Factors Affecting User Adoption of Identity Management Systems: An Empirical Study Ali Alkhalifah A thesis in fulfilment of the requirements for the degree of Doctor of Philosophy School of Information Systems, Technology and Management Australian School of Business The University of New South Wales (UNSW) 2013
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Factors Affecting User Adoption of Identity
Management Systems: An Empirical Study
Ali Alkhalifah
A thesis in fulfilment of the requirements for the degree of Doctor of Philosophy School of Information Systems, Technology and Management Australian School of Business The University of New South Wales (UNSW) 2013
THE UNIVERSITY OF NEW SOUTH WALES
Thesis/Dissertation Sheet
Surname or Family name: Alkhalifah
First name: Ali
Abbreviation for degree as given in the University calendar: PhD
Other name/s:
School: Information Systems, Technology and Management
Title: Factors Affecting User Adoption of Identity Management Systems: An Empirical Study.
Faculty: Australian School of business
Abstract 350 words maximum:
Web-based identity management systems (IdMS), a new and innovative information technology (IT) artefact, involve the integration of emerging technologies and business processes to create identity-centric approaches for the management of users, their attributes, authentication factors and security privileges across the Internet within multiple websites.With the growth of online identities on the Internet, IdMS enable the use of the same user data, managed identifiers and authentication credentials across multiple websites, reducing the number of identifiers (e.g. passwords) and profiles with which a user has to deal.The key to the adoption of any solution in the online identity space is the willingness of the user population to accept the proposed solution. Understanding factors that affect user adoption of innovative IT is of interest to researchers in a diversity of fields. However, no research has investigated the conceptualization and measurement, and empirically examined the initial adoption of IdMS from the end-user perspective. The main objective of this study is to fill this clear gap by aiming to develop a theoretical model by integrating theories from information systems and psychology literature to understand and empirically examine the important factors affecting the user adoption of IdMS. The study suggests a positive-quantitative approach to explain and predict a causal model and validate the results. The research instruments were developed and validated using pre-tests and pilot study. The data collection was carried out using an online survey method, with 332 respondents form Facebook and LinkedIn users. Data analyses were conducted under structural equation modelling using the partial least squares technique. The model was successfully validated, and statistically significant confirmation was provided that perceived usefulness, perceived ease of use, fit, trusting beliefs, trust in the Internet, information disclosure, privacy concerns and cost influenced behavioural intentions to adopt IdMS. The study theoretically extends the body of knowledge of IT adoption into the IdMS domain. Moreover, it provides a theoretical user-adoption model relevant to IdMS. For practitioners, the study develops guidelines for IdMS designers and provides for the employment of more targeted implementation efforts. The study discusses some implications and highlights some opportunities for creating and enhancing new IdMS.
Declaration relating to disposition of project thesis/dissertation
I hereby grant to the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or in part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all property rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation.
I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstracts International (this is applicable to doctoral theses only).
… ………
Signature
……………………………………..………………
Witness
……….………23/8/2013…………
Date
The University recognises that there may be exceptional circumstances requiring restrictions on copying or conditions on use. Requests for restriction for a period of up to 2 years must be made in writing. Requests for a longer period of restriction may be considered in exceptional circumstances and require the approval of the Dean of Graduate Research.
FOR OFFICE USE ONLY
Date of completion of requirements for Award:
THIS SHEET IS TO BE GLUED TO THE INSIDE FRONT COVER OF THE THESIS
COPYRIGHT STATEMENT
‘I hereby grant the University of New South Wales or its agents the right to archive and to make available my thesis or dissertation in whole or part in the University libraries in all forms of media, now or here after known, subject to the provisions of the Copyright Act 1968. I retain all proprietary rights, such as patent rights. I also retain the right to use in future works (such as articles or books) all or part of this thesis or dissertation. I also authorise University Microfilms to use the 350 word abstract of my thesis in Dissertation Abstract International (this is applicable to doctoral theses only). I have either used no substantial portions of copyright material in my thesis or I have obtained permission to use copyright material; where permission has not been granted I have applied/will apply for a partial restriction of the digital copy of my thesis or dissertation.'
Signed ………… ……………………. Date …………23/8/2013…………………………………..........
AUTHENTICITY STATEMENT
‘I certify that the Library deposit digital copy is a direct equivalent of the final officially approved version of my thesis. No emendation of content has occurred and if there are any minor variations in formatting, they are the result of the conversion to digital format.’
Signed ………… …………….
Date ……......23/8/2013 ……………
ORIGINALITY STATEMENT ‘I hereby declare that this submission is my own work and to the best of my knowledge it contains no materials previously published or written by another person, or substantial proportions of material which have been accepted for the award of any other degree or diploma at UNSW or any other educational institution, except where due acknowledgement is made in the thesis. Any contribution made to the research by others, with whom I have worked at UNSW or elsewhere, is explicitly acknowledged in the thesis. I also declare that the intellectual content of this thesis is the product of my own work, except to the extent that assistance from others in the project's design and conception or in style, presentation and linguistic expression is acknowledged.’
Signed ………… ...,,,,, Date ………23/8/2013…………………..............
I
Abstract
Web-based identity management systems (IdMS), a new and innovative information technology
(IT) artefact, involve the integration of emerging technologies and business processes to create
identity-centric approaches for the management of users, their attributes, authentication factors
and security privileges across the Internet within multiple websites.With the growth of online
identities on the Internet, IdMS enable the use of the same user data, managed identifiers and
authentication credentials across multiple websites, reducing the number of identifiers (e.g.
passwords) and profiles with which a user has to deal.The key to the adoption of any solution in
the online identity space is the willingness of the user population to accept the proposed
solution. Understanding factors that affect user adoption of innovative IT is of interest to
researchers in a diversity of fields. However, no research has investigated the conceptualization
and measurement, and empirically examined the initial adoption of IdMS from the end-user
perspective. The main objective of this study is to fill this clear gap by aiming to develop a
theoretical model by integrating theories from information systems and psychology literature to
understand and empirically examine the important factors affecting the user adoption of IdMS.
The study suggests a positive-quantitative approach to explain and predict a causal model and
validate the results. The research instruments were developed and validated using pre-tests and
pilot study. The data collection was carried out using an online survey method, with
332 respondents form Facebook and LinkedIn users. Data analyses were conducted under
structural equation modelling using the partial least squares technique. The model was
successfully validated, and statistically significant confirmation was provided that perceived
usefulness, perceived ease of use, fit, trusting beliefs, trust in the Internet, information
disclosure, privacy concerns and cost influenced behavioural intentions to adopt IdMS. The
study theoretically extends the body of knowledge of IT adoption into the IdMS domain.
Moreover, it provides a theoretical user-adoption model relevant to IdMS. For practitioners, the
study develops guidelines for IdMS designers and provides for the employment of more
targeted implementation efforts. The study discusses some implications and highlights some
opportunities for creating and enhancing new IdMS.
II
Publications Relating to this Thesis
1. Alkhalifah, A. & D'Ambra, J. 2011. Applying Task-Technology Fit to the Adoption of Identity Management Systems. Proceedings of the 22nd Australasian Conference on Information Systems (ACIS2011), Sydney, Australia.
2. Alkhalifah, A. and D'Ambra, J. 2011. A Research Methodology to Explore User Acceptance of Identity Management Systems. In: Karnik, Ajit - Stephenson, Marcus, ed. Proceedings of the First International Conference on Emerging Research Paradigms in Business and Social Sciences (ERPBSS2011). Middlesex University Dubai, Dubai, United Arab of Emirates.
