet', Journal of the American Society for Information Science and Technology, vol. 58, no. 2, pp. 157–65.
Business Wire 2008, Identity Theft Twice as Likely in English-Speaking Countries :PayPal Trust and Safety Study Reveals that Online Fraud and Identity Theft are Global Concerns, Business Wire, viewed 21 December 2012 <http://www.businesswire.com/news/home/20081021005640/en/Identity-Theft-English-Speaking-Countries>.
Cameron, K. 2005, The Laws of Identity, Microsoft Corporation, viewed 18 March 2011 <http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf>.
Cameron, K. & Jones, M.B. 2007, 'Design Rationale behind the Identity Metasystem Architecture', in, ISSE/SECURE 2007 Securing Electronic Business Processes, Vieweg, Fachverlage GmbH, Wiesbaden, pp. 117-29.
Cameron, K., Posch, R. & Rannenberg, K. 2009, ' Proposal for a common identity framework: A user-centric identity metasystem', in K. Rannenberg, D. Royer & A. Deuker (eds), The Future of Identity in the Information Society, Springer, pp. 477–500.
Cane, S. & McCarthy, R. 2009, 'Analayzing The Factors that Affect Information Systems Use: A Task-Technology Fit-Meta Analysis', The Journal of Computer Information Systems, vol. 50, no. 1, pp. 108-23.
Canhoto, A.I. & Backhouse, J. 2007, 'Profiling under conditions of ambiguity—An application in the financial services industry', Journal of Retailing and Consumer Services, vol. 14, no. 6, pp. 408–19.
References
300
Cao, Y. & Yang, L. 2010, 'A survey of Identity Management technology ', Proceedings of the IEEE International Conference on Information Theory and Information Security (ICITIS), Qinhuangdao, China, pp. 287 - 93
Cao, Y., Yang, L., Fu, Z. & Yang, F. 2011, 'Identity Management Architecture: Paradigms and Models', Applied Mechanics and Materials, vol. 40-41 pp. 647-51.
Carlson, K.D. & Wu, J. 2012, 'The Illusion of Statistical Control : Control Variable Practice in Management Research', Organizational Research Methods, vol. 15, no. 3, pp. 413-35.
Carter, L. & Be´Langer, F. 2005, 'The utilization of e-government services: citizen trust, innovation and acceptance factors', Information Systems Journal, vol. 15, no. 1, pp. 5–25.
Castaneda, J.A., Munoz-Leivaa, F. & Luquea, T. 2007, 'Web Acceptance Model (WAM): Moderating effects of user previous experiencene', Information & Management, vol. 44, no. 4, pp. 384-96.
Caudill, M.E. & Murphy, E.P. 2000, 'Consumer Online Privacy: Legal and Ethical Issues', Journal of Public Policy & Marketing, vol. 19, no. 1, pp. 7-19.
Chan, S.C. & Lu, M. 2004, 'Understanding Internet Banking Adoption and Use Behavior: A Hong Kong Perspective', Journal of Global Information Management, vol. 12, no. 3, pp. 21-44.
Chang, H. 2010, 'Task-technology fit and user acceptance of online auction', InternationalJournal of Human-Computer Studies, vol. 68, no. 1-2, pp. 69–89.
Chelune, G.J. 1987, 'A neuropsychological perspective of interpersonal communication', in V.J. Derlega & J.H. Berg (eds), Self-disclosure: Theory, research, and therapy, Plenum, New York, pp. 10-34.
Chen, H.-C., Yen, D.C. & Hwang, M.I. 2012, 'Factors influencing the continuance intention to the usage of Web 2.0: An empirical study', Computers in Human Behavior, vol. 28, no. 3, pp. 933–41.
Chen, K. & Rea, A.J. 2004, 'Protecting personal information online: a survey of user privacy
concerns and control techniques', Journal of Computer Information Systems, vol. 44, no. 4, pp. 85–92.
Cheng, T.C., Lam, D. & Yeung, A. 2006, 'Adoption of internet banking: An empirical study in Hong Kong', Decision Support Systems, vol. 42, no. 3, pp. 1558–72.
Cheung, R. & Vogel, D. 2013, ' Predicting user acceptance of collaborative technologies: An extension of the technology acceptance model for e-learning', Computers & Education, vol. 63, no. April 2013, pp. 160–75.
Chin, W.W. 1995, 'PLS is to LISREL as Principal Components Analysis is to Common Factor
Analysis', Technology Studies, vol. 2, pp. 315-9.
Chin, W.W. 1998a, 'Commentary: issues and opinion on structural equation modeling', MIS Quarterly, vol. 22, pp. vii–xvi.
Chin, W.W. 1998b, 'The Partial Least Squares Approach for Structural Equation Modeling', in G.A. Marcoulides (ed.), Modern Methods for Business Research, Lawrence Erlbaum Associates, Mahwah, New Jersey, pp. 295-336.
Chin, W.W. 2010, 'How to Write Up and report PLS Analyses', in V.E. Vinzi, W.W. Chin, J. Henseler & H. Wang (eds), Handbook of Partial Least Squares, Springer-Verlag, Berlin, pp. 655-90.
References
301
Chin, W.W., Gopal, A. & Salisbury, W.D. 1997, 'Advancing the Theory of Adaptive Structuration: The Development of a Scale to Measure Faithfulness of Appropriation', Information Systems Research, vol. 8, no. 4, pp. 342-67.
Chin, W.W., Marcolin, B.I. & Newsted, P.R. 2003, 'A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study', Information Systems Research, vol. 14, no. 2, pp. 189-217.
Chin, W.W. & Newsted, P.R. 1999, 'Structural Equation Modeling Analysis with Small Samples Using Partial Least Squares', in R. Hoyle (ed.), Statistical Strategies for Small Sample Research, Sage Publications, Newbury Park, CA, pp. 307-41.
Chin, W.W., Thatcher, J.B. & Wright, R.T. 2012, 'Assessing Common Method Bias:Problems With The ULMC Technique', MIS Quarterly vol. 36, no. 3, pp. 1003-19.
Cho, V. 2006, 'A study of the roles of trusts and risks in information-oriented online legal services using an integrated model', Information & Management, vol. 43, no. 4, pp. 502–20.
Chong, A., Chan, F. & Ooi, K.-B. 2012, 'Predicting consumer decisions to adopt mobile commerce: Cross country empirical examination between China and Malaysia', Decision Support Systems, vol. 53, no. 1, pp. 34–43.
Choudrie, J. & Dwivedi, Y.K. 2005, ' Investigating the research approaches for examining
technology adoption issues', Journal of Research Practice, vol. 1, no. 1.
Churchill, G.A. 1979, 'A paradigm for developing better measures of marketing constructs', Journal of Marketing Research, vol. 16, no. 1, pp. 64-73.
Clarke, R. 1993, 'Computer Matching and Digital Identity', Proceedings of Computers, Freedom & Privacy Conference, San Francisco,USA.
Clarke, R. 1999, 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice', Proceedings of User Identification & Privacy Protection Conference, Stockholm, Sweden.
Cohen, J. 1988, Statistical Power Analysis for the Behavioral Sciences 2nd edn, Lawrence Erlbaum Associates, Hillsdale, NJ.
Cohen, W.M. & Levinthal, D.A. 1990, 'Absorptive Capacity: A New Perspective on Learning and Innovation', Administrative Science Quarterly, vol. 35, no. 1, pp. 128-52.
Comley, P. 2002, 'Online Survey Techniques: Current Issues and Future Trends', Interactive Marketing, vol. 4, no. 2, pp. 156-69.
Compeau, D., Higgins, C.A. & Huff, S. 1999, 'Social cognitive theory and individual reactions to computing technology: A longitudinal study', MIS Quarterly, vol. 23, no. 2, pp. 145-59.
Compeau, D.R. & Higgins, C.A. 1995, 'Computer Self-Efficacy: Development of a Measure and Initial Test', MIS Quarterly, vol. 19, no. 2, pp. 189-211.
Conway, J.M. & Huffcutt, A.L. 2003, 'A Review and Evaluation of Exploratory Factor Analysis Practices in Organizational Research', Organizational Research Methods, vol. 6, no. 2, pp. 147-68.
Cook, C., Heath, F. & Thompson, R.L. 2000, 'A Meta-Analysis of response rates in Web- or Internet-based surveys', Educational and Psychological Measurement, vol. 60, no. 6, pp. 821-36.
Coopamootoo, P.L. & Ashenden, D. 2011, 'Designing Usable Online Privacy Mechanisms:What Can we Learn from Real World Behaviour', in S. Fischer-Hübner, P.
References
302
Duquenoy, M. Hansen, R. Leenes & G. Zhang (eds), Privacy and Identity Management for Life: 6th IFIP WG 9. 2, 9. 6/11. 7, 11. 4, 11. 6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers, Springer.
Cooper, D.R. & Schindler, P.S. 2008, Business Research Methods, 10 edn, McGraw Hill, Irwin.
Corrocher, N. 2011, 'The adoption of Web 2.0 services: An empirical investigation', Technological Forecasting & Social Change, vol. 78, no. 4, pp. 547–58.
Costello, A.B. & Osborne, J.W. 2005, 'Best Practices in Exploratory Factor Analysis: Four Recommendations for Getting the Most From Your Analysis', Practical Assessment, Research & Evaluation, vol. 10, no. 7, pp. 1-9.
Couper, M.P. 2000, 'Web Surveys: A Review of Issues and Approaches', The Public Opinion Quarterly, vol. 64, no. 4, pp. 464-94.
Crawford, S.D., Couper, M.P. & Lamias, M.J. 2001, 'Web Surveys : Perceptions of Burden', Social Science Computer Review, vol. 19, no. 2, pp. 146-62.
Crespo, A.H. & delBosque, I.R. 2008, 'The effect of innovativeness on the adoption of B2C e-commerce: A model based on the Theory of Planned Behaviour', Computers in Human Behavior, vol. 24, no. 6, pp. 2830–47.
Crespo, A.H. & delBosque, I.R. 2010, 'The influence of the commercial features of the Internet on the adoption of e-commerce by consumers', Electronic Commerce Research and Applications, vol. 9, no. 6, pp. 562-75
Creswell, J.W. 2003, Research Design Qualitative, Quantitative and Mixed Methods Approaches, 2nd edn, Sage Publications, Chennai, India.
Crompton, M. 2010, 'Usercentric identity management: An oxymoron or the key to getting identity management right?', Information Polity vol. 15, pp. 291–7.
Cronbach, L.J. 1971, 'Test validation', in R.L. Thorndike (ed.), Educational measurement, 2nd edn, American Council on Education, Washington, DC, pp. 443-508.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. & Baskerville, R. 2013, 'Future directions for behavioral information security research', Computers & Security, vol. 32, pp. 90–101.
Crowston, K., Fitzgerald, B., Gloor, P., Schultze, U. & Yoo, Y. 2010, 'Shifting Boundries: How Sould IS Researchers Study NonOrgantizational Uses of ICT?', Proceedings of the Thirty-First International Conference on Information Systems, St. Louis ,USA.
Cser, A. 2008, Forrester TechRadar: Identity And Access Management, Q2 2008, Forrester Research viewed 20 April 2011 <www.forrester.com/go?docid=45768>.
Cser, A. & Penn, J. 2008, Identity Management Market Forecast: 2007 To 2014 Provisioning Will Extend Its Dominance Of Market Revenues, Forrester Research.
Cunningham, S. 1967, 'The major dimensions of perceived risk', in D. Cox (ed.), Risk Taking and Information Handling in Consumer Behavior, Harvard University Press, Cambridge, MA.
D'Ambra, J. & Wilson, C. 2004a, 'Explaining Perceived Performance of the World Wide Web: Uncertainty and the Task-Technology Fit Model', Internet Research, vol. 14, no. A, pp. 294-310.
D'Ambra, J. & Wilson, C. 2004b, ' Use of the World Wide Web for International Travel: Integrating the Construct of Uncertainty in Information Seeking and the Task Technology Fit Model', Journal of the American Society for Information Science and Technology, vol. 55, no. 8, pp. 731-42.
References
303
Dabrowski, M. & Pacyna, P. 2008, 'Generic and complete three-level identity management model', Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies, Cap Esterel.
Daemen, T. & Rubinstein, I. 2006, The identity metasystem:Towards a privacy-compliant solution to the challenges of digital identity, Microsoft Corporation.
Davis, F.D. 1989, 'Perceived usefulness, perceived ease of use, and user acceptance of information technology', MIS Quarterly, vol. 13, no. 3, pp. 319-40.
Davis, F.D. 1993, 'User acceptance of information technology– system characteristics, user perceptions and behavioral impacts', International Journal of Man-Machine Studies, vol. 38, no. 3, pp. 475–87.
Davis, F.D., Bagozzi, R.P. & Warshaw, P.R. 1992, 'Extrinsic and Intrinsic Motivation to Use Computers in the Workplace', Journal of Applied Social Psychology, vol. 22, no. 14, pp. 1111-32.
Davis, F.D., Bagozzi, R.P. & Warshaw, R.P. 1989, 'User Acceptance of Computer Technology: A Comparison of Two Theoretical Models', Management Science, vol. 35, no. 8, pp. 982-1003.
DeCock, D., Simoens, K. & Preneel, B. 2008, ' Insights on identity documents based on the Belgian case study', Information Security Technical Report, vol. 13, no. 2, pp. 54–60.
DeCoster, J. 1998, 'Overview of Factor Analysis', viewed 11 August 2011, < http://www.stat-help.com/notes.html>.
DeLone, W. & McLean, E. 1992, 'Information systems success: The quest for the dependent variable', Information Systems Research, vol. 3, no. 1, pp. 60-5.
Dennis, A.R. & Valacich, J.S. 2001, 'Conducting research in information systems', Communications of AIS, vol. 7, no. 1, pp. 1–41.
Dennis, A.R., Wixom, B.H. & Vandenberg, R.J. 2001, 'Understanding Fit and Appropriation Effects in Group Support Systems Via Meta-Analysis', MIS Quarterly, vol. 25, no. 2, pp. 167-93.
Dey, A. & Weis, S. 2010, 'PseudoID: Enhancing Privacy in Federated Login', Hot Topics in Privacy Enhancing Technologies, pp. 95-107.
Dhamija, R. & Dusseault, L. 2008, 'The Seven Flaws of Identity Management :Usability and Security Challenges', IEEE Security & Privacy, vol. 6, no. 2, pp. 24-9.
Dillman, D.A., Smyth, J.D. & Christian, L.M. 2008, Internet, Mail, and Mixed-Mode Surveys: The Tailored Design Method, third edn, Wiley.
Dillon, A. 2001, 'User acceptance of information technology', in W. Karwowski (ed.), Encyclopedia of Human Factors and Ergonomics, Taylor and Francis, London
Dillon, A. & Morris, M. 1996, 'User acceptance of new information technology: theories and models', in M. Williams (ed.), Annual Review of Information Science and Technology, vol. 31, Information Today Medford , NJ, pp. 3-32.
Dillon, R.S. 2010, 'Respect for persons, identity, and information technology', Ethics and Information Technology, vol. 12, no. 1, pp. 17–28.
Dinev, T. & Hart, P. 2006, 'Internet privacy concerns and social awareness as determinants of intention to transact', International Journal of Electronic Commerce, vol. 10, no. 2, pp. 7–31.
Ding, C.G. & Lin, C.-H. 2012, ' How does background music tempo work for online shopping?', Electronic Commerce Research and Applications, vol. 11, no. 3, pp. 299–307.
References
304
Dishaw, M., Strong, D. & Bandy, B. 2004, 'The Impact of Task-Technology Fit inTechnology Acceptance and Utilization Models', Proceedings of the Tenth Americas Conference on Information Systems (AMCIS), New York,USA, pp. 3306-11.
Dishaw, M.T. & Strong, D.M. 1998, 'Supporting Software Maintenance with Software Engineering Tools: A Computed Task-Technology Fit Analysis', The Journal of Systems and Software, vol. 44, no. 2, pp. 107-20.
Dishaw, M.T. & Strong, D.M. 1999, ' Extending the technology acceptance model with task-technology fit constructs', Information & Management, vol. 36, no. 1, pp. 9-21.
Dishaw, M.T. & Strong, D.M. 2003, 'The Effect of Task and Tool Experience on Maintenance CASE Tool Usage', Information Resources Management Journal, vol. 16, no. 3, pp. 1-16.
Dishaw, M.T. & Strong, D.M. 2005, 'Examining Multiple Dimensions of Task Technology Fit', Proceedings of the Eleventh Americas Conference on Information Systems(ACIS), Omaha, NE, USA.
Djamasbi, S., Strong, D.M. & Dishaw, M. 2010, 'Affect and acceptance: Examining the effects of positive mood on the technology acceptance model', Decision Support Systems vol. 48 no. 2, pp. 383–94.
Donaldson, T. & Dunfee, W.T. 1994, 'Toward a Unified Conception of Business Ethics: Integrative Social Contracts Theory', Academy of Management Review, vol. 19, no. 2, pp. 252-84.
Dowling, G.R. & Staelin, R. 1994, 'A Model of Perceived Risk and Intended Risk-handling Activity', Journal of Consumer Research, vol. 21, no. 1, pp. 193-210.
Du, P.G. 2007, Organizing Identity, Sage, London.
Duggan, M. & Brenner, J. 2013, The Demographics of Social Media Users — 2012, Pew Internet, viewed 2 Feburary 2013, <http://pewinternet.org/~/media//Files/Reports/2013/PIP_SocialMediaUsers.pdf>.
Dunleavy, P., Margetts, H., Bastow, S. & Tinkler, J. 2006, Digital Era Governance, Oxford
University Press, Oxford.
Dwivedi, Y., Williams, M., B, L. & Schwartz, A. 2008, 'Profiling adoption, acceptance, and diffusion research in the information systems discipline', Proceedings of the Sixteenth European Conference on Information Systems(ECIS), Galway, Ireland.
Dwyer, C., Hiltz, S. & Passerini, K. 2007, 'Trust and privacy concern within social networking sites: a comparison of Facebook and MySpace', Proceedings of the Thirtieth Americas Conference on Information Systems(ACIS), Keystone,Colorado.
Edwards, J.R. 2001, 'Multidimensional constructs in organizational behavior research: an integrative analytical framework', Organizational Research Methods, vol. 4, no. 2, pp. 144-92.
Economist Intelligence Unit (EIU) 2007, Digital identity authentication in e-commerce, The Economist Intelligence Unit.
El-Maliki, T. & Seigneur, J.-M. 2007, 'A Survey of User-centric Identity Management Technologies', Proceedings of International Conference on Emerging Security Information, Systems and Technologies, IEEE Computer & society, Valencia,Spain, pp. 12-7.
Elliot, A.J. & Devine, P.G. 1994, 'On the Motivational Nature of Cognitive Dissonance: Dissonance as Psychological Discomfort', Journal of Personality and Social Psychology vol. 67, no. 3, pp. 382-94.
References
305
Featherman, M.S. & Pavlou, P.A. 2003, 'Predicting e-services adoption: a perceived risk facets perspective', Int. J. Human-Computer Studies vol. 59, no. 4, pp. 451–74.
Federal Trade Commission (FTC) 2011, 'Consumer Sentinel Network Data Book for January – December, 2010', pp. 1-90, viewed 2 March 2011, <http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2010.pdf>.
Federal Trade Commission (FTC) 2012, 'Consumer Sentinel Network Data Book for January – December, 2011', pp. 1-90, viewed 15 January 2013, <http://ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2011.pdf>.
Ferdous, M.S., Jabed, M., Chowdhury, M., Moniruzzaman, M. & Chowdhury, F. 2012, 'Identity federations: A new perspective for Bangladesh', Proceedings of International Conference onInformatics, Electronics & Vision (ICIEV), Dhaka , Bangladesh, pp. 230 – 5.
Ferdous, M.S. & Josang, A. 2013, 'Entity Authentication & Trust Validation in PKI using Petname Systems', in A. Elci (ed.), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS), IGI Global.
Ferdous, M.S. & Poet, R. 2012, 'A Comparative Analysis of Identity Management Systems ', Proceedings of International Conference on High Performance Computing and Simulation (HPCS), Madrid, Spain, pp. 454 - 61.
Ferrat, T. & Vlahos, G. 1998, ' An Investigation of TaskTechnology Fit for Managers in Greece
and the US', European Journal of Information Systems, vol. 7, no. 2, pp. 123-36.
Festinger, L.A. 1957, A Theory of Cognitive Dissonance, Row, Peterson, Evanston, IL.
Field, A.P. 2009, Discovering statistics using SPSS :(and sex and drugs and rock 'n' roll), 3rd edn, Sage, London.
Finklea, K.M. 2010, Identity Theft: Trends and Issues, Congressional Research Service.
Finklea, K.M. 2012, Identity Theft: Trends and Issues, Congressional Research Service.
Fischer-Hubner, S., Pettersson, J.S., Bergmann, M., Hansen, M., Siani Pearson & Mont, M.C. 2007, 'HCI Designs for Privacy-Enhancing Identity Management', in A. Acquisti, S. Gritzalis, C. Lambrinoudakis & S.d. Vimercati (eds), Digital Privacy:Digital Privacy: Theory, Technologies, and Practices, Auerbach, New York.
Fishbein, M. & Ajzen, I. 1975, Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research, Addison-Wesley, Reading ,MA.
Florencio, D. & Herley, C. 2007, 'A Large-Scale Study of Web Password Habits', Proceedings of the Sixteenth International Conference on the World Wide Web ACM, Banff, Alberta, Canada.
Fogel, J. & Nehmad, E. 2009, 'Internet social network communities: risk taking, trust, and privacy concerns', Computers in Human Behavior, vol. 25, no. 1, pp. 153-60.
Fornell, C. & Larcker, D.F. 1981, 'Evaluating Structural Equations with Unobservable Variables and Measurement Error', Journal of Marketing Research, vol. 18, no. 1, pp. 39-50.
Friedman, A., Crowley, P. & West, D. 2011, Online Identity and Consumer Trust:Assessing Online Risk, The Brookings Institution.
Fu, Z., Wang, J., Yang, L., Cao, Y. & Zhu, A.W. 2011, 'Open Problems for Privacy Preservation in Identity Management', Applied Mechanics and Materials, vol. 40-41, pp. 652-6.
Garcia, S.S., Oliva, A.G. & Perez-Belleboni, E. 2012, 'Is Europe Ready for a Pan-European Identity Management System?', IEEE Security & Privacy, vol. 10, no. 4, pp. 44-9.
References
306
Gebauer, J., Shaw, M.J. & Gribbins, M. 2004, 'Usage and Impact of Mobile Business Applications - An Assessment Based on the Concepts of Task/Technology Fit.', Proceedings of the Americas Conference on Information Systems, New York, NY, pp. 2801-10.
Gebauer, J., Shaw, M.J. & Gribbins, M.L. 2010, 'Task-technology fit for mobile information systems', Journal of Information Technology, vol. 25, pp. 259–72.
Gefen, D., Benbasat, I. & Pavlou, P.A. 2008, 'A research agenda for trust in online environments', Journal of Management Information Systems vol. 24, no. 4, pp. 275–86.
Gefen, D., Karahanna, E. & Straub, D.W. 2003, 'Trust and TAM in online shopping: an integrated model', MIS Quarterly, vol. 27, no. 1, pp. 51–90.
Gefen, D., Rigdon, E.E. & Straub, D. 2011, 'An Update and Extension to SEM Guidelines for Administrative and Social Science Research', MIS Quarterly, vol. 35, no. 2, pp. iii-xiv.
Gefen, D. & Straub, D. 2005, 'A practical guide to factorial validity using PLS-Graph: tutorial and annotated example', Communications of the Association for Information Systems, vol. 16, no. 5, pp. 91-109.
Gefen, D., Straub, D.W. & Boudreau, M.-C. 2000, 'Structural Equation Modeling Techniques and Regression: Guidelines for Research Practice', Communications of the Association for Information Systems, vol. 4, no. 7, pp. 1-70.
Geisser, S. 1975, 'The predictive sample reuse method with applications', Journal of the American Statistical Association, vol. 70, pp. 320-8.
Gemünden, H.G. 1985, 'Perceived risk and information search: a systematic meta-analysis of empirical evidence', International Journal of Research in Marketing, vol. 2, no. 2, pp. 79-100.
Goeritz, A.S. 2006, 'Incentives in web studies: Methodological issues and a review', International Journal of Internet Science, vol. 1, no. 1, pp. 58-70.
Goodhue, D., Littlefield, R. & Straub, D.W. 1997, 'The measurement of the impacts of the IIC on the end-users: The survey', Journal of the American Society for Information Science, vol. 48, no. 5, pp. 454–65.
Goodhue, D. & Thompson, R. 1995, 'Task-Technology Fit and Individual Performance', MIS Quarterly, vol. 19, no. 2, pp. 213-36.
Goodhue, D.L. 2007, 'Comment on Benbasat and Barli's "Quo vadis TAM" article', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 219-22.
Goodhue, D.L., Klein, B.D. & March, S.T. 2000, 'User evaluations of IS as surrogates for objective performance', Information and Management, vol. 38, no. 2, pp. 87-101.
Goodhue, D.L., Lewis, W. & Thompson, R. 2006, 'PLS, Small Sample Size, and Statistical Power in MIS Research', Proceedings of the 39th Hawaii International Conference on System Sciences.
Goodhue, D.L., Lewis, W. & Thompson, R. 2012, 'Does PLS Have Advantages for Small Sample Size or Non-Normal Data? ', MIS Quarterly vol. 36, no. 3, pp. 981-1001.
Goodhue, D.L., Wybo, M.D. & Kirsch, L.J. 1992, 'The impact of data integration on the costs and benefits of information systems', MIS Quarterly, vol. 16, no. 3, pp. 293-311.
Goodhue, L. 1995, 'Understanding user evaluations of information systems.', Management Science, vol. 41, no. 12, pp. 1827–44.
Goritz, A.S. & Wolff, H.-G. 2008, 'Individual payments as a longer-term incentive in online panels', Behavior Research Methods, vol. 40, no. 4, pp. 1144-9.
References
307
Gosling, S.D., Vazire, S., Srivastava, S. & John, O.P. 2004, 'Should We Trust Web-Based Studies?: A Comparative Analysis of Six Preconceptions About Internet Questionnaires', American Psychologist, vol. 59, no. 2, pp. 93–104.
Goth, G. 2005, 'Identity Theft Solutions Disagree on Problem', IEEE Distributed Systems Online, vol. 6, no. 8.
Greenfield, R. 2011, Hints Facebook Is Becoming a Full-On Identification Service, The Atlantic Wire, viewed 28 December 2012 <http://www.theatlanticwire.com/technology/2011/08/facial-recognition-facebook-becoming-full-identification-service/40675/>.
Greenwood, D., PDempster, A., Laird, N.M. & Rubin, D.B. 2007, 'The context for Identity Management Architectures and Trust Models', Proceedings of the OECD Workshop on Digital Identity Management, Trondheim, Norway.
Grimsley, M. & Meehan, A. 2007, ' e-Government information systems: evaluation-led design for public value and client trust.', European Journal of Information Systems, vol. 16, no. 2, pp. 134–48.
Gross, R. & Acquisti, A. 2005, 'Information Revelation and Privacy in Online Social Networks (The Facebook case)', Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES), ACM, Alexandria, Virginia, USA.
Grossman, M., Aronson, J.E. & McCarthy, R.V. 2005, 'Does UML Make the Grade? Insights from the Software Development Community', Information and Software Technology, vol. 47, no. 6, pp. 383-97.
Guadagnoli, E. & Velicer, W.F. 1988, 'Relation of sample size to the stability of component patterns', Psychological Bulletin, vol. 103, no. 2, pp. 265-75.
Guba, E.G. & Lincoln, Y.S. 1994, 'Competing paradigms in qualitative research', in N.K. Denzin & Y.S. Lincoln (eds), Handbook of qualitative research, Thousand Oaks, CA: Sage, pp. 105-17.
Gwebu, K.L. & Wang, J. 2011, 'Adoption of Open Source Software: The role of social identification', Decision Support Systems, vol. 51 no. 1, pp. 220–9.
Ha, S. & Stoel, L. 2009, 'Consumer e-shopping acceptance: Antecedents in a technology acceptance model', Journal of Business Research, vol. 62, no. 5, pp. 565–71.