3. Alkhalifah, A. & D'Ambra, J. 2012. Factors Effecting the Adoption of Identity Management Systems: An Empirical Study. Proceedings of the 16th Pacific Asia Conference on Information Systems (PACIS2012), Ho Chi Minh city, Vietnam.
4. Alkhalifah, A. & D'Ambra, J. 2012. The Role of Identity Management Systems in Enhancing Protection of User Privacy. Proceedings of the International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec2012), IEEE, Kuala Lumpur, Malaysia.
5. Alkhalifah, A. & D'Ambra, J. 2012. The Role of Trust in the Initial Adoption of Identity Management Systems. Proceedings of the 21st International Conference on Information Systems Development (ISD2012), Prato, Italy.
Presentation Relating to this Thesis
PhD Doctoral Consortium, the 16th Pacific Asia Conference on Information Systems (PACIS2012), 11-12 July 2012, University of Science, Ho Chi Minh city, Vietnam, 2012.
III
Acknowledgments
I owe sincere thanks to the people who have supported me during my PhD journey, especially
to:
My research supervisor, A/Prof. John D’Ambra, who made me believe in myself and guided me
through the whole process of this research. I am sure that this thesis would not have been
possible without his support, understanding and encouragement.
My parents; you always been me throughout my entire life and educational journey. Thank you
for always encouraging me to reach my dreams. I love you very much.
My wife Alya and son Almohanad for their love and never-ending support. Without you, I
would not be the person I am today.
My brothers and sisters for their encouragement and moral support; you always have been my
greatest persons.
I would like to thank A/Prof. Aybuke Aurum, A/Prof. Kieran Conboy and Dr. Daniel
Schlagwein for their valuable comments and suggestions on the research proposal. I also thank
the Pacific Asia Conference on Information Systems (PACIS 2012) Doctoral Consortium’
counsellors : Prof. Detmar Straub (Georgia State University) , Prof. Guy Gable (Queensland
University of Technology) and A/Prof. Kai-Lung Hui (Hong Kong University of Science and
Technology) for their precious feedback and suggestions on the research model and design.
Finally, I am grateful to Prof. Wynne Chin (University of Houston) for his support in
strengthening my data analysis skills through the partial least squares course work.
Lastly, I would like to show my gratitude to the University of New South Wales, Qassim
University and Saudi Cultural Mission in Australia for their full and financial support during my
PhD journey.
IV
Table of Contents
ABSTRACT ............................................................................................................................................................... I
PUBLICATIONS RELATING TO THIS THESIS .................................................................................................. II
ACKNOWLEDGMENTS ........................................................................................................................................ III
LIST OF TABLES .................................................................................................................................................... X
LIST OF FIGURES ................................................................................................................................................ XII
LIST OF ABBREVIATIONS ............................................................................................................................... XIII
CHAPTER 1: INTRODUCTION 1.1 Introduction and Motivation for the Research ............................................................................................................. 1 1.2 Significance of the Research ................................................................................................................................................. 4 1.2.1 Overview of the Identity Management Systems Research ............................................................................ 5 1.2.2 User Adoption of Identity Management Systems .............................................................................................. 6 1.3 Research Focus, Objective and Question ........................................................................................................................ 8 1.3.1 The Scope of Identity Management Systems in this Study............................................................................ 8 1.4 Overview of the Research Strategy ................................................................................................................................. 10 1.5 Research Contributions ....................................................................................................................................................... 12 1.6 Organization of the Chapters ............................................................................................................................................. 13 1.6.1 Chapter 1: Introduction .............................................................................................................................................. 13 1.6.2 Chapter 2: Literature Review (Identity Management Systems) .............................................................. 13 1.6.3 Chapter 3: Literature Review (Information System, Technology Adoption) .................................... 14 1.6.4 Chapter 4: Conceptual Model and Research Hypotheses ........................................................................... 14 1.6.5 Chapter 5: Research Design and Methodology ................................................................................................ 14 1.6.6 Chapter 6: Instrument Development ................................................................................................................... 15 1.6.7 Chapter 7: Data Analysis and Results .................................................................................................................. 15 1.6.8 Chapter 8: Discussion and Conclusions .............................................................................................................. 15 CHAPTER 2: LITERATURE REVIEW (IDENTITY MANAGEMENT SYSTEMS) 2.1 Introduction .............................................................................................................................................................................. 16 2.2 The Concepts of Identity ...................................................................................................................................................... 18 2.2.1 Identity ............................................................................................................................................................................... 18 2.2.2 Online Identity ................................................................................................................................................................ 19 2.2.3 Partial Identity ................................................................................................................................................................ 20 2.2.4 Identity Management .................................................................................................................................................. 21 2.2.5 Identity Theft ................................................................................................................................................................... 21 2.2.6 Identity 3.0 ....................................................................................................................................................................... 21 2.3 Stakeholders of Identity Management Systems ....................................................................................................... 22 2.4 Definition of Identity Management Systems .............................................................................................................. 23
V
2.4.1 Definition of Identity Management Systems in this Study ......................................................................... 25 2.5 Characteristics and Features of Identity Management Systems ....................................................................... 27 2.5.1 The Laws of Identity .................................................................................................................................................... 27 2.5.2 Functions of Identity Management Systems ..................................................................................................... 27 2.6 The Trajectory of Identity Management Systems Migration .............................................................................. 32 2.6.1 From Proprietary Identity to Open Identity Exchange ................................................................................ 33 2.6.2 Identity Management System Models .................................................................................................................. 35 2.6.3 A Comparison of Identity Management Systems Models ........................................................................... 40 2.7 The Security of Identity Management Systems......................................................................................................... 42 2.8 The Current Identity Management Systems Research .......................................................................................... 44 2.8.1 The Innovation of the Identity Management Systems Research Framework ................................... 44 2.8.2 Research Method ........................................................................................................................................................... 46 2.8.3 Findings and Analysis .................................................................................................................................................. 48 2.8.4 Identity Management System Challenges .......................................................................................................... 58 2.8.5 User Adoption of Identity Management Systems ........................................................................................... 59 2.8.6 Gaps in the Identity Management Systems literature .................................................................................. 61 2.8.7 Conclusion and Future Recommendation .......................................................................................................... 62 2.9 Identity Management Systems Landscape .................................................................................................................. 64 2.10 Summary .................................................................................................................................................................................. 66 CHAPTER 3: LITERATURE REVIEW (INFORMATION SYSTEM, TECHNOLOGY ADOPTION) 3.1 Introduction .............................................................................................................................................................................. 67 3.2 Defining ‘User Adoption of Technology’ ....................................................................................................................... 68 3.3 Adoption Phases ...................................................................................................................................................................... 68 3.4 Review of Existing Technology Adoption Models and Theories ....................................................................... 70 3.4.1 Theory of Reasoned Action ....................................................................................................................................... 71 3.4.2 Theory of Planned Behaviour .................................................................................................................................. 72 3.4.3 Technology Acceptance Model ................................................................................................................................ 73 3.4.4 Innovation Diffusion Theory .................................................................................................................................... 77 3.4.5 Unified Theory of Acceptance and Use of Technology ................................................................................. 78 3.4.6 Task–Technology Fit .................................................................................................................................................... 81 3.6.7 Integrated Model of TAM and TTF ........................................................................................................................ 83 3.4.8 Social Cognitive Theory .............................................................................................................................................. 86 3.4.9 Cognitive Dissonance Theory .................................................................................................................................. 86 3.4.10 Trust–Risk Framework ............................................................................................................................................ 87 3.4.11 Conclusion of Review of Technology Adoption Models and Theories ............................................... 88 3.5 User Adoption of Web–based Services and Technologies ................................................................................... 89 3.5.1 Research Method ........................................................................................................................................................... 90 3.5.2 Analysis and Findings .................................................................................................................................................. 91 3.5.3 Gaps in the Literature on Adoption of Web–based Services and Technologies ............................... 96