Hair, J., Black, W., Babin, B. & Anderson, R. 2010, Multivariate Data Analysis – A Global Perspective, Seventh edn, Pearson Prentice Hall, New Jersey
Hair, J.F., Money, A.H., Samouel, P. & Page, M. 2007, Research Methods for Business, John Wiley & Sons, Ltd.
Hair, J.F., Sarstedt, M., Ringle, C.M. & Mena, J.A. 2012, 'An assessment of the use of partial least squares structural equation modeling in marketing research', Journal of the Academy of Marketing Science, vol. 40, no. 3, pp. 414-33.
Halperin, R. 2006, 'Identity as an Emerging Field of Study', Data Protection and Data Security, vol. 30, no. 0, pp. 533-7.
Halperin, R. & Backhouse, J. 2008, ' A roadmap for research on identity in the information society', Identity in the Information Society (IDIS), vol. 1, no. 1, pp. 71–87.
References
308
Hampton, K., Goulet, L., Rainie, L. & Purcell, K. 2011, Social networking sites and our lives, Pew Internet, viewed 20 January 2013, <http://www.pewinternet.org/~/media/Files/Reports/2011/PIP_ Social networking sites and our lives.pdf>.
Hansen, M., Pfitzmann, A. & Steinbrecher, S. 2008, ' Identity management throughout one's
whole life', Information Security Technical Report vol. 13, no. 2, pp. 83–94.
Hansen, M., Berlich, P., Camenisch, J., Claub, S., Pfitzmann, A. & Waidner, M. 2004, 'Privacy-Enhancing Identity Management', Information Security Technical Report, vol. 9, no. 1, pp. 35-44.
Heijden, H.V. 2003, 'Factors influencing the usage of websites: the case of a generic portal in The Netherlands', Information & Management, vol. 40, no. 6, pp. 541–9.
Henseler, J. & Fassott, G. 2010, 'Testing moderating effects in PLS path models: an illustration of available procedures', in E. Vinzi, W.W. Chin, J. Henseler & H. Wang (eds), Handbook of partial least squares, Springer, Heidelberg.
Hinkin, T.R. 1998, 'A Brief Tutorial on the Development of Measures for Use in Survey Questionnaires', Organizational Research Methods, vol. 1, no. 1, pp. 104-21.
Hirschheim, R. 2007, 'Introduction to the special issue on “Quo Vadis TAM—issues and reflections on technology acceptance research', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 8-18.
Hirschheim, R.A. 1991, 'Information systems epistemology: an historical perspective', in R. Galliers (ed.), Information Systems Research: Issues, Methods, and Practical Guidelines, Blackwell Scientific Publications, Oxford, pp. 28-60.
Hitachi ID Systems Inc 2012, Defining Identity Management, Hitachi ID Systems, <http://hitachi-id.com/password-manager/docs/defining-enterprise-identity-management.pdf>.
Hoehle, H., Scornavacca, E. & Huff, S. 2012, ' Three decades of research on consumer adoption and utilization of electronic banking channels: A literature analysis', Decision Support Systems, vol. 54, no. 1, pp. 122–32.
Hoelter, J.W. 1983, 'The analysis of covariance structures: Goodness-of-fit indices',
Sociological Methods and Research, vol. 11, no. 3, pp. 325-44.
Hoffman, D.L., Novak, T.P. & Peralta, M. 1999, ' Building consumer trust online', Communications of the ACM, vol. 42, no. 4, pp. 80-5.
Holden, S. & Millett, L. 2005, ' Authentication, privacy, and the federal E-Government', Information Society vol. 21, no. 5, pp. 367–77.
Hong, S.-J. & Tam, K.Y. 2006, 'Understanding the Adoption of Multi-purpose Information Alliances: The Case of Mobile Data Services', Information Systems Research, vol. 17, no. 2, pp. 162-79.
Hong, W., Thong, J.Y.L., Wong, W.-m. & Tam, K.-y. 2002, 'Determinants of User Acceptance of Digital Libraries: An Empirical Examination of Individual Differences and System Characteristics', Journal of Management Information Systems vol. 18, no. 3, pp. 97–124.
Hossain, L. & deSilva, A. 2009, 'Exploring user acceptance of technology using social networks', Journal of High Technology Management Research, vol. 20 no. 1, pp. 1–18.
Hovav, A. & Berger, R. 2009, 'Tutorial: Identity Management Systems and Secured Access Control', Communications of the Association for Information Systems, vol. 25, no. 1, pp. 531-70.
References
309
Huhnlein, D., Robnagel, H. & Zibuschka, J. 2010, 'Diffusion of Federated Identity Management', Proceedings of Information Security Solutions Europe - Sicherheit, Schutz und Zuverlässigkeit (ISSE/SICHERHEIT 2010), vol. 170, ed. F.C. Freiling, GI, Berlin,Germany, pp. 25-36.
Hui, K.-L., Teo, H.H. & Lee, S.-Y.T. 2007, ' The value of privacy assurance: an exploratory field experiment. ', MIS Quarterly, vol. 31, no. 1, pp. 19–33.
Hwang, Y. & Lee, K.C. 2012, ' Investigating the moderating role of uncertainty avoidance cultural values on multidimensional online trust', Information & Management, vol. 49, no. 3-4, pp. 171–6.
Im, I., Hong, S. & Kang, M.S. 2011, 'An international comparison of technology adoption
Testing the UTAUT model', Information & Management, vol. 48, no. 1, pp. 1–8.
Im, I., Kim, Y. & Han, H.-J. 2008, 'The effects of perceived risk and technology type on users’ acceptance of technologies', Information & Management, vol. 45, no. 1, pp. 1–9.
IP, R. 2005, 'An Exploratory Study on how Weblog Technologies Fit Virtual Community Members' Social Needs', Proceedings of the Eleventh Americas Conference on Information Systems, Omaha, NE,USA, pp. 1-14.
Identity Theft Resource Center (ITRC) 2011, 2011 Data Breach Stats, Identity Theft Resource Center, viewed 18 Feb 2011 <http://www.idtheftcenter.org/ITRC%20Breach%20Stats%20Report%202011.pdf>.
Ivy, K., Conger, S. & Landry, B.J. 2010, '30P. Federated Identity Management: Why is Adoption so Low?', Proceedings of International Conference on Information Resources Management(CONF-IRM 2010), Association for Information Systems AIS Electronic Library (AISeL), Montego Bay, Jamaica, <http://aisel.aisnet.org/confirm2010/34>.
Jarvenpaa, S.L. & Tractinsky, N. 1999, 'Consumer trust in an Internet store: A cross-cultural validation', Journal of Computer Mediated Communication, vol. 5, no. 2, pp. 1-36.
Jensen, J. 2012, ' Federated Identity Management Challenges', Proceedings of Seventh International Conference on Availability, Reliability and Security, IEEE Computer Society, Prague , Czech republic, pp. 230- 5.
Jensen, J. & Jaatun, M.G. 2013, 'Federated Identity Management—We Built It; Why Won’t
They Come?', IEEE Security & Privacy, vol. 11, no. 2, pp. 34 - 41.
Jeyaraj, A., Rottman, J.W. & Lacity, M.C. 2006, 'A review of the predictors, linkages, and biases in IT innovation adoption research', Journal of Information Technology, vol. 21, no. 1, pp. 1–23.
Johnson, R.E., Rosen, C.C. & Djurdjevic, E. 2011, 'Assessing the Impact of Common Method Variance on Higher Order Multidimensional Constructs', Journal of Applied Psychology, vol. 96, no. 4, pp. 744–61.
Jones, A.B. & Hubona, G.S. 2005, 'Individual differences and usage behavior: revisiting a technology acceptance model assumption', The Data Base for Advances in Information Systems, vol. 33, no. 2, pp. 58-77.
Josang, A., Al-Zomai, M. & Suriadi, S. 2007b, 'Usability and Privacy in Identity Management Architectures', Proceedings of the Fifth Australasian Fymposium on ACSW Frontiers, Australian Computer Society, Ballarat, Australia pp. 143-52.
Josang, A. & Pope, S. 2005, 'User centric identity management', Proceedings of Asia Pacific Information Technology Security Conference (AusCERT), Gold Coast, Australia, pp. 77–89.
Junglas, I.A., Abraham, C. & Watson, R.T. 2008, 'Task-technology fit for mobile locatable information systems', Decision Support Systems, vol. 45, no. 4, pp. 1046-57.
References
310
Junglas, I.A., Johnson, N.A. & Spitzmuller, C. 2008, 'Personality traits and concern for privacy:an empirical study in the context of location-based services', European Journal of Information Systems vol. 17, no. 4, pp. 387–402.
Junglas, L. & Watson, R. 2003, ' U-commerce: A conceptual extensions of e-commerce and m commerce', Proceedings of the twenty fourth International Conference on Information Systems, Seattle, WA, pp. 14-7.
Kahneman, D. & Tversky, A. 1979, 'Prospect Theory: An Analysis of Decision under Risk', Econometrica, vol. 47, no. 2, pp. 263-92.
Kaplan, B. & Duchon, D. 1988, 'Combining qualitative and quantitative methods in information systems research: a case study', MIS Quarterly, vol. 12, no. 4, pp. 570 - 86.
Karahanna, E., Straub, D.W. & Chervany, N.L. 1999, 'Information Technology Adoption Across Time: A Cross-Sectional Comparison of Pre-Adoption and Post-Adoption Beliefs', MIS Quarterly, vol. 23, no. 2, pp. 183-213.
Karch, E. 2011, Identity Management: A System Engineering Survey of Concepts and Analytical Approaches, Karchworld Identity viewed 31 August 2011 <http://blogs.msdn.com/b/karchworld_identity/archive/2011/04/02/identity-management-a-system-engineering-survey-of-concepts-and-analytical-approaches.aspx>.
Kerlinger, F.N. 1973, Foundations of Behavioral Research, 2nd edn, Holt McDougal, New York.
Kim, C., Galliers, R.D., Shin, N., Ryoo, J.-H. & Kim, J. 2012, 'Factors influencing Internet shopping value and customer repurchase intention', Electronic Commerce Research and Applications, vol. 11, no. 4, pp. 374–87.
Kim, H.-W., Xu, Y. & Gupta, S. 2012, 'Which is more important in Internet shopping, perceived price or trust?', Electronic Commerce Research and Applications, vol. 11, no. 3, pp. 241–52.
Kim, H.-W., Zheng, J.R. & Gupta, S. 2011, 'Examining knowledge contribution from the
perspective of an online identity in blogging communities', Computers in Human Behavior, vol. 27, no. 5, pp. 1760–70.
Kim, S.H. 2008, 'Moderating effects of Job Relevance and Experience on mobile wireless technology acceptance: Adoption of a smartphone by previous individuals', Information & Management, vol. 45, no. 6, pp. 387-93
King, W.R. & He, J. 2006, 'A meta-analysis of the technology acceptance model', Information & Management, vol. 43, no. 6, pp. 740–55.
Kitchenham, B.A. 2004, Procedures for Undertaking Systematic Reviews, Joint Technical Report Computer Science Department, Keele University
Kitchenham, B.A., Budgen, D. & Brereton, O.P. 2011, 'Using mapping studies as the basis for further research – A participant-observer case study', Information and Software Technology, vol. 53, no. 6, pp. 638–51.
Klonglan, G.E. & Coward, E.W.J. 1970, 'The Concept of Symbolic Adoption: A Suggested Interpretation', Rural Sociology, vol. 35, no. 1, pp. 77-83.
Klopping, I.M. & McKiney, E. 2004, 'Extending the Technology Acceptance Model and the Task-Technology Fit Model to Consumer E-Commerce', Information Technology, Learning, and Performance Journal, vol. 22, no. 1, pp. 35-48.
Koch, M. 2002, ' Global identity management to boost personalization', Proceedings of the Ninth Research Symptom on Emerging Electronic Markets, eds P. Schubert & U. Leimstoll, Basel,Switzerland, pp. 137–47.
References
311
Koch, M. & Woerndl, W. 2001, 'Community Support and Identity Management', Proceedings of the European Conference on Computer Supported Cooperative Work, Bonn, Germany.
Koh, C.E. & Nam, K.T. 2005, 'Business use of the internet: a longitudinal study from a value chain perspective', Industrial Management & Data Systems, vol. 105, no. 1, pp. 85-95.
Komiak, S.Y.X. & Benbasat, I. 2006, 'The Effects of Personalization and FamiIliarity on Trust and Adoption of Recommendation Agents', MIS Quarterly, vol. 30, no. 4, pp. 941-60.
Koops, B. & Leenes, R. 2006, 'Identity Theft, Identity Fraud and/or Identity-Related Crime', Data Protection and Data Security, vol. 30, no. 9, pp. 553-9.
Kosta, E., Dumortier, J., Ribbers, P., Fairchild, A., Tseng, J.S. & Liesebach, K. 2008, Requirements for privacy enhancing tools, PRIME Consortium.
Koufaris, M. & Hampton-Sosa, W. 2004, 'The development of initial trust in an online company by new customers', Information & Management, vol. 41, pp. 377–97.
Kuechler, W. & Vaishnavi, V. 2012, 'A framework for theory development in design science research: multiple perspectives', Journal of the Association for Information Systems, vol. 13, no. 6, pp. 395–423.
Kumar, N., Mohan, K. & Holowczak, R. 2008, 'Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls', Decision Support Systems vol. 46, no. 1, pp. 254–64.
Kwon, O. & Wen, Y. 2010, 'An empirical study of the factors affecting social network service use', Computers in Human Behavior vol. 26 no. 2, pp. 254–63.
Kwon, T.H. & Zmud, R.W. 1987, 'Unifying the Fragmented Models of Information Systems Implementation', in R.J. Boland & R.A. Hirschheim (eds), Critical Issues in Information Systems Research, John Wiley & Sons, New York, pp. 227–51.
Landau, S., Gong, H.L. & Wilton, R. 2009, 'Achieving privacy in a federated identity management system', in R. Dingledine & P. Golle (eds), Financial Cryptography, vol. 5628 of Lecture Notes in Computer Science, Springer, pp. 51-70.
Landau, S. & Moore, T. 2012, 'Economic tussles in federated identity management', First Monday, vol. 17, no. 10.
Laudon, K. & Traver, C. 2001, E-commerce. Business, technology, society, 5th edn, Pearson Prentice Hall, Upper Saddle River, NJ.
Lee, C., Cheng, H.K. & Cheng, H. 2007, 'An Empirical Study of Mobile Commerce in Insurance Industry: Task-Technology Fit and Individual Differences', Decision Support Systems, vol. 43, pp. 95-110.