VI
3.6 Factors Affecting User Adoption of Identity Management systems (Background and Theoretical Concepts)............................................................................................................................................................................................ 97 3.6.1 Perceived Ease of Use and Perceived Usefulness ........................................................................................... 98 3.6.2 Task and Technology Characteristics ................................................................................................................ 100 3.6.3 Fit ........................................................................................................................................................................................ 101 3.6.4 Perceived Risk............................................................................................................................................................... 105 3.6.5 Trust .................................................................................................................................................................................. 108 3.6.6 Privacy Concerns ......................................................................................................................................................... 112 3.6.7 Individual Difference Variables ............................................................................................................................ 117 3.7 Overall Gaps in the Literature ......................................................................................................................................... 118 3.8 Research Questions .............................................................................................................................................................. 120 3.9 Why Studying the Adoption of IdMS is Different to Any Other IT Artefact ............................................... 120 3.10 Summary ................................................................................................................................................................................ 122 CHAPTER 4: CONCEPTUAL MODEL AND RESEARCH HYPOTHESES 4.1 Introduction ............................................................................................................................................................................ 123 4.2 Research Model...................................................................................................................................................................... 123 4.3 Behavioural Intention (the Outcome Variable) ...................................................................................................... 126 4.4 Perceived Usefulness and Ease of Use ........................................................................................................................ 128 4.5 The Relationships between Perceived Risk and Trust ........................................................................................ 129 4.6 Perceived Risk ........................................................................................................................................................................ 131 4.6.1 Perceived Risk and Behavioural Intention ...................................................................................................... 132 4.7 Trust Constructs .................................................................................................................................................................... 133 4.7.1 Trusting Beliefs ............................................................................................................................................................ 135 4.7.2 Trust in the Internet ................................................................................................................................................... 139 4.8 Information Disclosure ...................................................................................................................................................... 141 4.9 Privacy Concerns ................................................................................................................................................................... 142 4.9.1 Privacy Concern Constructs ................................................................................................................................... 142 4.9.2 Privacy Concerns and Behavioural Intention ................................................................................................. 144 4.9.3 Privacy Concerns and Information Disclosure .............................................................................................. 145 4.9.4 Privacy Concern, Trust and Perceived Risk .................................................................................................... 146 4.10 Task–Technology Fit Constructs ................................................................................................................................. 147 4.10.1 Identity Management System Task Characteristics ................................................................................. 147 4.10.2 The Technology Characteristics of Identity Management Systems .................................................. 148 4.10.3 Fit ..................................................................................................................................................................................... 148 4.11 Situational Variables ......................................................................................................................................................... 151 4.11.1 Cost .................................................................................................................................................................................. 151 4.11.2 Facilitating Conditions ........................................................................................................................................... 152 4.11.3 Subjective Norms ...................................................................................................................................................... 153 4.12 The Moderating Effect: Web Single Sign-On .......................................................................................................... 155
VII
4.12.1Intention to Disclose Identity Information and Intention to Use IdMS ............................................ 155 4.12.2 Perceived Usefulness and Intention to Use .................................................................................................. 156 4.12.3 Trusting Beliefs and Behavioural Intention to Use ................................................................................... 157 4.12.4 Privacy Concerns and Intention to Disclose Identity Information .................................................... 157 4.12.5 Cost and Intention to Use ...................................................................................................................................... 158 4.13 Control Variables ................................................................................................................................................................ 159 4.13.1 Demographic Variables (Age, Gender and Education) ............................................................................ 159 4.13.2 Internet and Web Services Experience .......................................................................................................... 160 4.13.2 Previous Experience of Identity Theft ............................................................................................................ 161 4.14 Summary ................................................................................................................................................................................ 162 CHAPTER 5: RESEARCH DESIGN AND METHODOLOGY 5.1 Introduction ............................................................................................................................................................................ 165 5.2 Research Paradigm .............................................................................................................................................................. 165 5.3 Methodological Approach ................................................................................................................................................. 166 5.4 Research Method .................................................................................................................................................................. 167 5.4.1 Survey ............................................................................................................................................................................... 167 5.4.2 Online Survey ................................................................................................................................................................ 168 4.5.3 Cross-sectional Survey Design .............................................................................................................................. 169 5.5 Data Collection Procedure ................................................................................................................................................ 169 5.5.1 Sampling Technique ................................................................................................................................................... 170 5.5.2 Target Population........................................................................................................................................................ 171 5.5.3 Sample Adequacy ........................................................................................................................................................ 177 5.5.4 Incentive for Participation in the Survey ......................................................................................................... 178 5.5.5 Recruiting Technique ................................................................................................................................................ 178 5.6 Measurement Development ............................................................................................................................................. 180 5.7 Reliability and Validity ....................................................................................................................................................... 181 5.7.1 Reliability ........................................................................................................................................................................ 181 5.7.2 Validity ............................................................................................................................................................................. 182 5.8 Data Analysis ........................................................................................................................................................................... 184 5.8.1 Structural Equation Modelling .............................................................................................................................. 184 5.8.2 Why this Study Chose PLS ....................................................................................................................................... 185 5.8.3 Factor Analysis ............................................................................................................................................................. 186 5.8.4 Structural Model Evaluation .................................................................................................................................. 187 5.9 Statistical Considerations.................................................................................................................................................. 188 5.9.1 Non–responsive Bias ................................................................................................................................................. 189 5.9.2 Distribution Assumptions ....................................................................................................................................... 189 5.9.3 Common Method Variance ...................................................................................................................................... 190 5.10 Estimating the Higher-order Constructs ................................................................................................................. 192 5.10.1 Testing for Higher–order Constructs .............................................................................................................. 194
VIII
5.11 Control Variables ................................................................................................................................................................ 195 5.12 Summary ................................................................................................................................................................................ 197 CHAPTER 6: INSTRUMENT DEVELOPMENT 6.1 Introduction ............................................................................................................................................................................ 198 6.2 Item Creation and Identification .................................................................................................................................... 199 6.2.1 Construct Operationalization ................................................................................................................................ 200 6.3 Pre-Testing Survey Instruments .................................................................................................................................... 211 6.3.1 Expert Review ............................................................................................................................................................... 211 6.3.2 Questionnaire Design ................................................................................................................................................ 213 6.3.3 Survey Pre-tests ........................................................................................................................................................... 215 6.4 Measurement Model Specification ................................................................................................................................ 217 6.5 Pilot Study ................................................................................................................................................................................ 219 6.5.1 Sampling Procedure ................................................................................................................................................... 219 6.5.2 Verifying Data Characteristics ............................................................................................................................... 220 6.5.3 Measurement Assessment ...................................................................................................................................... 221 6.6 Scale Refinement ................................................................................................................................................................... 229 6.7 Summary ................................................................................................................................................................................... 230 CHAPTER 7: DATA ANALYSIS AND RESULTS (MAIN STUDY) 7.1 Introduction ............................................................................................................................................................................ 231 7.2 Sampling Procedure ............................................................................................................................................................ 231 7.2.1 Profile of Respondents .............................................................................................................................................. 232 7.2.2 Verifying data characteristics ................................................................................................................................ 235 7.3 Measurement Model ............................................................................................................................................................ 237 7.3.1 First-order Measurement Model .......................................................................................................................... 237 7.3.2 Interaction Measurement Model .......................................................................................................................... 242 7.3.3 Higher-order Measurement Model ..................................................................................................................... 242 7.4 Structural Model and Hypotheses Testing ................................................................................................................ 246 7.4.1 Main Effect ...................................................................................................................................................................... 246 7.4.2 Moderate Effect ............................................................................................................................................................ 249 7.5 Structural Model Evaluation ............................................................................................................................................ 251 7.6 Impact of Control Variables ............................................................................................................................................. 252 7.6.1 First Analysis for Measurement Properties of Control Variables ......................................................... 252 7.6.2 Impact of Control Variables .................................................................................................................................... 253 7.7 Overall Findings of Hypotheses Testing .................................................................................................................... 254 7.8 Summary ................................................................................................................................................................................... 257 CHAPTER 8: DISCUSSION AND CONCLUSIONS 8.1 Introduction ............................................................................................................................................................................ 258 8.2 Research Objectives and Questions .............................................................................................................................. 258 8.3 Major Findings ....................................................................................................................................................................... 259
IX
8.3.1 To What Extent Do the Factors Affect Users’ Behavioural Intentions to Adopt IdMS? ............... 260 8.3.2 How Do Users Perceive the Factors that Affect IdMS Adoption? .......................................................... 267 8.3.3 How Does Prior Experience of SSO Affect the Adoption of IdMS? ........................................................ 272 8.3.4 Do Individual Differences Have any Effect on User Adoption of IdMS? ............................................. 274 8.4 Contributions and Implications ..................................................................................................................................... 276 8.4.1 Theoretical Contributions ....................................................................................................................................... 276 8.4.2 Practical Implications ................................................................................................................................................ 285 8.5 Research Limitations and Future Directions ........................................................................................................... 288 8.6 Concluding Remarks............................................................................................................................................................ 294 REFERENCES .................................................................................................................................................... 296
APPENDICES Appendix 2.1: Identity Management Systems Standards and Technologies .................................................... 326 Appendix 2.2: A Description of the Publications Identified in the Selection Phase of IdMS Literature Review ............................................................................................................................................................................................... 330 Appendix 3.1: Studies Identified in Selection Phase of Web-based Services and Technologies Adoption Literature ......................................................................................................................................................................................... 334 Appendix 3.2: Studies According to Publications Distribution ............................................................................... 342 Appendix 5: Prevalent Common Method Bias (CMB) Techniques ........................................................................ 343 Appendix 6.1: Initial Questionnaire Draft and Expert Form .................................................................................... 344 Appendix 6.2: Survey Questionnaire Modification After Expert Panel Feedback .......................................... 354 Appendix 6.3: The Survey Questionnaire Used in this Study ................................................................................... 357 Appendix 6.4: Human Ethics Approval .............................................................................................................................. 367 Appendix 6.5: Loading and Cross-loading Matrix (Pilot Study) ............................................................................. 368 Appendix 7.1: Descriptive and ANOVA Statistics .......................................................................................................... 370 Appendix 7.2: Loading and Cross-loading Matrix (Main Study) ............................................................................. 371 Appendix 7.3: Items and Convergent Validity for Fit Construct ............................................................................. 373
X
List of Tables Table 2.1: Comparison between offline identity and online identity ........................................................................... 20 Table 2.2: The Laws of Identity ..................................................................................................................................................... 27 Table 2.3: Comparison of IdMS models ..................................................................................................................................... 40 Table 2.4: Distribution of publications ....................................................................................................................................... 47 Table 2.5: Focus for the IdMS research ...................................................................................................................................... 49 Table 2.6: Distribution of IdMS studies according to their applied application ..................................................... 57 Table 2.7: Identity management system challenges ............................................................................................................ 58 Table 3.1: Theories used in individual and organizational IT adoption research ................................................. 70 Table 3.2: Previous studies that integrate TAM/TTF .......................................................................................................... 85 Table 3.3: Studies published between 2003 and 2012 ....................................................................................................... 92 Table 3.4: Studies according to subject category .................................................................................................................. 92 Table 3.5: Intersection of theoretical models ......................................................................................................................... 93 Table 3.6: Focus of the WBST adoption research .................................................................................................................. 93 Table 3.7: Web-based services and technologies examined ............................................................................................ 94 Table 3.8: Factors affecting user adoption of WBST ............................................................................................................ 95 Table 3.9: Fit conceptualization used in TTF research ..................................................................................................... 103 Table 3.10: Description and definition of perceived risk facets ................................................................................... 107 Table 3.11: Studies of privacy concerns and their measures ........................................................................................ 115 Table 4.1: Relationships between perceived risk and trust ........................................................................................... 131 Table 4.2: Difference between this study and previous trust-TAM studies ............................................................ 138 Table 4.3: Definition of the dimensions of privacy concerns ......................................................................................... 144 Table 4.4: Operationalizing the fit construct ......................................................................................................................... 149 Table 4.5: Main constructs in the research model .............................................................................................................. 163 Table 5.1: Characteristics of the positivist paradigm in social science ..................................................................... 166 Table 5.2: Overview of data collection strategy ................................................................................................................... 170 Table 5.3 Number of Facebook and LinkedIn users across the selected countries ............................................. 176 Table 6.1: Initial items for first-order constructs................................................................................................................ 202 Table 6.2: Initial items for third-order trusting beliefs .................................................................................................... 204 Table 6.3: Initial items for third-order trust in the Internet .......................................................................................... 205 Table 6.4: Initial items for second-order privacy concerns ............................................................................................ 206 Table 6.5: Initial questions related to usage, control and demographic variables .............................................. 207 Table 6.6: The measurement model specification .............................................................................................................. 218 Table 6.7: First reliability evaluation ........................................................................................................................................ 224 Table 6.8: Results of confirmatory factor analysis and descriptive statistics of first-order measurements (pilot study) .......................................................................................................................................................................................... 225 Table 6.9: Correlations of the first-order measurement model (pilot study) ........................................................ 227 Table 6.10: Results of confirmatory factor analysis and descriptive statistics of higher-order measurements (pilot study) .......................................................................................................................................................... 229