Lee, C.H. & Cranage, D.A. 2010, 'Personalisatione privacy paradox: The effects of personalisation and privacy assurance on customer responses to travel Web sites', Tourism Management vol. 32, no. 5, p. 18.
Lee, H., Jeun, I. & Jung, H. 2009, 'Criteria for evaluating the privacy protection level of Identity Management Services', Proceedings of the Third International Conference on Emerging Security Information, Systems and Technologies(SECURWARE 2009), IEEE, Athens/Glyfada, Greece, pp. 150-60.
Lee, I., Choi, B., Kim, J. & Hong, S.J. 2007a, 'Culture-technology fit: effects of cultural characteristics on the post-adoption beliefs of mobile Internet users', International Journal of Electronic Commerce, vol. 11, no. 4, pp. 11–51.
Lee, K., Kang, I. & Kim, J. 2007, 'Exploring the user interface of negotiation support systems from the user acceptance perspective', Computers in Human Behavior, vol. 23 no. 5, pp. 220-39.
References
312
Lee, M. 2009a, 'Factors influencing the adoption of internet banking: An integration of TAM and TPB with perceived risk and perceived benefit', Electronic Commerce Research and Applications, vol. 8, no. 3, pp. 130-41.
Lee, M. 2009b, 'Predicting and explaining the adoption of online trading: An empirical study in Taiwan', Decision Support Systems vol. 47, no. 2, pp. 133–42.
Lee, S.C. 2003, An Introduction to Identity Management, SANS Institute InfoSec Reading Room.
Lee, S.M., Park, S.H., Yoon, S.N. & Yeon, S.J. 2007b, 'RFID based ubiquitous commerce and consumer trust', Industrial Management & Data Systems, vol. 107, no. 5, pp. 605-17.
Lee, Y., Kozar, K.A. & Larsen, K.R.T. 2003, 'The Technology Acceptance Model: Past, Present, and Future', Communications of the Association for Information Systems, vol. 12, no. 1, pp. 752-80.
Lee, Y., Lee, J. & Lee, Z. 2006, 'Social Influence on Technology Acceptance Behavior: Self-Identity Theory Perspective', The DATA BASE for Advances in Information Systems, vol. 37, no. 2/3, pp. 61-75.
Lee, Y.-K., Park, J.-H., Chung, N. & Blakeney, A. 2012, 'A unified perspective on the factors influencing usage intention toward mobile financial services', Journal of Business Research, vol. 65, no. 11, pp. 1590–9.
Legris, P., Ingham, J. & Collerette, P. 2003, 'Why do people use information technology? A
critical review of the technology acceptance model ', Information & Management, vol. 40, no. 3, pp. 191-204.
Leskinen, J. 2012, 'Evaluation Criteria for Future Identity Management', Proceedings of IEEE eleventh th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool ,UK pp. 801 - 6.
Lessa, L., Negash, S. & Donald, A.L. 2011, 'Acceptance of WoredaNet E-Government Services
in Ethiopia:Applying the UTAUT Model', Proceedings of the Seventeenth Americas Conference on Information Systems(AMCIS2011), Detroit,USA.
Lewicki, R., McAllister, D. & Bies, R. 1998, 'Trust and Distrust: New Relationships and Realities', Academy of Management Review, vol. 23, pp. 438-58.
Li, Y. 2012, ' Theories in online information privacy research: A critical review and an integrated framework', Decision Support Systems, vol. 54, no. 1, pp. 471–81.
Li, H., Sarathy, R. & Xu, H. 2010, 'Understanding situational online information disclosure as a
privacy calculus', Journal of Computer Information Systems, vol. 51, no. 1, pp. 62-71.
Li, X., Hess, T.J. & Valacich, J.S. 2008, 'Why do we trust new technology? A study of initial trust formation with organizational information systems', Journal of Strategic Information Systems, vol. 17, pp. 39–71.
Li, Y.-H. & Huang, J.-W. 2009, 'Applying Theory of Perceived Risk and Technology Acceptance Model in the Online Shopping Channel', World Academy of Science, Engineering and Technology, vol. 53 pp. 919-25.
Liang, H., Saraf, N., Hu, Q. & Xue, Y. 2007, 'Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management', MIS Quarterly, vol. 31, no. 1, pp. 59-87.
Liao, C., Chen, J.-L. & Yen, D. 2007, 'Theory of planning behavior (TPB) and customer satisfaction in the continued use of e-service: An integrated model', Computers in Human Behavior, vol. 23 no. 6, pp. 2804–22.
References
313
Liao, C., Liu, C.-C. & Chen, K. 2011, 'Examining the impact of privacy, trust and risk perceptions beyond monetary transactions: An integrated model', Electronic Commerce Research and Applications, vol. 10, no. 6, pp. 702-15.
Liaw, S.S., Chang, W.C., Hung, H.W. & Huang, H.M. 2006, 'Attitudes toward search engines as a learning assisted tool: approach of Liaw and Huang’s research model', Computers in Human Behavior, vol. 22, no. 2, pp. 177-90.
Liebenau, J. & Backhouse, J. 1990, Understanding Information: An Introduction., Macmillan, London.
Lindell, M. & Whitney, D. 2001, 'Accounting for Common Method Variance in Cross-Sectional Research Designs', Journal of Applied Psychology, vol. 86, no. 1, pp. 114-21.
Lingyun, Q. & Dong, L. 2008, 'Applying TAM in B2C E-Commerce Research:An Extended Model', Tsinghua Science & Technology, vol. 13, no. 3, pp. 265-72.
LinkedIn 2012, LinkedIn Global Demographics and Statistics January 2012, The Undercover Recruiter, viewed 1 October 2012 < http://theundercoverrecruiter.com/linkedin-demographics-and-statistics-2012-slides/>.
Lips, M. & Pang, C. 2008, Identity Management in Information Age Government Exploring Concepts, Definitions, Approaches and Solutions, Technical Report of the Victoria University of Wellington.
Littler, D. & Melanthiou, D. 2006, 'Consumer perceptions of risk and uncertainty and the implications for behavior towards innovative retail services: the case of Internet banking', Journal of Retailing and Consumer Services, vol. 13, no. 6, pp. 431–43.
Liu, C., J.T. Marchewka, Lu, J. & Yu, C.S. 2005, 'Beyond concern-a privacy-trust-behavioral intention model of electronic commerce', Information & Management, vol. 42, no. 2, pp. 289-304.
Liu, K. 2000, Semiotics in Information Systems Engineering, Cambridge University Press, Cambridge.
Lo, J. 2010, 'Privacy Concern, Locus of Control, and Salience in a Trust-Risk Model of Information Disclosure on Social Networking Sites', Proceedings of the Sixteenth Americas Conference on Information Systems (AMCIS2010), Lima, Peru.
Lohmoller, J.B. 1989, Latent Path Modeling with Partial Least Squares, Physica-Verlag, Heidelberg.
Lowry, P.B., Cao, J. & Everard, A. 2011, 'Privacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: the case of instant messaging in two cultures', Journal of Management Information Systems, vol. 27, no. 4, pp. 165–204.
Lu, J., Yao, J.E. & Yu, C.-S. 2005, 'Personal innovativeness, social influences and adoption of wireless Internet services via mobile technology', Journal of Strategic Information Systems, vol. 14, no. 3, pp. 245–68.
Ludwig, H.J. 2010, Australian Privacy Principles Companion Guide, Australian Government. Luo, X. 2002, 'Trust production and privacy concerns on the Internet A framework based on
relationship marketing and social exchange theory', Industrial Marketing Management, vol. 31, no. 2, pp. 111-8.
Luo, X., Li, H., Zhang, J. & Shim, J.P. 2010, 'Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services', Decision Support Systems, vol. 49, no. 2, pp. 222-34.
References
314
MacKenzie, S.B., Podsakoff, P.M. & Jarvis, C.B. 2005, 'The problem of measurement model misspecification in behavioral and organizational research and some recommended solutions', Journal of Applied Psychology, vol. 90, no. 4, pp. 710-30.
MacKenzie, S.B., Podsakoff, P.M. & Podsakoff, N.P. 2011, 'Construct Measurement and Validation Procedures in MIS and Behavioral Research: Integrating New and Existing Techniques ', MIS Quarterly, vol. 35, no. 2, pp. 293-334.
Maler, E. & Reed, D. 2008, ' The Venn of identity - options and issues in federated identity management', IEEE Security & Privacy, vol. 6, no. 2, pp. 16-23.
Malhotra, N.K., Kim, S.S. & Agarwal, J. 2004, ' Internet Users' Information Privacy Concerns (IUIPC): the construct, the scale, and a causal model', Information Systems Research, vol. 15, no. 4, pp. 336–55.
Malhotra, N.K., Kim, S.S. & Patil, A. 2006, 'Common Method Variance in Is Research: A Comparison of Alternative Approaches and aReanalysis of past Research', Management Science, vol. 52, no. 12, pp. 1865-83.
Malhotra, Y. & Galletta, D.F. 1999, 'Extending the Technology Acceptance Model to Account for Social Influence: Theoretical Bases and Empirical Validation', Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences, vol. 1, IEEE Computer Society Washington, DC, USA.
Malhotra, Y. & Galletta, D.F. 2005, 'A multidimensional commitment model of volitional systems adoption and usage behavior', Journal of Management Information Systems, vol. 22, no. 1, pp. 117-51.
Mallat, N. 2007, 'Exploring consumer adoption of mobile payments – A qualitative study', Journal of Strategic Information Systems, vol. 16, no. 4, pp. 413–32.
March, S.T. & Smith, G.F. 1995, 'Design and natural science research on information technology', Decision Support Systems, vol. 15, no. 4, pp. 251-66.
Marcoulides, G.A., Chin, W.W. & Saunders, C. 2009, 'A Critical Look ar Partial Least Squares Modeling', MIS Quarterly, vol. 33, no. 1, pp. 171-5.
Marmol, F.G., Girao, J. & Perez, G.M. 2010, 'TRIMS, a privacy-aware trust and reputation model for identity management systems', Computer Networks, vol. 54, no. 16, pp. 2899–912.
Marsh, H.M., Muthen, B., Asparouhov, A., Lüdtke, O., Robitzsch, A., A, A., Morin & Trautwein, U. 2009, 'Exploratory Structural Equation Modeling, Integrating CFA and EFA: Application to Students’ Evaluations of University Teaching', Structural Equation Modeling, vol. 16, pp. 439-76.
Mayer, R., Davis, J. & Schoorman, D. 1995, 'An integrative model of organizational trust', Academic of Management Review, vol. 20, no. 3, pp. 709-34.
McCoy, S., Galletta, D.F. & King, W.R. 2007, ' Applying TAM across cultures: the need for caution', European Journal of Information Systems, vol. 16, no. 1, pp. 81–90.
McKnight, D.H. 2005, 'Trust in Information Technology', in G.B. Davis (ed.), The Blackwell Encyclopedia of Managemen Information Systems, vol. 7, Blackwell, Malden, MA, pp. 329-31.
McKnight, D.H., Choudhury, V. & Kacmar, C. 2002, 'Developing and Validating Trust Measures for e-Commerce: An Integrative Typology', Information Systems Research, vol. 13, no. 3, pp. 334–59.
McKnight, D.H., Cummings, L.L. & Chervany, N.L. 1998, 'Initial Trust Formation in New Organizational Relationships', The Academy of Management Review, vol. 23, no. 3, pp. 473-90.
References
315
McLaughlin, M., Briscoe, G. & Malone, P. 2010, 'Digital Identity in The Absence of Authorities: A New Socio-Technical Approach', The Computing Research Repository, vol. 1011.
McLaughlin, M., Malone, P. & Jennings, B. 2009, 'A Model for Identity in Digital Ecosystems', Proceedings of the Third IEEE International Conference on Digital Ecosystems and Technologies, Istanbul, Turkey, pp. 295-30.
Meints, M. 2009, D3.17: Identity management systems – recent developments, FIDIS, viewed 4 April 2011 <http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables3/fidis-wp3-del3.17_Identity_Management_Systems-recent_developments-final.pdf>.
Melone, N. 1990, 'A Theoretical Assessmenot f the User-Satisfaction Construct in Information Systems Research', Management Science, vol. 36, no. 1, pp. 76-91.
Mercator Advisory Group (MAG) 2011, Trekking to Find the Holy Grail: E-Commerce Identity and Authentication ,Special Report in Collaboration with the Merchant Risk Council, Mercator Advisory Group.
Metzger, M.J. 2004, 'Privacy, Trust, and Disclosure: Exploring Barriers to Electronic Commerce', Journal of Computer-Mediated Communication, vol. 9, no. 4.
miiCard 2011, NSITIC's proposals-Key to mass adoption of a Online Identity ?, miiCard, viewed 20 January 2013 <http://www.miicard.com/blog/201105/nstics-proposals-key-mass-adoption-online-identity>.
Mingers, J. 2001, 'Combining IS Research Methods: Towards a Pluralist Methodology', Information Systems Research, vol. 12, no. 3, pp. 240-59.
Miyata, T., Koga, Y., Adachi, S.-I., Tsuchiya, Y., Sakamoto, Y. & Takahashi, K. 2006, ' A survey on identity management protocols and standards ', IEICE Transactions on Information and Systems, vol. E89-D, no. 1, pp. 112–23.
Mont, M.C., Bramhall, P. & Pato, J. 2003, On Adaptive Identity Management: The Next Generation of Identity Management Technologies, HP Laboratories Bristol.
Moon, J.W. & Kim, Y.G. 2001, 'ExtendingtheTAMforaWorld-Wide-Web context', Information & Management, vol. 38, no. 4, pp. 217–30.
Moore, G. & Benbasat, I. 1991, 'Development of an Instrument to Measure perceptions of Adopting an Information Technology Innovation', Information Systems Research, vol. 2, no. 3, pp. 192–222.
Moore, K. & McElroy, J.C. 2012, 'The influence of personality on Facebook usage, wall postings, and regret', Computers in Human Behavior, vol. 28, no. 1, pp. 267–74.
Morris, M.G., Venkatesh, V. & Ackerman, P.L. 2005, 'Gender and Age Differences in Employee Decisions about New Technology: An Extension to the Theory of Planned Behavior', IEEE Transactions on Engineering Management, vol. 52, no. 1, pp. 69-84.