XI
Table 7.1: Demographics of Respondents .............................................................................................................................. 233 Table 7.2: Sample Characteristics............................................................................................................................................... 234 Table 7.3: Knowledge of sample about IdMS applications ............................................................................................. 235 Table 7.4: The first-order measurement model (main study) ...................................................................................... 239 Table 7.5: Correlations of the first-order measurement model (main study) ....................................................... 241 Table 7.6: The higher-order measurement model (main study) ................................................................................. 244 Table 7.7: Results of the structural model and hypotheses testing ............................................................................ 249 Table 7.8: Results of moderating hypotheses ....................................................................................................................... 250 Table 7.9: Results of explained variance and predictive relevance ............................................................................ 251 Table 7.10: Measurement model of control variables – the formative construct ................................................ 252 Table 7.11: Impact of control variables ................................................................................................................................... 253 Table 7.12: Overall results of hypotheses testing ............................................................................................................... 255
XII
List of Figures Figure 1.1: Multi-system, multi-device, multi-identity proliferation .............................................................................. 2 Figure 1.2: Research outline ........................................................................................................................................................... 10 Figure 2.1: Informing disciplines (map of the literature review) .................................................................................. 16 Figure 2.2: Correspondence between entities, identities and characteristics/identifiers ................................. 19 Figure 2.3: Identity and partial identities of an exemplary user .................................................................................... 20 Figure 2.4: Isolated IdMS Model .................................................................................................................................................... 36 Figure 2.5: Centralized IdMS model ............................................................................................................................................ 37 Figure 2.6: Decentralized IdMS model ....................................................................................................................................... 39 Figure 2.7: The TFI model of information systems .............................................................................................................. 46 Figure 2.8: Number of publications per year .......................................................................................................................... 48 Figure 2.9: Classification of IdMS empirical research based on research methods used ................................... 53 Figure 2.10: Distribution of research focus perspectives over the TFI categories ................................................ 54 Figure 2.11: Distribution of IdMS by nature of research over the TFI categories ................................................. 55 Figure 2.12: Identity management systems research framework ................................................................................ 56 Figure 2.13: Identity management landscape ........................................................................................................................ 65 Figure 3.1: Theory of reasoned action (TRA) .......................................................................................................................... 72 Figure 3.2: Theory of planned behaviour (TPB) .................................................................................................................... 73 Figure 3.3: Technology acceptance model (TAM)................................................................................................................. 74 Figure 3.4: The original TAM model and four categories of modifications ............................................................... 76 Figure 3.5: Unified theory of acceptance and use of technology (UTAUT) .............................................................. 79 Figure 3.6: Unified theory of acceptance and use of technology2 (UTAUT2) .......................................................... 81 Figure 3.7: Basic task-tecgnology fit (TTF) model ................................................................................................................ 82 Figure 3.8: Integrated TAM/TTF model .................................................................................................................................... 84 Figure 3.9: Statistical model for task-technology fit as moderation........................................................................... 105 Figure 4.1: Research model ........................................................................................................................................................... 125 Figure 4.2: Initial trust in IdMS adoption ................................................................................................................................ 134 Figure 4.3: Operationalizing the TTF model in this study (Fit as moderation)..................................................... 150 Figure 5.1: Banner advertisement .............................................................................................................................................. 180 Figure 6.1: Overview of instrument development procedure ....................................................................................... 199 Figure 7.1: Third–order reflective trusting beliefs model .............................................................................................. 244 Figure 7.2: Third-order reflective trust in the Internet model ..................................................................................... 245 Figure 7.3: Second-order reflective privacy concerns model ........................................................................................ 245 Figure 7.4: Results of the structural model ............................................................................................................................ 248
XIII
List of Abbreviations
BI CDT CFA CFIP CMB CMC CMV CV EFA FIM FIMS HCI ICT IdM IdMS IdP IDT INTD INTU IS IT IUIPC PCA PEOU PR PRIME PLS PU RP SAML SCT SEM SET SP SSO TAM TPB TRA TTF UTAUT WBST
Behavioural IntentionCognitive Dissonance Theory Confirmatory Factor Analysis Concern for Information Privacy Common Method Bias Computer Mediated Communication Common Method Variance Control Variable Exploratory Factor Analysis Federated Identity Management Federated Identity Management Systems Human Computer Interaction Information Communication Technology Identity Management Identity Management Systems Identity Provider Innovation Diffusion Theory Intention to Disclose identity information Intention to Use Information System Information Technology Internet Users’ Information Privacy Concerns Principal Component Analysis Perceived Ease of Use Perceived Risk Privacy and Identity Management for Europe Project Partial Least Squares Perceived Usefulness Relying Party Security Assertion Markup Language Social Contract Theory Structural Equation Modelling Social Exchange Theory Service Provider Single Sign-On Technology Acceptance Model Theory of Planned Behaviour Theory of Reasoned Action Task Technology Fit Unified Theory of Acceptance and Use of Technology Web-Based Services and Technologies
Chapter 1: Introduction
1.1 Introduction and Motivation for the Research
Today, the advent of Web 2.0 and Web 3.0 has followed personalized services, such as e-
government, e-commerce, and e-health applications, which involve and process a significant
amount of personal information. For instance, social networking sites such as Facebook enable
users to create detailed user profiles and to replicate and develop real-world social networks.
This trend has contributed to the growth of online identities, which contain a great deal of
information about users, including personal attributes and behavioural preferences as well as
access-related metadata. These personalized services represent a shift from a technical
development perspective to a traditional concept of identity that is socio-technically driven
towards facilitating social interactions and services (McLaughlin, Briscoe & Malone 2010).
The growing use of information and communications technology (ICT) in numerous contexts
such as the increasing presence of organizations on the Internet, and in different online
transactions such as business to customer (B2C) and government to customer (G2C), has
increased the need for users to closely examine how they represent themselves online and how
they identify with whom they are actually interacting (Josang, Al-Zomai & Suriadi 2007; Birrell
& Schneider 2012). Consequently, users of online services have multiple digital identities as
illustrated in Figure 1.1.
Threatening behaviours in the online world are also on the rise, particularly those associated
with identity theft. Identity theft significantly affects the economic decisions that people make
(Akerof & Kranton 2000) and poses security risks targeting both organizations and individuals
(Swartz 2009; Finklea 2012). For example, the US Federal Trade Commission (FTC) estimated
that identity theft costs customers about 50 billion dollars annually (FTC 2011, 2012).
Nevertheless, whereas proving claims of theft in the normal offline (bricks-and-mortar) world
are made according to well-known procedures, online identity management lacks the same
Chapter 1: Introduction
2
degree of recourse for consumers (Birrell & Schneider 2012). Identity management (IdM)
solutions manage the identity disorder generated from the use of many separate applications and
support a methodology that increases productivity and security reducing the costs related to
managing users and their identities, credentials and attributes (Lee 2003; Smith 2008; Landau &
Moore 2012; Jensen & Jaatun 2013).
Figure 1.1: Multi-system, multi-device, multi-identity proliferation (Source: Shaw 2008, p.1)
The issue of control over how people present themselves online is technologically challenging.
Web users need to maintain multiple and separate copies of online identities, authentication
credentials and profile information for each website. A study of password habits shows that a
typical Web user has about 25 password-protected accounts and enters approximately eight
passwords per day (Florencio & Herley 2007). In aiming to address this problem, a number of
identity management systems (IdMS) involving Web single sign-on (SSO) solutions have been
proposed and introduced. IdMS have been defined as a new information technology (IT) artefact
which involves the process, policies and emerging technologies used to manage information
Chapter 1: Introduction
3
about the identity of users and to control access to multiple websites (Lee 2003; Hitachi ID
Systems Inc 2012). Examples of IdMS include Microsoft Live Connect (Microsoft Passport),
OpenID, Information Cards, PayPal Access, Facebook Connect, Twitter OAuth, etc. According
to a study conducted by Blue Research, a majority of Web users (66%) see IdMS, specifically
SSO solutions, as an alternative and attractive solution for managing their online accounts and
accessing websites and they prefer it to be offered by websites (Olsen 2011).Therefore, the need
to effectively implement IdMS is increasingly critical. However, the adoption of IdMS has been
slow (Landau & Moore 2012). For example, the IdMS adoption rate was less than 5% in the US
and is even lower in other countries (Ivy, Conger & Landry 2010). Hence, IdMS must consider
the need to promote their adoption by end-users (Aichholzer & Straub 2010; Landau & Moore
2012).
The topic of the diffusion of innovative IT artefacts has been of interest among researchers (Luo
et al. 2010). Similar to other innovative technologies, IdMS faced adoption barriers in their
early stage (Ivy, Conger & Landry 2010; Friedman, Crowley & West 2011; Jensen 2012;
Landau & Moore 2012; Jensen & Jaatun 2013). The key to the mass adoption of any solution in
the online identity space is the willingness of the user population to accept the proposed solution
(miiCard 2011). Moreover, in the case of the commercial use of IdMS, it is likely that the value
of IdMS will increase as more users adopt it (Poetzsch et al. 2009). Previous researchers have
indicated that factors including technological advances, better understanding of technology and
more tech-savvy consumers make today's environment mature for the acceptance and use of
innovative technology (Luo et al. 2010). Nevertheless, the acceptance or rejection of the IdMS
artefact is still uncertain. Understanding factors of human identity (Roussos, Peterson & Patel
2003) and exploring factors that influence IdMS acceptance may give rise to suggestions to
increase user adoption of IdMS (Seltsikas & O’Keefe 2010). Hence, developing a model that
captures salient aspects of IdMS along with factors derived from understanding their adoption is
needed, particularly from the end-user perspective (Aichholzer & Straub 2010; Ivy, Conger &
Chapter 1: Introduction
4
Landry 2010; Alpar, Hoepman & Siljee 2011; Satchell et al. 2011).Therefore, this study aims to
determine and explain factors that influence user adoption of IdMS.
1.2 Significance of the Research
Identity is an emerging theme in academic literature (Halperin 2006), and identity management
has been identified as an emerging field and a key research topic for future decades (Dunleavy
et al. 2006; Halperin et al. 2008; Pfitzmann & Hansen 2010; Jensen & Jaatun 2013). Online
identity management is fundamental to the further development of the Internet economy
(Smedinghoff 2012). Identity management is important in different contexts, including within
the enterprise, e-commerce and government, to underpin business processes and services and
enable digital interactions and transactions from a consumer’s perspective (Mont, Bramhall &
Pato 2003). IdMS comprise a key research topic in the identity and identity management
domains. As digital identity has become more important in the online world, IdMS are essential
components for the successful growth and development of the next, so-called “3.0”, user-centric
Internet services. Furthermore, secure, reliable and user-friendly IdMS are considered
fundamental in establishing trust, such as in e-commerce applications (Alpar, Hoepman & Siljee
2011; Smedinghoff 2012). Therefore, the emergence of IdMS has brought about primary
changes in e-transactions; thus, researchers suggest that additional research into IdMS studies
should include the interaction between users and systems (Roussos, Peterson & Patel 2003; Ivy,
Conger & Landry 2010; Seltsikas & O‘Keefe 2010; Satchell et al. 2011; García, Oliva & Perez-
Belleboni 2012).
User adoption of IdMS could affect an individual’s acceptance of other services that implement
and use such systems (Seltsikas 2009; Seltsikas & O’Keefe 2010). As implementation of new
IdMS entails new risks, understanding how the risks arising from new IdMS deployed in online
services are perceived and addressed may be critical to individual acceptance of online services
(Seltsikas & O’Keefe 2010). However, little is known about how users perceive the use of
IdMS. Given the critical role that IdMS plays in different Web-based applications such as social
Chapter 1: Introduction
5
networking and e-commerce as well as in other services, it becomes crucial to understand how
users perceive this innovative technology in order to evaluate its design and increase its
adoption.
It has been suggested that IdMS are a basic feature of the IT infrastructure, and to accommodate
the changes introduced by Web 2.0, this infrastructure should be adapted before governments,
organizations and commercial enterprises start rethinking citizen, customer and services
relationships (Ostergaard & Hvass 2008; Smith 2008). The management of IdMS has been high
on the agendas of most governments for the last decade (Landau & Moore 2012). A survey
conducted in 2011 by the Organization for Economic Cooperation and Development (OECD)
identified 18 countries pursuing and implementing national strategies and polices for online
identity management systems including Australia, Austria, Canada, Chile, Denmark, Germany,
Italy, Korea, Japan, Luxembourg, Netherlands, New Zealand, Portugal, Slovenia, Spain,
Sweden, Turkey, and United States (OECD 2011). Furthermore, the market of IdMS technology
is expected to increase by next years.In 2008, Forrester Research, a technology and market
research firm that studies trends in technology and technology’s impact on consumers and
business, forecasts that the IdMS market would grow from nearly $2.6 billion in 2006 to more
than $12.3 billion by 2014 (Cser & Penn, 2008).
1.2.1 Overview of the Identity Management Systems Research
IdMS have three major stakeholders: the user, identity provider (IdP) and the relying parties
(RP) (Cameron, Posch & Rannenberg 2009). Previous IdMS studies have addressed the
importance of usability, privacy and security issues. Most of these studies have focused on
technical issues that deal with the underlying security technologies and designing privacy
protection solutions (e.g. Josang, Al-Zomai & Suriadi 2007; Rossudowski 2010) or providing
guidelines about how to design a decentralized Web IdMS (e.g. Dhamija & Dusseault, 2008).
Theoretical, social and regulatory dimensions have not been well addressed in the literature
(Adjei & Olesen 2011; Garcia, Oliva & Perez-Belleboni 2012). In addition, IdMS use and
Chapter 1: Introduction
6
context (from the IS perspective) and the adoption of IdMS technologies and services by the
end-user are not well examined in the published literature, which is sparse with regard to the
topic of directly examining IdMS (Seltsikas 2009; Seltsikas & O’Keefe 2010; Satchell et al.
2011; Jensen 2012). Digital identity schemes have been well documented from the providers’
perspective but have received much less attention in relation to the perception of IdMS from the
user’s perspective (Satchell et al. 2011). Moreover, there is lack of empirical and behaviour-type
research in identity management and IdMS contexts. Although limited studies have identified
and suggested some factors and metrics aimed towards the adoption of IdMS (Poetzsch et al.
2009; Ivy, Conger & Landry 2010; Jensen & Jaatun 2013) to the best of our knowledge, no
study to date has empirically explored and measured factors that may impact on the user’s
adoption of IdMS. This study is an attempt to both fill this important gap and contribute to the
literature by conducting research in IdMS adoption in the context of focusing on the perspective
of the end-user.
1.2.2 User Adoption of Identity Management Systems
The adoption and acceptance of IT has remained a vital concern of information system (IS)
research and practice (Venkatesh et al. 2003; Benbasat & Barki 2007; Williams, Rana &
Dwivedi 2011; Venkatesh, Thong & Xu 2012). Two keywords ‘adoption’ and ‘acceptance’
were employed to search published output for this study. Therefore, the two words are used
interchangeably. User adoption of IS/IT has occupied IS researchers to the extent that IS/IT
adoption and diffusion research is now considered the most mature area of exploration within
the IS discipline (Hirschheim 2007; Straub & Burton-Jones 2007; Turner et al. 2010; Williams,
Rana & Dwivedi 2011; Venkatesh, Thong & Xu 2012). Moreover, user adoption of new
technologies is an ongoing management challenge (Schwarz & Chin 2007; Venkatesh, Thong &
Xu 2012). The factors affecting rejection or acceptance of an emerging IT artefact such as IdMS
have been of interest among IS researchers, but they remain unknown (Gefen, Benbasat &
Pavlou 2008; Luo et al. 2010). Research in technology adoption has resulted in several
theoretical models (Davies 1989; Taylor & Todd 1995; Venkatesh et al. 2003; Benbasat &
Chapter 1: Introduction
7
Barki 2007; William et al., 2009, 2011; Venkatesh, Thong & Xu 2012). However, little research
in user adoption of IdMS has been undertaken.