Munkwitz-Smith, J.V. & West, A. 2004, 'Identity and access Management:Technological and Implementatio of Policy', College and University Journal, vol. 80, no. 2, pp. 27-31.
Murthy, U.S. & Kerr, D.S. 2000, 'Task/Technology Fit and the Effectiveness of Group Support Systems: Evidence in the Context of Tasks Requiring Domain Specific Knowledge', Proceedings of the Thirty-third Hawaii International Conference on System Sciences(HICSS), Hawai,USA, pp. 1-10.
Myers, M. & Newman, M. 2007, 'The qualitative interview in IS research:Examining the craft', Information and Organization, vol. 17, no. 1, pp. 2–26.
References
316
Nance, W.D. & Straub, D.W. 1996, ' An Investigation of Task/Technology Fit and Information Technology Choices in Knowledge Work', Journal of Information Technology Management, vol. 7, no. 3/4, pp. 1-14.
Nass, C. & Moon, Y. 2000, 'Machines and mindlessness: social responses to computers', Journal of Social Issues, vol. 56, no. 1, pp. 81–103.
Nass, C., Moon, Y., Fogg, B.J., Reeves, B. & Dryer, D.C. 1995, 'Can computer personalities be human personalities? ', International Journal of Human–Computer Studies, vol. 43, no. 2, pp. 223–39.
Netemeyer, R.G., Bearden, W.O. & Sharma, S. 2003, Scaling Procedures: Issues and Applications, Thousand Oaks, Sage Publications, CA.
Neuman, W.L. 2003, Social Research Methods – Qualitative and Quantitative Approaches, Allyn and Bacon., Boston.
Nickerson, C. 2008, 'Towards the Creation of Appropriate Teaching Materials for High Proficiency ESL Learners: The Case of Indian Management Students', The Electronic Journal for English as a Second Language, vol. 12, no. 13.
Nickerson, J.V. & zurMuehlen, M. 2006, 'The Ecology of Standards Processes: Insights from Internet Standard Making', MIS Quarterly, vol. 30, no. 5, pp. 467-88.
Nielson 2007, 875MM Consumers Have Shopped Online - Up 40% in Two Years, Nelson, viewed 22 August 2012 <http://www.marketingcharts.com/direct/875mm-consumers-have-shopped-online-up-40-in-two-years-3225/>.
Nielson 2011, Social Media Influence on Consumer Behavior 2011 Statistics, viewed 15 September 2012 <http://blog.nielsen.com/nielsenwire/social/>.
Norberg, P.A., Horne, D.R. & David, T.A. 2007, 'The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors', the Journal of Consumer Affairs, vol. 41, no. 1, p. 100.
OASIS 2005, 'Working Draft Version 04, An Introduction to XRIs', pp. 1-25, viewed 25 October 2012, <https://www.oasis-open.org/committees/download.php/11857/xri-intro-V2.0-wd-04.pdf>.
O'Brien, L., Merson, P. & Bass, L. 2007, 'Quality attributes for service-oriented architectures', Proceedings of The international Workshop on Systems Development in SOA Environments ,IEEE Computer and Society ,Washington, DC, USA.
OECD 2011, ‘National Strategies and Policies for Digital Identity Management in OECD Countries’, OECD Digital Economy Papers, No. 177, OECD Publishing, viewed 11 June 2012, <http://dx.doi.org/10.1787/5kgdzvn5rfs2-en>.
Oliveira, T. & Martins, M.F. 2011, 'Literature Review of Information Technology Adoption Models at Firm Level', The Electronic Journal Information Systems Evaluation, vol. 14, no. 1, pp. 110-21.
Oliver, R.L., Balakrishnan, P.V.S. & Barry, B. 1994, 'Outcome Satisfaction in Negotiation: A Test of Expectancy Disconfirmation', Organizational Behavior and Human Decision Processes, vol. 60, no. 2, pp. 252-75.
Olson, M. 2011, Research Study: Consumer Perceptions of Online Registration and Social Sign-in, Janrain, viewed 11 January 2013 <http://janrain.com/blog/research-study-consumer-perceptions-online-registration-and-social-sign/>.
References
317
Orlikowski, W.J. & Lacono, C.S. 2001, 'Research commentary: Desperately seeking the "IT" in IT research - A call to theorizing the IT artifact', Information Systems Research, vol. 12, no. 2, pp. 121-34.
Ostergaard, S.D. & Hvass, M. 2008, 'eGovernment 2.0 –How can Government benefit from web 2.0?', Journal of Systemics,Cybernetics and Informatics, vol. 6, no. 6, pp. 13–8.
Ouellette, J.A. & Wood, W. 1998, 'Habit and intention in everyday life: The multiple processes by which past behavior predicts future behavior', Psychological Bulletin, vol. 124, pp. 54-74.
Pavlou, P. & Gafen, D. 2004, 'Building effective online marketplaces with institution-based trust', Information Systems Research, vol. 15, no. 1, pp. 37–59.
Pavlou, P. & Gefen, D. 2005, 'Psychological contract violation in online marketplaces: Antecedents, consequences, and moderating role', Information Systems Research, vol. 16, no. 4, pp. 372-99.
Pavlou, P.A. 2003, 'Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model', International Journal of Electronic Commerce, vol. 7, no. 3, pp. 101-34.
Petronio, S. 2000, The boundaries of privacy: Praxis of everyday life, in S. Petronio (ed.), Balancing the secrets of private disclosures, Lawrence Erlbaum, Mahwah, NJ, pp. 37-49.
Petter, S., Straub, D. & Rai, A. 2007, 'Specifying Formative Constructs in Information Systems Research', MIS Quarterly, vol. 31, no. 4, pp. 623-56.
Petticrew, M. & Roberts, H. 2006, Systematic Reviews in the Social Sciences: A Practical Guide, Blackwell Publishing.
Pfitzmann, A. & Hansen, M. 2010, 'A terminology for talking about privacy by data minimization:Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management', viewed 2 Febraury 2012, <http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf>.
Pinsonneault, A. & Kraemer, K.L. 1993, 'Survey research methodology in management information systems: an assessment', Journal of Management Information Systems, vol. 10, no. 2, pp. 75-105.
Podsakoff, P.M., MacKenzie, S.B. & Lee, J.-Y. 2003, 'Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies', Journal of Applied Psychology, vol. 88, no. 5, pp. 879–903.
Poetzsch, S., Meints, M., Priem, B., Leenes, R. & Husseiki, R. 2009, D3.12: Federated Identity Management – what’s in it for the citizen/customer?, FIDIS, viewed 18 August 2010 <http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables/fidis-wp3del3.12.Federated_Identity_Management.pdf>.
Power, R. 2011, Face recognition and social media meet in the shadows, Network World, viewed 28 June 2012 <http://www.networkworld.com/news/2011/080111-face-recognition-and-social-media.html?page=2>.
Presser, S. & Blair, J. 1994, 'Survey pretesting: Do different methods produce different results?', in P.V. Marsden (ed.), Sociological Methodology, vol. 24, Sage, Beverly Hills, CA, pp. 73-104.
Presser, S., Couper, M.P., Lessler, J.T., Martin, E., Martin, J., Rothgeb, J.M. & Singer, E. 2004, 'Methods for Testing and Evaluating Survey Questions', Public Opinion Quarterly, vol. 68, no. 1, pp. 109-30.
References
318
Pring, C. 2012a, 100 social media statistics for 2012, The Social Skinny, viewed 22 November 2012 2012, <http://thesocialskinny.com/100-social-media-statistics-for-2012/>.
Pring, C. 2012b, 216 Social Media and Internet Statistics (September 2012), The Social Skinny, viewed 15 November 2012, < http://thesocialskinny.com/216-social-media-and-internet-statistics-september-2012/>.
Privacy Law 2012, Key Differences Between the Information Privacy Principles and the Australian PrivacyPrinciples, Maddocks, viewed 2 July 2013, <http://www.maddocks.com.au/uploads/articles/the-australian-privacy-principles-what-do-these-changes-mean-for-agencies.pdf>.
Qureshi, I. & Compeau, D. 2009, 'Assessing Between Group Differences in Information Systems Research: a comparision of covariance- and component-based SEM', MIS Quarterly, vol. 15, no. 3.
Ramirez, C. 2002, 'Strategies for Subject Matter Expert Review in Questionnaire Design', Proceedings of the Questionnaire Design, Evaluation and Testing Conference, Charleston, USA.
Recker, J. & Rosemann, M. 2010, 'A Measurement Instrument for Process Modeling Research :Development, test and procedural model', Scandinavian Journal of Information Systems, vol. 22, no. 2, pp. 3–30.
Richardson, H.A., Simmering, M.J. & Sturman, M.C. 2009, 'A Tale of Three Perspectives: Examining Post Hoc Statisical Techniques for Detection and Correction of Common Method Variance,' Organizational Research Methods vol. 12, no. 4, pp. 762-800.
Rindfleisch, A., Malter, A.J., Ganesan, S. & Moorman, C. 2008, 'Cross-Sectional Versus Longitudinal Survey Research: Concepts, Findings, and Guidelines', Journal of Marketing Research, vol. 45, no. 3, pp. 261-79.
Ringle, C., Wende, S. & Will, A. 2005, Smart PLS 2.0 (beta), University of Hamburg, <http://www.smartpls.de>.
Rogers, E.M. 1983, Diffusion of Innovations, The Free Press., New York.
Rogers, E.M. 1995 Diffusion of Innovations, The Free Press, New York.
Rogers, E.M. 2003, Diffusion of Innovations, 5th Edition, Simon and Schuster.
Rossudowski, A.M., Venter, H.S., Eloff, J.H.P. & Kourie, D.G. 2010, 'A security privacy aware architecture and protocol for a single smart card used for multiple services', Computers & Security, vol. 29, no. 4, pp. 393 – 409.
Rossvoll, T. & Fritsch, L. 2013, 'Reducing the User Burden of Identity Management:A Prototype Based Case Study for a Social-Media Payment Application', Proceedings of the Sixth International Conference on Advances in Computer-Human Interactions(ACHI 2013 ), Nice, France.
Rothman, K., Mikkelsen, E., Riis, A., Sorensen, H., Wise, L. & Hatch, E. 2009, 'Randomized
trial of questionnaire length', Epidemiology, vol. 20, no. 1, p. 154.
Rountree, D. 2012, Federated Identity Primer, Newnes, Boston. Roussos, G., Peterson, D. & Patel, U. 2003, ' Mobile identity management: an enacted view',
International Journal of Electronic Commerce, vol. 8, no. 1, pp. 81-100.
Sabena, F., Dehghantanha, A. & Seddon , A.P. 2010, 'A Review of Vulnerabilities in Identity Management using Biometrics', Proceedings of The Second International Conference on Future Networks, IEEE Computer & Society, Sanya, Hainan,China.
References
319
Saeed, K. 2011, 'Understanding the Adoption of Mobile Banking Services: An Empirical Assessment', Proceedings of the Seventeenth Americas Conference on Information Systems(AMCIS), Detroit,USA.
Sarantakos, S. 2005, Social Research, 3rd edn, Palgrave Macmillan, Melbourne.
Satchell, C., Shanks, G., Howard, S. & Murphy, J. 2006, 'Knowing me – knowing you. End user perceptions of digital identity management systems', Proceedings of the Fourteenth European Conference on Information System(ECIS), Göteborg, Sweden.
Satchell, C., Shanks, G., Howard, S. & Murphy, J. 2011, 'Identity crisis: user perspectives on multiplicity and control in federated identity management', Behaviour & Information Technology, vol. 30, no. 1, pp. 51-62.
Schierz, P., Schilke, O. & Wirtz, B. 2010, 'Understanding consumer acceptance of mobile payment services: An empirical analysis', Electronic Commerce Research and Applications, vol. 9, no. 3, pp. 209–16.
Schilke, O. & Wirtz, B.W. 2012, 'Consumer acceptance of service bundles: An empirical investigation in the context of broadband triple play', Information & Management, vol. 49, no. 2, pp. 81-8.
Schmidt, W.C. 1997, 'World-Wide Web survey research: Benefits, potential problems, and
solutions', Behavior Research Methods, Instruments, & Computers, vol. 29, no. 2, pp. 274–9.
Schreuder, H.T., Gregoire, T.G. & Weyer, J.P. 2001, 'For What Applications Can Probability and Non-Probability Sampling Be Used?', Environmental Monitoring and Assessment, vol. 66, no. 3, pp. 281-91
Scudder, J. & Josang, A. 2010, 'Identity dashboard systemand architecture', Proceedings of the Second IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN’10), Oslo, Norway.
Seddon, P.B. 1997, 'A respecification and extension of the DeLone and McLean model of success', Information Systems Research, vol. 8, no. 30, pp. 240–53.
Seltsikas, P. 2009, 'Managing Identities: from government e-commerce to national security', working paper series.
Seltsikas, P. & O’Keefe, R.M. 2010, 'Expectations and outcomes in electronic identity management: the role of trust and public value', European Journal of Information Systems, vol. 19, no. 1, pp. 93–103.
Seneler, C.O., Basoglu, N. & Daim, T.U. 2010, 'An empirical analysis of the antecedents of adoption of online services', Journal of Enterprise Information Management, vol. 23, no. 4, pp. 417-38.
Shadish, W.R., Cook, T.D. & Campbell, D.T. 2002, Experimental and Quasi-Experimental Designs for Generalized Causal Inference, Houghton Mifflin Company, Boston
Shang, R.-A., Chen, Y.-C. & Chen, C.-M. 2007, 'Why People Blog? An Empirical Investigations of the Task Technology Fit Model', Proceedings of the Eleventh Pacific Asia Conference on Information Systems (PACIS), Auckland, New Zealand.
Sharma, R., Yetton, P. & Crawford, J. 2009, 'Estimating the effect of common method variance: the method-method pair technique with an illustration from TAM research', MIS Quarterly, vol. 33, no. 3, pp. 473-90.
Shaw, J. 2008, Enterprise Single Sign-On :The Holy Grail of Computing, Quest software, viewed 5 February 2013 <http://i.zdnet.com/whitepapers/QuestSoftware_ESSO_HolyGrail.pdf>.
References
320
Sheng, H., Nah, F. & Siau, K. 2008, 'An Experimental Study on Ubiquitous commerce Adoption: Impact of Personalization and Privacy Concerns', Journal of the Association for Information Systems, vol. 9, no. 6, pp. 344-76.
Sherman, E. 2010, Apple and Other Tech Firms Must Fix Customer Security Glitches, viewed 22 Februrary 2012 <http://www.bnet.com/blog/technology-business/apple-and-other-tech-firms-must-fix-customer-security-glitches/4382>.
Shiau, W.-L. & Luo, M.M. 2012, 'Factors affecting online group buying intention and satisfaction: A social exchange theory perspective', Computers in Human Behavior, vol. 28, no. 6, pp. 2431–44.
Shin, D.H. 2010, 'The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption', Interacting with Computers, vol. 22, no. 5, pp. 428–38.
Sibona, C. & Walczak, S. 2012, 'Purposive Sampling on Twitter: A Case Study', Proceedings of the Fourty-fifth Hawaii International Conference on System Sciences(HICSS), Hawaii,USA.
Siegel, D. 2009, Pull: The Power of the Semantic Web to Transform Your Business, Portfolio.
Sitkin, S.B. & Weingart, L.R. 1995, 'Determinants of Risky Decision-Making Behavior: A Test of the Mediating Role of Risk Perceptions and Propensity', Academy of Management Journal, vol. 38, no. 6, pp. 1573-92.
Sivo, S.A., Saunders, C., Chang, Q. & Jiang, J.J. 2006, 'How Low Should You Go? Low Response Rates and the Validity of Inference in IS Questionnaire Research', Journal of the Association for Information Systems, vol. 7, no. 6, pp. 361-414.
Smedinghoff, T.J. 2012, 'Solving the legal challenges of trustworthy online identity', Computer Law & Security Review, vol. 28, no. 5, pp. 532–41.
Smith, D. 2008, 'The challenge of federated identity management', Network Security, pp. 1-9.
Smith, H.J., Milberg, S.J. & Burke, S.J. 1996, 'Information privacy: measuring individuals' concerns about organizational practices', MIS Quarterly, vol. 20, no. 2, pp. 167-96.
Socialbakers 2013a, Facebook Statistics by country, Socialbakers, viewed 22 March 2013, < http://www.socialbakers.com/facebook-statistics/>.
Spector, P.E. & Brannick, M.T. 2011, 'Methodological Urban Legends: The Misuse of Statistical Control Variables', Organizational Research Methods, vol. 14 no. 2, pp. 287-305.
Srite, M. & Karahanna, E. 2006, 'The role of espoused national cultural values in technology acceptance', MIS Quarterly, vol. 30, no. 3, pp. 679–704.
Stamper, R., Liu, K., Hafkamp, M. & Ades, Y. 2000, 'Understanding the roles of signs and norms in organizations—a semiotic approach to information systems design', Behaviour and Information Technology, vol. 19, no. 1, pp. 15–27.
Standing, S., Standing, C. & Love, P. 2012, 'A review of research on e-marketplaces 1997–2008', Decision Support Systems, vol. 49, no. 1, pp. 41–51.
Staples, D.S., Wong, I. & Seddon, P.B. 2002, 'Having expectations of information systems benefits that match received benefits: does it really matter?', Information & Management ,vol. 40, no. 2, p. Information & Management
References
321
Stevens, J. 1996, Applied Multivariate Statistics for the Social Sciences, Lawrence Erlbaum Associates, Hillsdale, New Jersey.
Stewart, K.A. & Segars, A.H. 2002, 'An empirical examination of the concern for information privacy instrument', Information Systems Research, vol. 13, no. 1, pp. 36-49.
Stewart, K.J. 1999, 'Transference as a means of building trust in world wide web sites', Proceedings of the Twentieth International Conference on Information Systems(ICIS), Charlotte, NC,USA, pp. 459–64.
Stone, M. 1974, 'Cross validatory choice and assessment of statistical predictions', Journal of the Royal Statistical Society, vol. 36, no. 2, pp. 111-47.
Straub, D. 1989, 'Validating Instruments in MIS Research', MIS Quarterly, vol. 13, no. 2, pp. 147-69.
Straub, D., Boudreau, M.-C. & Gefen, D. 2004, 'Validation guidelines for IS positivist research', Communications of the Association for Information Systems, vol. 13, no. 1, pp. 380-427.
Straub, D., Gefen, D. & Boudreau, M.-C. 2005, 'Quantitative Research', in D. Avison & J. Pries-Heje (eds), Research in Information Systems: A Handbook for Research Supervisors and Their Students, Elsevier, Amsterdam, pp. 221-38.
Straub, D.W. & Burton-Jones, A. 2007, 'Veni, Vidi, Vinci: Breaking the TAM Logjam', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 147-69.
Straub, S. & Aichholzer, G. 2010, 'National Electronic Identity Management: The Challenge of a citizen-centric Approach beyond Technical Design', International Journal on Advances in Intelligent Systems, vol. 3, no. 1-2, pp. 12-23.
Strong, D.M., Dishaw, M.T. & Bandy, D.B. 2006, 'Extending Task Technology Fit with Computer Self-Efficacy', The DATA BASE for Advances in Information Systems, vol. 37, no. 2/3, pp. 96-107.
Sullivan, C. 2011, Digital Identity, Griffin Press.
Sun, H. & Zhang, P. 2006, 'The role of moderating factors in user technology acceptance', International Journal of Human-Computer Studies, vol. 64, no. 4, pp. 53-78.
Sun, H. & Zhang, P. 2008, 'An Exploration of Affect Factors and Their Role in User Technology Acceptance: Mediation and Causality', Journal of the American Society for Information Science and Technology, vol. 59, no. 8, pp. 1252–63.
Sun, S.-T., Hawkey, K. & Beznosov, K. 2012, 'Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures', Computers & Security, vol. 31, no. 4, pp. 465–83.
Swaminathan, V., Lepkowska-White, E. & Rao, B.P. 1999, 'Browsers or buyers in cyberspace?
An investigation of factors influencing electronic exchange', Journal of Computer Mediated Communication, vol. 5, no. 2, pp. 1-23.
Swanson, E.B. 1994, ' Information Systems Innovation among Organizations', Management Science, vol. 40, no. 9, pp. 1069–92.
Swartz, N. 2009, 'Will Red Flags Detour ID Theft?', Information Management Journal, vol. 43, no. 1, pp. 38-41.
Sztompka, P. 1999, Trust: A Sociological Theory, Cambridge University Press, Cambridge, UK.
Tapiador, A., Fumero, A. & Salvachúa, J. 2011, 'Extended Identity for Social Networks', in J. Breslin, T. Burg, H.-G. Kim, T. Raftery & J.-H. Schmidt (eds), Recent Trends and Developments in Social Software, vol. 6045, Springer Berlin / Heidelberg, pp. 162-8.
References
322
Taylor, S. & Todd, P. 1995, 'Understanding Information Technology Usage: A test of competing models', Information Systems Research, vol. 6, no. 2, pp. 144–76.
Tenenhaus, M., Vinzi, V.E., Chatelin, Y.M. & Lauro, C. 2005, 'PLS path modeling', Computational Statistics and Data Analysis, vol. 48, no. 1, pp. 159-205.
Teng, C.-I., Chen, M.-Y., Chen, Y.-J. & Li, Y.-J. 2012, 'Loyalty Due to Others: The Relationships Among Challenge, Interdependence, and Online Gamer Loyalty', Journal of Computer Mediated Communication, vol. 117, no. 4, pp. 489–500.
Thompson, R.L., Higgins, C.A. & Howell, J.M. 1994, 'Influence of Experience on Personal Computer Utilization: Testing a conceptual model', Journal of Management Information Systems, vol. 11, no. 1, pp. 167–87.
Todorov, D. 2007, Mechanics of user identification and authentication: fundamentals of identity management, Auerbach Publications.
Tranfield, D., Denyer, D. & Smart, P. 2003, 'Towards a methodology for developing evidence-informed management knowledge by means of systematic review', British Journal of Management, vol. 14, no. 3, pp. 207-22.
Tropf, H.S. 2004, India and its Languages, Siemens AG, Munich.
Tu, Z. & Li, Q. 2012, 'Design and Implementation of Unified Identity Management System Based on SAML', Proceedings of the Second International Conference onConsumer Electronics, Communications and Networks (CECNet), Yichang,China, pp. 3178 - 81.
Tufekci, Z. 2008, 'Can you see me now? Audience and disclosure regulation in online social network sites', Bulletin of Science, Technology & Society, vol. 28, no. 1, pp. 20-36.
Turkle, S. 1996, Life on the screen: Identity in the age of the internet, Simon & Schuster, New York.
Turner, M., Kitchenham, B., Brereton, P., Charters, S. & Budgen, D. 2010, 'Does the technology acceptance model predict actual use? A systematic literature review', Information and Software Technology, vol. 52, no. 5, pp. 463–79.
Udo, G.J. 2001, 'Privacy and security concerns as major barriers for e-commerce: a survey study.', Information Management & Computer Security, vol. 9, no. 4, pp. 165–74.
Usoro, A. 2010, 'Task-Technology Fit and Technology Acceptance Models Applicability to e-Tourism', Journal of Economic Development, Management, IT, Finance and Marketing, vol. 2, no. 1, pp. 1-32.
Valkenburg, P., Meijers, W., Lycklama, D. & Jansen, V. 2011, E-identity as a business: Case studies and lessons learned in networked identity, Innopay.
VandeVijver, F.J.R. & Chasiotis, A. 2010, 'Making methods meet: Mixed designs in cross-cultural research', in J.A. Harkness, M. Braun, B. Edwards, T.P. Johnson, L. Lyberg, P. Mohler, B.-E. Pennell & T.W. Smith (eds), Survey methods in multinational, multiregional, and multicultural contexts, John Wiley & Sons, Hoboken, NJ, pp. 455-73.
VanGelder, M.M., Bretveld, R.W. & Roeleveld, N. 2010, 'Web-based Questionnaires: The Future in Epidemiology?', American Journal of Epidemiology, vol. 172, no. 11, pp. 1292-8.
Venkatesh, V. 2006, 'Where To Go From Here? Thoughts on Future Directions for Research on Individual-Level Technology Adoption with a Focus on Decision Making', Decision Sciences, vol. 37, no. 4, pp. 497–518.
Venkatesh, V. & Bala, H. 2008, 'Technology Acceptance Model 3 and a research agenda on interventions', Decision Sciences, vol. 39, no. 2, pp. 273–315.
References
323
Venkatesh, V. & Brown, S.A. 2001, 'A Longitudinal Investigation of Personal Computers in Homes: Adoption Determinants and Emerging Challenges ', MIS Quarterly, vol. 25, no. 1, pp. 71-102.
Venkatesh, V. & Davis, F.D. 2000, 'A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies', Management Science, vol. 46 no. 2, pp. 186–204.
Venkatesh, V., Davis, F.D. & Morris, M.G. 2007, 'Dead Or Alive? The Development, Trajectory And Future Of Technology Adoption Research', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 267-86.
Venkatesh, V. & Goyal, S. 2010, 'Expectation Disconfirmation and Technology Adoption: Polynomial Modeling and Response Surface Analysis ', MIS Quarterly, vol. 34, no. 2, pp. 281-303.
Venkatesh, V., Morris, M.G., Davis, G.B. & Davis, F.D. 2003, 'User Acceptance of Information Technology: Toward a Unified View', MIS Quarterly, vol. 27, no. 3, pp. 425-78.
Venkatesh, V. & Speier, C. 1999, 'Computer technology training in the workplace: A longitudinal investigation of the effect of mood', Org. Behavior and Human Decision Processes, vol. 79, no. 1, pp. 1-28.
Venkatesh, V., Thong, J.Y.L. & Xu, X. 2012, 'Consumer Acceptance and Use of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology', MIS Quarterly, vol. 36, no. 1, pp. 157-78.
Venkatraman, N. 1989, 'The Concept of Fit in Strategy Research :Toward Verbal and Statical Correspondence', Academy of Management Review, vol. 14, no. 3, pp. 423-44.
Vijayasarathy, L. 2004, 'Predicting consumer intentions to use on-line shopping:the case for an augmented technology acceptance model', Information & Management, vol. 41, no. 6, pp. 747–62.
Vlahos, G.E., Ferratt, T. & Knoepfle, G. 2004, 'The use of computer-based information systems by German managers to support decision making ', Information & Management, vol. 41, no. 6, pp. 763-79.
Vossaert, J., Lapon, J., Decker, B.D. & Naessens, V. 2013, 'User-centric identity management using trusted modules', Mathematical and Computer Modelling, vol. 57, no. 7–8, pp. 1592–605.
Wang, R., Chen, S. & Wang, X. 2012, 'Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services', Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, San Francisco Bay Area, California.
Wang, W. & Benbasat, I. 2005, 'Trust in and adoption of online recommendation agents', Journal of the Association for Information Systems, vol. 6, no. 3, pp. 72–101.
Webester, J. & Waston, R.T. 2002, 'Analayzing ther Past to Prepare for the Future: Writing A Literature Review ', MIS Quarterly, vol. 26, no. 2, pp. xiii-xxiii.
Wetzels, M., Odekerken-Schroder, G. & Oppen, C.V. 2009, 'Using PLS Path Modeling for Assessing Hierarchical Construct Models: guidelines and empirical illustration', MIS Quarterly, vol. 33, no. 1, pp. 177-95.
Williams, L.J., Hartman, N. & Cavazotte, F. 2010, 'Method Variance and Marker Variables: A Review and Comprehensive CFA Marker Technique', Organizational Research Methods, vol. 13, no. 4, pp. 477-514.
Williams, M., Rana, N. & Dwivedi, Y. 2011, 'Is UTAUT Really Used or Just Cited for The Sake of it ? A Systematic Review of Citation of UTAUT’s Originating Article',
References
324
Proceedings of the Nineteenth European Conference on Information Systems(ECIS), Helsinki, Finland.
Williams, M.D., Dwivedi, Y.K., Lal, B. & Schwarz, A. 2009, 'Contemporary trends and issues in IT adoption and diffusion research', Journal of Information Technology, vol. 24, no. 1, pp. 1-10.
Wixom, B.H. & Todd, P.A. 2005, 'A Theoretical Integration of User Satisfaction and Technology Acceptance', Information Systems Research, vol. 16, no. 1, pp. 85-102.
Wold, H. 1985, 'Partial Least Squares', in S. Kotz & N. Johnson (eds), Encyclopedia of Statistical Sciences, Wiley, New York, pp. 581-91.