Many studies have focused on the factors that influence the adoption of IT products (e.g. Im,
Kim & Han 2008; Yen et al. 2010; Behrenda et al. 2011) or Web-based services such as Internet
banking and online shopping for the past decade (e.g. Gefen, Karahanna & Straub 2003; Cheng,
Lam & Yeung 2006; Lee 2009b; Luo et al. 2010). Despite the growing interest in Web 2.0
applications and innovative Internet-based technologies such as IdMS, there is a lack of research
studying the adoption behaviors of these technologies (Cheung & Vogel 2013). To the best of
our knowledge, no study has focused on the adoption of IdMS to capture the positive or
negative factors at the individual level. In general, this issue associated with IdMS adoption has
received little attention in the academic literature (Poetzsch et al. 2009; Seltsikas 2009; Seltsikas
& O’Keefe 2010; Satchell et al. 2011; Jensen & Jaatun 2013). The innovative nature of IdMS
along with the ongoing adoption process provided the motives for conducting an innovation–
adoption study on IdMS. Therefore, the main objective of this study is to provide a better
understanding of the role of influence factors in user adoption of IdMS.
IT is utilized as it adds real value (Cane & McCarthy 2009). Thus, it has been widely studied
and a number of theories have been applied to study IS/IT adoption and use in many contexts
(Cane & McCarthy 2009; William et al. 2011). The extant literature on user acceptance of IS/IT
relies on existing technology adoption theories and models, such as the technology acceptance
model (TAM) (Davis 1989) and the innovation diffusion theory (IDT) (Rogers 1995). However,
most have neither captured the specificities of IdMS nor introduced new constructs that have
been empirically developed and validated. A solid theoretical foundation investigating user
adoption of IdMS in the technology adoption theories would support the development of
empirical studies on the user acceptance of IdMS.
Chapter 1: Introduction
8
1.3 Research Focus, Objective and Question
The focus of this research is on the user adoption of Web-based identity management systems
(IdMS). In the investigation of emerging topics, it is a tradition in the IS field to take advantage
and to seek involvement of reference disciplines such as psychology and economic (Benbasat &
Weber 1996; Crossler et al. 2013). Due to the lack of existing theories and studies in IdMS area,
the current research has sought support in more consolidated body of knowledge, that is, IS/IT
adoption.
The aim of this study is to develop and validate a model of the factors that affect user adoption
of IdMS from the end-user perspective. In doing so, it aims to understand the relationship
between IdMS and technology adoption.
Therefore, the initial research question that guided this study is: what factors affect the
adoption of identity management systems from the user’s perspective?
Thus, in order to answer this question, the following objectives were set:
- To understand the state of IdMS research through an examination of the existing IdMS
literature;
- To identify the factors that may affect the adoption of IdMS;
- To develop and validate a user adoption model of IdMS;
- To investigate and understand the perceived drivers and barriers of users to adopt IdMS.
1.3.1 The Scope of Identity Management Systems in this Study
This study focuses on Web-based IdMS, which is a new and novel IT artefact where emerging
technologies and business processes are integrated for the creation of identity-centric
approaches for the management of users, their attributes, authentication factors and security
privileges across the Internet within multiple websites (Hitachi ID Systems Inc 2012). This
study focuses on the new generation of identity management solutions: centralized IdMS (Web
SSO) and decentralized IdMS, which are referred to as federated identity management systems
Chapter 1: Introduction
9
(FIMS) (are discussed further in Chapter 2, Section 2.6.2). These two types of IdMS enable the
use of the same user data, managed identifiers (e.g. user names and passwords) and
authentication credentials across multiple websites, reducing the number of identifiers and
profiles with which a user has to deal (Dhamija & Dusseault 2008; Alpar, Hoepman & Siljee
2011; Landau & Moore 2012). The focus of IdMS here does not differentiate between the
access technology and services. They are treated holistically.
This study focuses on the initial adoption of IdMS where end-user beliefs and perceptions are
captured prior to adoption or after the first experience, with antecedents of usage for non-
experienced users (Karahanna, Straub & Chervany 1999). Because IdMS are in the early stage
and not many users have experience in using them (Wang, Chen & Wang 2012), initial beliefs
and perceptions are needed in a relationship in which the user does not yet have credible
information and solid knowledge about the technology (McKnight et al. 2002; Li et al. 2008).
The decision to willingly adopt a new technology is influenced by users’ initial beliefs and
perceptions of the technology characteristics (Moore & Benbasat 1991; Rogers 2003).
The aim of this study lies in understanding the factors that motivate an individual’s behavioural
intention to adopt IdMS. This study focuses on the individual level because the phenomenon of
individual adoption of IS/IT artefacts points to a widely-established and popular stream of IS
research (Jeyaraj, Rottman & Lacity 2006; William et al. 2009; Hoehle, Scornavacca & Huff
2012) and because the individual adoption decision is an important consideration in
standardization efforts (Nickerson & zur Muehlen 2006; Recker &Rosemann 2010) and will
ultimately determine the success of IdMS (Recker & Rosemann 2010). In addition, the
perceptions of IdMS from the individual perspectives are less well explored (Satchell et al.
2011). Moreover, suitable models or frameworks for understanding IdMS from user
perspectives are limited (Seltsikas & O’Keefe 2010; Jensen 2012).
This study follows the suggestions of Venkatesh and Brown (2001), Hong and Tom (2006) and
Venkatesh, Thong and Xu (2012) for a further research on phenomena that encompass specific
Chapter 1: Introduction
10
characteristics of IT and its usage in a consumer or non-work setting context (an IT artefact used
outside a specific organization). Studies using individual consumers in non-work settings are
limited, compared with previous studies where job relevance, mandatory organizational settings,
work experience and management influence are important (Lu, Yao & Yu 2005). Crowston et
al. (2010) argued that “IS scholars might be able to study new forms of experiences aided with
digital technology and their meanings in everyday life” (p. 3). Therefore, the suitability of
predicting individual, non-work related technology adoption behaviour is still worthy of
examination (Venkatesh & Brown 2001; Lu, Yao & Yu 2005; Hong & Tom 2006; Crowston et
al. 2010; Venkatesh, Thong & Xu 2012).
1.4 Overview of the Research Strategy
A four-phase approach was developed as a research strategy aiming to accomplish the research
objectives and to answer the research questions. The research approach designed and applied in
this study is shown in Figure 1.2. The study is divided into four phases as follows:
Figure 1.2: Research outline
Chapter 1: Introduction
11
The first phase aimed to determine the context and the focus of this study as well as reviewing
the literature relating to IdMS and IS/IT adoption which was suitable to guide the study. In this
stage, the research problems, the questions, gaps in the literature and the purpose of the study
were identified presenting the rationale of the study and clearly indicating why it was worth
conducting.
The second phase of the study focused on the conceptualization of the research model. In this
stage, the thorough literature review on IdMS and user adoption of IS/IT conducted in the
previous phase helped us to develop the research model based on interacting some existing
behaviour theories and technology adoption models in line with specific-context IdMS
characteristics and functions. This procedure provided the determinants and concepts for the
development of the conceptual model and hypotheses development.