Wu, C.-S., Cheng, F.-F., Yen, D.C. & Huang, Y.-W. 2011a, 'User acceptance of wireless technology in organizations: A comparison of alternative models', Computer Standards & Interfaces vol. 33, no. 1, pp. 50-8.
Wu, I. & Chen, J.-L. 2005, 'An extension of Trust and TAM model with TPB in the initial adoption of on-line tax: An empirical study', Int. J. Human-Computer Studies, vol. 62, no. 6, pp. 784–808.
Wu, J.-H. & Wang, S.-C. 2005, 'What drives mobile commerce? An empirical evaluation of the revised technology acceptance model', Information & Management, vol. 42 no. 5, pp. 719–29.
Wu, K., Zhao, Y., Zhu, Q., Tan, X. & Zheng, H. 2011b, 'A meta-analysis of the impact of trust on technology acceptance model: Investigation of moderating influence of subject and context type', International Journal of Information Management, vol. 31, no. 6, pp. 572–81.
Xiaoquan, Z., Chong, W. & Yan, T.K. 2010, 'Role Identity Salience and User Participation in Online Communites ', Proceedings of the International Conference on Information Systems(ICIS 2010), Saint Louis, Missouri,USA.
Xu, H. & Gupta, S. 2009, 'The effects of privacy concerns and personal innovativeness on potential and experienced customers’ adoption of location-based services', Electronic Markets, vol. 19, no. 2–3, pp. 137–49.
Xu, H., Luo, X., Carroll, J.M. & Rosson, M.B. 2011, 'The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing', Decision Support Systems, vol. 51, no. 1, pp. 42–52.
Xu, H., Teo, H.-H., Tan, B. & Agarwal, R. 2005, 'The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services', Journal of Management Information Systems,vol. 26, no. 3, pp. 135 - 74.
Yang, S., Lu, Y., Gupta, S., Cao, Y. & Zhang, R. 2012, 'Mobile payment services adoption across time: An empirical study of the effects of behavioral beliefs, social influences, and personal traits', Computers in Human Behavior, vol. 28, no. 1, pp. 129–42.
Yanosky, R. & Salaway, G. 2006, Identity Management in Higer Education: A Base line study, ECAR.
Yen, D., Wub, C.-S., Cheng, F.-F. & Huang, Y.-W. 2010, 'Determinants of users’ intention to adopt wireless technology: An empirical study by integrating TTF with TAM', Computers in Human Behavior, vol. 26, no. 5, pp. 906–15.
Yi, M., Jackson, J., Park, J. & Probst, J. 2006, 'Understanding information technology acceptance by individual professionals: Toward an integrative view', Information & Management, vol. 43, pp. 350–63.
References
325
Yi, Y.D., Wu, Z. & Tung, L.L. 2005, 'How individual differences influence technology usage behavior? Toward an integrated framework', Journal of Computer Information Systems, vol. 46, no. 2, pp. 52–63.
Yin, R. 1994, Case study research: Design and methods, 2nd edn, Thousand Oaks, CA: Sage.
Yuan, Y., Archer, N., Connelly, C.E. & Zheng, W. 2010, 'Identifying the ideal fit between mobile work and mobile work support', Information & Management, vol. 47, no. 3, pp. 125–37.
Zhang, L., Zhu, J. & Liu, Q. 2012, 'A meta-analysis of mobile commerce adoption and the moderating effect of culture ', Computers in Human Behavior, vol. 28, no. 5, pp. 1902–11.
Zhang, Y. 1999, 'Using the Internet for Survey Research: A Case Study', Journal of the American Society for Information Science and Technology, vol. 51, no. 1, pp. 57– 6.
Zhou, T. 2011, 'The impact of privacy concern on user adoption of location-based services', Industrial Management & Data Systems, vol. 111, no. 2, pp. 212-26.
Zhou, T., Lu, Y. & Wang, B. 2010, 'Integrating TTF and UTAUT to explain mobile banking user adoption', Computers in Human Behavior, vol. 26, no. 4, pp. 760–7.
Zhou, Z., Jin, X.-L., Vogel, D.R., Fang, Y. & Chen, X. 2011, 'Individual motivations and demographic differences in social virtual world uses: An exploratory investigation in Second Life', International Journal of Information Management, vol. 31, no. 3, pp. 261–71.
Zhu, K., Kraemer, K.L., Gurbaxani, V. & Xu, S. 2006, 'Migration to Open-Standard Interorganizational Systems:Network Effects, Switching Costs, and Path Dependency', MIS Quarterly, vol. 30, no. 1, pp. 515-38.
Zigurs, I. & Buckland, B.K. 1998, 'A Theory of Task/ Technology Fit and Group Support Systems Effectiveness', MIS Quarterly, vol. 22, no. 3, pp. 313-34.
Zigurs, I., Buckland, B.K., Connolly, J.R. & Wilson, E.V. 1999, 'A test of task technology fit theory for group support systems', The Data Base for Advances in Information Systems, vol. 30, pp. 34–50.
Zucker, L.G. 1986, 'Production of trust: Institutional sources of economic structure, 1840–1920', in B.M. Staw & L.L. Cummings (eds), Research in Organizational Behavior, vol. 8, JAI Press, Greenwich, CT pp. 53–111.
Appendices
326
Appendix 2.1: Identity Management Systems Standards and Technologies
This section describes the most recent IdMS standards and technologies.
Information Cards (Windows Card Space)
The Information Card (http://informationcard.net) is classed as Identity Selector software and its
purpose is to store the digital identities of users which are presented as a visual card.
Information Cards provide a reliable user interface (UI) which enables users to securely access
their identities during commercial transactions. At present, there are three parties involved in the
application of Information Cards (Meints 2009):
1. The user who holds several Information Cards which contain several pieces of
identity information about him/her.
2. Relying parties, for example, websites, services or companies that request and accept
the Information Cards as security tokens.
3. Identity providers who assert that the Information Cards are security tokens about the
user.
The central purpose of the relying party is to ascertain which identity providers they trust. This
is enacted through the relying party’s policy, generally by using Web services security (WS-
Security) Policy, which is reclaimed through Web services (WS) metadata exchange and the
security token, which is attained through WS-Trust, is sent to the relying party through WS-
Security (Meints 2009). There are two types of information cards in CardSpace: firstly, personal
cards, containing the user’s encrypted personal information, which can be sent to the relying
party with the user’s permission; and, secondly, managed cards which contain information such
as credit card information, which is maintained in the data systems of the identity provider (Al-
Sinani, Alrodhan & Mitchell 2010). The identity selector of the InfoCard allows the user to
create a personal card with self-asserted claims. InfoCards restrict the contents of personal cards
to non-sensitive data, such as that published in telephone directories. At this time, personal
cards support only 14 editable claim types, such as first name, last name, email address, street,
city, state, postal code, country/region, etc. (Al-Sinani, Alrodhan & Mitchell 2010). A set of
Appendices
327
personal data inserted in personal cards is stored in encrypted form on the user machine as a
“security token”. In these contexts, the user decides how many Information Cards will be
released to the relying party based on the user’s perception of security which can be bolstered if
the relying party provides user access to their privacy policy.
OpenID
OpenID (www.openid.net) is the condensing of a user’s identity from multiple parties into a
“single sign-on” function that requires the user to remember a vastly reduced number of
usernames and passwords (Poetzsch et al. 2009). At present, major companies such as Yahoo,
IBM, Google and Microsoft support the use of OpenID. However, the application of OpenID,
especially by inexperienced users, can have serious consequences; “OpenID authentications are
a valuable target for phishing attacks as a stolen OpenID offers access to numerous services to
which the user has subscribed and thus is perfect loot for spammers and may provide a good
basis for further ID theft” (Meints 2009, p. 37). In this context, OpenID does not incorporate a
trust network which also requires further trust on the user’s behalf in the level of security of the
identity provider (in this case, OpenID). In summary, OpenID is useful in limiting the amount
of information that a user must remember, but the value of this benefit is questionable when
taking into consideration the costs of increased attacks on a centralized site of personal user
information (El-Maliki & Seigneur 2007). The comparative value of perceived benefits and
costs can only be judged by the user.
SXIP 2.0
The Simple eXtensible Identity Protocol (SXIP) (http://www.sxip.com) has been developed
using decentralized platform architecture, providing a simplified approach for exchanging
identity information. The URL-based approach has enabled the system to provide flexibility for
sharing identity information among websites. The users have full control over their identities
and have an active role in the exchange of their identity data. Hence, they can benefit from the
portable authentication to access many websites. The development languages used for SXIP are
personal home page (PHP), Pearl, Python and Java which enable the incorporation of a multi-
Appendices
328
platform application. The integration with other URL-based protocols increases the
interoperability (El-Maliki & Seigneur 2007). SXIP 2.0 allows organizations to develop an
authoritative approach towards user data and the exchange of identity information with other
websites.
Shibboleth
Shibboleth (http://shibboleth.internet2.edu/) is an open source software package for Web single
sign-on within or across organizational boundaries (Rountree 2012). Shibboleth is a semi-
commercial project which supports federated identity management across all educational
institutions (Hovav & Berger, 2009). Its aim is to allow universities to facilitate ease of access
to educational resources and to share their Web resources subject to access control. Access
control is based on a set of attributes, architectures, policy structure, practical technologies and
an open source implementation such as security assertion markup language (SAML) (El-Maliki
& Seigneur 2007; Hovav & Berger 2009).
U-Prove
U-Prove (http://research.microsoft.com/en-us/projects/u-prove/) is an advanced cryptographic
technology developed for claims-based identity management. This technology and the
underlying patent was acquired by Microsoft. It aims to promote an open identity and access
model for individuals, businesses and governments based on the principles of the identity
NA Personality traits (agreeableness, conscientiousness, emotional stability, extraversion, openness), Concern for privacy
15 Li et al.
2008 Journal of Strategic Information Systems
IS national identity system (NID)
Quantitative (post survey)
NA Trusting bases, Personality , Technology institutional
16 Sheng, Nah and Siau
2008 Journal of the AIS Ubiquitous commerce
Quantitative (survey)
NA Privacy concern, Personalization , Context
17 Fogel and Nehad
2009 Computers in Human Behavior Social network Quantitative (survey)
NA Trust , Privacy , Risk
18 Bansal et al. 2010 Decision Support Systems Healthcare services Quantitative (experiment)
NA Personal dispositions, Personality traits, Information sensitivity, Health status, Prior privacy invasions, Risk beliefs, Experience
19 Lee and Cranage 2010 Tourism Management Travel- Web sites Quantitative (factorial experiment)
NA Privacy concern ,Personalization ,Perceived usefulness
20 Luo et al.
2010 Decision Support Systems Mobile banking Quantitative (survey)
NA Structural assurance, Perceived risk, Self-efficacy, Performance expectancy
21 Liao, Liu & Chen
2011 Electronic Commerce Research and Applications
Online transactions ,Online shopping
Quantitative (survey)
NA Internet literacy, Social awareness, Perceived risk, Disposition to trust ,Privacy concerns
22 Lowry, Cao and Everard
2011 Journal of Management Information Systems
Social computing technology
Quantitative NA self-disclosure ,online awareness ,Privacy concerns
23 Xu et al.
2011 Decision Support Systems location aware marketing(M)
Quantitative (experimental study)
NA
Privacy Calculus (Perceived benefits, perceived risk , Perceived benefits of Info disclosure ), Willingness to have personal information, Interpersonal differences, Personalization
24 Zhou 2011 Industrial Management & Data Systems
location-based services
Quantitative (survey)
NA Privacy, Trust ,Risk
25 Al-Omoush, Yaseen and
2012 Computers in Human Behavior Social networking Quantitative (Survey)
NA cultural values, trust, Credibility, and Strength of ties
Appendices
340
Alma’aitah
26 Chen, Yen and Hwang
2012 Computers in Human Behavior Web 2.0 Quantitative (Survey)
NA Satisfaction, Subjective norms, Image, Critical mass, electronic word-of-mouth
27 Ding and Lin 2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Experiment)
NA Pleasure , Trust
28 Hwang and Lee 2012
2012 Information & Management e-commerce Quantitative (Survey)
NA Trust beliefs (integrity and ability)
29 Kim, Xu and Gupta
2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Survey)
NA Perceived price, Perceived value ,Trust
30 Kim et al. 2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Survey)
NA Satisfaction, Hedonic and utilitarian shopping value
31 Moore and McElroy
2012 Computers in Human Behavior Social networking Quantitative (Survey)
NA Personality, Extraversion, Agreeableness, Openness to experience
32 Shiau and Luo 2012
2012 Computers in Human Behavior Online group buying
Quantitative (Survey)
NA Satisfaction, Trust, Creativity
Literature Review/Commentary studies
Author year Journal /conference Number of articles Publication appearing
Focus Type of review
1 Lee, Kozar and Larsen
2003 Communications of the AIS NA 1986 -June, 2003 TAM Meta-analysis and survey
2 Legris, Ingham and Collerette
2003 Information & Management NA 1980 -2001 TAM Meta-analysis
3 Choudrie and Dwivedi
2005 Journal of Research Practice 48 1985 - 2003 General Research approaches
4 Jeyaraj, Rottman and Lacity
2006 Journal of Information Technology 99 1993 - 2003 General Meta-analysis
5 King and He 2006 Information & Management 140 NA TAM Meta-analysis
6 Sun and Zhang 2006 Int. J. Human-Computer Studies NA NA General Systematic analysis
7 Gefen ,Benbasat and Pavlou
2008 Journal of Management Information Systems
NA NA Trust Future Agenda
8 Dwivedi et al. 2008 European Conference of IS 345 1985 - 2007 General Systematic review
9 Cane and McCarthy
2009 The Journal of Computer Information Systems
NA NA TTF Meta-analysis
10 Williams et al. 2009 Journal of Information Technology 345 1985 - 2007 General Systematic review
11 Turner et al. 2010 Information and Software Technology
79 1989– 2006 TAM Systematic review and vote-counting meta-analysis
12 Williams, Rana and Dwivedi
2011 European Conference of IS 450 NA UTAUT Citation analysis and systematic review
Appendices
341
13 Wu et al. 2011b International Journal of Information Management
136 NA Trust-TAM Meta-analysis
14 Li 2012 Decision Support Systems NA 1996-2011 Online information privacy
Systematic review
15 Zhang,Zhou and Liu
2012 Computers in Human Behavior 58 2002-2010 Mobile Commerce
Meta-analysis
Appendices
342
Appendix 3.2: Studies According to Publications Distribution
Journal/Conference Name No. % Information & Management 14 11.9 Decision Support Systems 12 10.2 IS/IT Conference 10 8.5 Computers in Human Behavior 10 8.5 Electronic Commerce Research and Applications 7 5.9 MIS Quarterly 5 4.2 Journal of Management Information Systems 5 4.2 Int. J. Human-Computer Studies 5 4.2 Journal of the Association for Information Systems 4 3.4 Information Systems Research 4 3.4 Journal of the American Society for Information Science and Technology 4 3.4 Journal of Strategic Information Systems 4 3.4 International Journal of Electronic Commerce 4 3.4 Behaviour & Information Technology 3 2.5 Communications of the Association for Information Systems 4 3.4 Journal of Information Technology 3 2.5 Journal of Business Research 3 2.5 European Journal of Information Systems 2 1.7 Information and Software Technology 2 1.7 Journal of Computer Information Systems 2 1.7 Database for Advances in Information Systems 2 1.7 Communications of the ACM 1 0.8 Computer Standards & Interfaces 1 0.8 Journal of High Technology Management Research 1 0.8 Internet research 1 0.8 Journal of Economic Development, Management, IT, Finance and Marketing 1 0.8 Information Technology, Learning, and Performance Journal 1 0.8 Technological Forecasting & Social Change 1 0.8 Scandinavian Journal of Information Systems `1 0.8 Journal of Computer-Mediated Communication 1 0.8 Tsinghua Science & Technology 1 0.8
Total 118 100
Appendices
343
Appendix 5: Prevalent Common Method Bias (CMB) Techniques
According to Chin Thatcher and Wright (2012, p.A2), the following table summarizes and
reviews common method bias techniques:
Technique Descriptions Limitations Literature
Harman’s Single-Factor Test
Load all the items into an exploratory factor analysis and examines the unrotated solution. If CMB is present a single-factor will emerge from the factor analysis.
Does not control for method effects. It is unlikely a single factor will emerge from the data.
(Podsakoff, MacKenzie & Lee 2003)
Partial Correlation Technique
Technique used to control for effects of method variance. There are several variations but typically a factor with a specific meaning (e.g., social desirability) is used to partial CMB.
Assumes the CMB is only shared with the predictor factor and the dependent factor. Also, prevents examining the effects of the relative impact of distinct antecedents.
(Podsakoff, MacKenzie & Lee 2003)
Multitrait- Multimethod (MMTM)
Procedure whereby multiple methods are used to evaluate CMB by comparing the convergent and discriminant properties of the construct using a matrix.
MTMM requires several methods to collect data. It is more of a procedure than a statistical technique.
(Shadish, Cook & Campbel 2002)
Correlation Marker Technique
Controlling for CMB by partialing out the shared variance in correlations. A marker variable is best chosen a priori based on it being theoretically unrelated to the nomological network. Similar to other variables this marker variable may be contaminated by CMB.
Typically used post hoc and often concludes no CMB.
Adapted from the correlation marker technique for use in covariance based SEM whereby a theoretically unrelated marker construct is used to model CMB with paths to each of its own unique indicators as well as paths to the other constructs in the nomological network. The shared variance between the marker and the other constructs is representative of CMB.
Relatively underutilized and unproven.
(Lindell & Whitney 2001; Richardson, Simmering & Sturman 2009; Williams et al. 2010)
Unmeasured Latent Marker Construct (ULMC)
A latent variable used to represent and partial out the CMB. This variable is an aggregate of all manifest variables used in the study with no unique observed indictors
Does not accurately detect common method bias in PLS.
(Liang et al. 2007; Podsakoff, MacKenzie & Lee 2003; Richardson, Simmering & Sturman 2009)
Source: Chin Thatcher & Wright 2012, p.A2
Appendices
344
Appendix 6.1: Initial Questionnaire Draft and Expert Form
Factors Affecting User Adoption of Identity Management Systems: An Empirical Study
Thank you for agreeing in participating in this phase of my research.
The goal of this stage is to develop categories of individual perceptions of the factors that influence the adoption of Web-based Identity Management Systems (IdMS). It aims to confirm the face validity of the questions and items as well as give feedback on the introduction. We ask you to to complete the instrument and then comment on matters such as clarity, length, wording, flow, and timing. Please point out items that you found to be improved. Please tick on the ’problem indicator box’ “□” located on the right of each question if you perceive a potential problem. Space (text box) is provided below each question for notes and suggestions about suspected problems.
Thank you for contributing to this phase of my research.
*Please complete this form, save the changes and kindly email it back to: [email protected]
Introduction
Identity Management Systems (IdMS) are services available on the Web that enable you to create and manage your online identity. In the offline world you carry multiple forms of identification in your wallet, such as driver's licence, health insurance card, credit cards, affinity cards such as frequent flyer and loyalty cards. Similarly IdMS enable you to create a number of digital cards which you use to identify yourself with Web services that accept them. Every day Web transactions become easier, faster and safer: login, payment, form filling and information sharing. With IdMS you do not need to manage multiple usernames and passwords.
IdMS - like the Web itself - are open, neutral industry standard for safer digital identity supported by some of the world’s largest companies.
The information that you provide and manage for an IdMS can include: your name; address; phone numbers; e-mail address; birth date; gender and a web site specific key for each site where you may use the card to identify yourself.
Examples of IdMS including: password-management tools and software, Microsoft Passport, OpenID, InformationCard (CardSpace), Facebook Connect, etc.
Feedback
Part1: Usage, Experience and Influence
Appendices
345
1. How long have you been using the Internet? □ o less than 1 year o between 1 and 3 years o between 4 and 7 years o between 8 and 10 years o 10 years or more
2. Approximately, how many hours per week you use each of the following online services and applications: □
Do not use
<1 h
1 - 4 h
4 - 10 h
10 - 30 h
30 - 60 h
>60 h
Internet
Facebook
LinkedIn
Online shopping
Online payment *If you use the online shopping/payment service:
Which of the following online payments methods do you use? □ O Credit Card O PayPal O Online banking O Others: specify _____
3. I often disclose my personal information and access my online data for: □
O Non-financial transactions O Financial transactions
4. Have you used any identity management service or technology (e.g. single sign-on system)?
O Yes O No □
If so which one? ____________
Appendices
346
5. How would you rate your knowledge of IdMS? □
o know nothing o little knowledgeable o somewhat knowledgeable o knowledgeable o very knowledgeable
6. Do you know anyone who is using an identity management system? O Yes O No □
If Yes What percentage of the people you know are using an identity management system? ____ %
1. It bothers me when an online service provider asks me for identity information.
O O O O O O O □
2. When an online service provider asks me for identity information, I sometimes think twice before providing it.
O O O O O O O □
3. It bothers me to give my identity information to so many online service providers.
O O O O O O O □
4. I'm concerned that online service providers are collecting too much identity information about me.
O O O O O O O □
5. IdMS providers should take more steps to make sure that the identity information in their files is accurate.
O O O O O O O □
6. IdMS providers should have better procedures to correct errors in identity information.
O O O O O O O □
7. IdMS providers should devote more time and effort to verifying the accuracy of the identity information in their databases.
O O O O O O O □
8. When people give identity information to an IdMS provider, the provider should never use the information for any other reason.
O O O O O O O □
9. IdMS providers should never sell the identity information in their databases to other companies.
O O O O O O O □
10. IdMS providers should never share identity information with other companies unless it has been authorized by the individuals who provided the information.
O O O O O O O □
11. IdMS providers should devote more time and effort to preventing unauthorized access to identity information.
O O O O O O O □
12. IdMS should take more steps to make sure that unauthorized people cannot access identity information in their computers databases.
O O O O O O O □
13. Consumer online privacy is really a matter of consumers’ right to exercise control and autonomy over decisions about how their information is collected, used and shared.
O O O O O O O □
14. I believe that online privacy is invaded when control is lost or unwillingly reduced as a result of an online transaction.
O O O O O O O □
15. IdMS providers should disclose the way the data are collected, processed,
O O O O O O O □
Appendices
351
and used.
16. It is very important to be aware and be knowledgeable about how my identity information will be used.
O O O O O O O □
17. IdMS providers should explain why they would collect identity information.
O O O O O O O □
18. IdMS providers should explain how they would use the information collected about me.
O O O O O O O □
19. IdMS providers should give me a clear choice before disclosing identity information about me to third parties.
O O O O O O O □
20. IdMS providers have a mechanism to review and change incorrect identity information.
O O O O O O O □
21. IdMS should give me a choice to alter and delete my online identity.
Education: O High school O Certificate or Diploma O Bachelor’s Degree O Master’s Degree or higher. □
General comments
Appendices
354
Appendix 6.2: Survey Questionnaire Modification After Expert Panel Feedback The following table lists the changes that were added to, deleted or modified in the questionnaire in the expert panel review phase.
Part/Construct Statement/item Action Reason Introduction “If a user subscribes to an identity management service, they can
access web sites affiliated with the identity management service. The user can manage their identity information among various web sites in an integrated way through this service.”
Added How the IdMS work provides more background and features about IdMS.
Information disclosure
I often disclose my personal information and access my online data for:
o Non-financial transactions o Financial transactions
How often do you disclose your personal information online for non-financial transactions? How often do you disclose your personal information online for financial transactions?
Modified Added Added
The respondents may disclose his/her personal information for both transactions. In addition, “access my online data” was deleted because it could be interpreted in many different ways by the respondents. For example, an individual could disclose his/her personal information once a year but he/she accesses his/her online data once a week. Therefore, the question was then split into two new questions. Items were developed to be used with a seven-point Likert scale ranging from “never” to “more than once a day.”
IdMS knowledge How would you rate your knowledge of IdMS? Which of the following identity management systems technologies and services are you aware of?
□ Microsoft Passport □ Facebook Connect □ Open ID □ Card Space (Information cards) □ Web Single Sign–on □ Password-management tools and software □ Google ID □ PayPal Access □ Cloud identity management software □ Other. Specify _______
Deleted Added
This question was considered to be vague: it was suggested that a list of familiar Web-based IdMS be added as some respondents would not know what an IdMS was. This list of IdMS was recommended by most of the experts. It was also suggested that “awareness” be asked about instead of “knowledge” in terms of familiarity with the concept. Also, it was suggested that this question be moved and that it be asked before questions about the usage of IdMS.
Appendices
355
How long have you been using an identity management system? Please indicate how often you use the following identity management systems technologies and services? The participants were asked about a list of IdMS services and technologies that they are aware of to qualify the type of IdMS users’ use.
Added Respondents would provide more information to further notify the researcher concerning key characteristics of the sample and adding insights into aspects related to IdMS usage which would enrich the interpretation of the data.
Prior use of IdMS (SSO)
Have you used any identity management system service or technology (e.g. single sign-on system)? “Do you use an identity management system to login to different web services that you use (e.g. using Google ID username and password to log in to multiple websites)?”
Modified Added
The trade-off present in the question caused ambiguity. The question was reworded to improve clarity and to fit the study’s purpose.
Experience What is your overall level of computing expertise? Added This question was suggested to improve the ability of the experience variable to capture variance. It was also recommended that this question be put at the beginning of the survey.
Behavioural intentions
INTU1 : I will definitely consider using an IdMS INTD2: It is important to me to protect my online identity. INDT3: I am concerned with the consequences of sharing my identity information online.
Modified Deleted Deleted
To improve its phrasing and to increase the variance in the responses, this question was modified to read: “I intend to use an IdMS in the future”. These items were deleted as they were redundant and similar to other items.
Perceived usefulness Perceived ease of use
PU4: If I were to adopt an IdMS, managing and controlling my online identity would improve. PEOU5: Overall, it will be easy to use an IdMS.
Deleted Deleted
Similar to other items Similar to other items
Trust TAI4: IdMS providers would be sincere and genuine. TPI4: An IdMS would be sincere and genuine.
Deleted Deleted
Redundant and similar to other items Redundant and similar to other items
Appendices
356
Privacy concerns PAWN1: I'm concerned that online service providers are collecting too much identity information about me. PCOL4: IdMS providers should disclose the way the data are collected, processed and used. PCH3: IdMS should give me a choice to alter and delete my online identity.
Deleted Deleted Deleted
Similar to other items Similarity to other items This item was found to be ambiguous and similar to other questions.
Subjective norms Do you know anyone who is using an identity management system? What percentage of the people do you know who are using an identity management system? SN1: Most people who are important to me will think that I should adopt an IdMS. SN2: Most people who are important to me would recommend using IdMS services and technologies.
Deleted Deleted Added Added
These two questions were perceived as vague and confused. As these would measure subjective norms, it was suggested that two clear items be added. It was recommended that these items be used to measure subjective norms instead of the questions that had been deleted.
Demographics Country Added Most of the panel suggested that participants be asked which country they came from as this information would enhance the interpretation of the data and could be useful in future work.
Appendices
357
Appendix 6.3: The Survey Questionnaire Used in this Study
Appendices
358
Appendices
359
Appendices
360
Appendices
361
Appendices
362
Appendices
363
Appendices
364
Appendices
365
Appendices
366
Appendices
367
Appendix 6.4: Human Ethics Approval
ASB HREA Application 126021 Sent: Friday, 27 April 2012 Dear Mr Alkhalifah and Associate Professor D’Ambra, Title: Factors Effecting User Adoption of Identity Management Systems: An Empirical Study Reference No: 126021 Members of the ASB Research Ethics Advisory Panel have reviewed your application and are satisfied that this project now meets the requirements as set out in the National Statement on Ethical conduct in Human Research. Having taken into account the advice of the Panel, the Deputy Vice-Chancellor (Research) has approved the project to proceed. Please note that this approval in valid for 12 months from the date of this e-letter. Yours sincerely, Professor Gary Monroe Convenor Human Research Ethics Advisory (HREA) Panel Australian School of Business [email protected]
Appendiix 6.5: Loadi
368
ing and Cros
8
s-loading Maatrix (Pilot SStudy)
Appendices
3699
Appendices
Appendices
370
Appendix 7.1: Descriptive and ANOVA Statistics
Factor Full Sample (N=332)
LinkedIn users (N=184)
Facebook users (N=148)
ANOVA
Mean Std.Dev Mean Std.Dev Mean Std.Dev t-value p-value