The third phase developed the research instrument. In this stage, initial items were created (most
items were based on the literature and some were created especially for this study), and
construct and sub-construct domains were specified. This phase aimed to provide an extensive
purifying and refinement measurements process which included expert panels review, survey
pre-tests and a pilot study. The measurement was examined during these three phases in regard
to a set of criteria including face validity, content validity, reliability, convergent validity and
discriminant validity.
The final phase aimed to test the research hypotheses and evaluate the theoretical model. A
large scale-survey with a total of 332 samples from Facebook and LinkedIn users was
conducted for the main study. This was followed by the evaluation of the measurement and
structural models using confirmatory factor analysis with partial least squares (PLS) technique.
Chapter 1: Introduction
12
1.5 Research Contributions The key contributions of this study are as follows. Firstly, this is the first study of which we are
aware to empirically examine the adoption and use of IdMS. Secondly, the study provides a
better understanding of the characteristics and capabilities of IdMS. Thirdly, the study develops
a theory for better understanding the adoption and use of IdMS. From a theoretical perspective,
identifying antecedents of user adoption and usage of IT extends our current state of knowledge
(Karahanna, Straub & Chervany 1999; Bhattacherjee & Premkumar 2004; Crowston et al.
2010). IS literature is silent on how users form their initial attitudes toward new technologies
(Melone 1991; Karahanna, Straub & Chervany 1999; Bhattacherjee & Premkumar 2004).
Therefore, researchers have called for more focused perspective: the formation of consumers'
initial perceptions and beliefs, such as trust, in new IT artefact (Gefen, Benbasat & Pavlou
2008; Li et al. 2008; Luo et al. 2010).Although a growing body of IS/IT adoption research has
examined the formation of initial beliefs toward new IT, to date, very little research has been
directed at understanding the initial adoption of IdMS. This study synthesizes and extends the
previous work on innovation adoption research into the specific context of IdMS. It contributes
to a better theoretical understanding of the antecedents of user acceptance and user resistance to
adoption and usage of an emerging class of IT artefact, particularly IdMS.
From a practical perspective, knowing which factors are important for adoption and usage
enables systems designers and developers as well as providers to employ more targeted
implementation efforts (Karahanna, Straub & Chervany 1999). According to Kuechler and
Vaishnavi (2012), the design of technology artefacts comprises existing theories from diverse
research domains into the development of new technology. As this study has adopted a number
of behavioural and adoption theories to identify factors affecting user adoption of IdMS, it
provides implications and opportunities for creating or enhancing new IdMS. Furthermore,
Crowston et al. (2010) argued that expanding the boundaries of IS research has implications for
practitioners which researchers have to address. For instance, IS practitioners face a novel
challenge, that is, to make a case for investing in an innovation such as IdMS, which are
Chapter 1: Introduction
13
typically platforms that rely on third-party generated applications and content to complete them
(Crowston et al. 2010). In addition, IdMS providers and designers face the challenge of creating
policies (Hansen et al. 2004; Seltsikas & O‘Keefe 2010; Rossvoll & Fritsch 2013) in an
environment that resists adoption, especially at the individual level (Satchell et al. 2011).This
study addresses these challenges by providing an increased understanding of users’ perceptions
and concerns which, in turn, will provide IdMS practitioners with a tool that can be used to
develop mechanisms and strategies that will encourage IdMS adoption. Hence, the IdMS’
stakeholders can greatly enhance their efficiency and effectiveness. Finally, as identity
management is involved in many Web contexts (Mont, Bramhall & Pato 2003), this study
provides important implications for website developers which should be kept in mind for Web
users’ needs. More details on theoretical and practical contributions are presented in Chapter 8
(see Section 8.4).
1.6 Organization of the Chapters This thesis comprises eight chapters, beginning with this introductory chapter which provides a
snapshot of the current study. A brief overview of the chapters of this thesis is discussed in the
following sections:
1.6.1 Chapter 1: Introduction
The study starts with an introductory chapter (the present chapter) which provides the motivation
and the significance of the research, highlights the focus and the scope of this study and discusses
the research objective and question. This chapter also provides an overview of the research
strategy and contributions to the knowledge, and presents the structure of the thesis.
1.6.2 Chapter 2: Literature Review (Identity Management Systems)
Chapter 2 provides necessary background about IdMS and assesses the state of current IdMS
research. Firstly, this chapter provides a general overview of identity-related concepts.
Secondly, the chapter presents an overview of IdMS in terms of their definitions, composition,
characteristics and functions, and IdMS models. Finally, this chapter introduces the current
Chapter 1: Introduction
14
IdMS research, reviews the literature, identifies the extant gaps in IdMS context and emphasizes
some implications for future research directions into IdMS. This chapter also highlights the
IdMS setting of this study.
1.6.3 Chapter 3: Literature Review (Information System, Technology
Adoption)
Chapter 3 reviews the literature related to user adoption and innovation of IS/IT and Web-based
applications. Firstly, the chapter provides a definition of user adoption of new technology and
discusses the initial adoption stage which is the focus of this study. Secondly, this chapter reviews
a number of well-known models and behavioural theories on the user adoption of IS/IT that
provided theoretical foundations of this research. Thirdly, the chapter provides a review of the
literature on user adoption of Web-based services and technologies (WBST) and presents a
general analysis and the findings of the literature. Fourthly, the chapter discusses the factors
included in this study that affect user adoption of IdMS. Finally, the chapter highlights the overall
gaps identified in the literature and addresses the research questions.
1.6.4 Chapter 4: Conceptual Model and Research Hypotheses
Chapter 4 presents the development of the proposed conceptual model and the associated
hypothesis. This chapter provides an in-depth discussion of each construct in the model and the
development of the proposed hypotheses of this study. Drawing upon the existing theories along
with the context-specific attributes of the IdMS domain, this chapter develops and justifies the
research model and the related hypotheses.
1.6.5 Chapter 5: Research Design and Methodology
Chapter 5 discusses the research methodology. This chapter presents the selected research
paradigm and a discussion of key methodological considerations adopted for this study. The
chapter begins by introducing the positivist research paradigm and the use of the quantitative
method and online survey, followed by explaining the procedure for sampling and collating the
Chapter 1: Introduction
15
research data. The chapter then describes the statistical techniques used to validate and analyse
the data as well as to estimate the parameters of the research model.
1.6.6 Chapter 6: Instrument Development
Chapter 6 outlines the development and validation procedure of the research instrument. This
chapter begins with an explanation of the development of the initial pool of items used in this
study. Then, this chapter describes the initial measurement refining procedures with the expert
panels and survey pre-test phases and discusses the survey design. This is followed by a
discussion on the measurement model specifications (the use of reflective or formative
modelling). Finally, this chapter discusses the pilot study and refinement of the measurements.
1.6.7 Chapter 7: Data Analysis and Results
Chapter 7 presents the results of the main study test of the research model and related
hypotheses. The chapter describes the details emerging from the main survey. This is followed
by in-depth data analyses of the first-order measurement model and the higher-order
measurement model in terms of reliability and validity. Finally, the chapter discusses
hypotheses testing findings and the evaluation of the research model.
1.6.8 Chapter 8: Discussion and Conclusions
Chapter 8 presents the empirical findings, theoretical and practical contributions of the current
study. The chapter outlines the answers to the research questions and discusses the research
hypotheses. It also presents research limitations and future directions. This chapter is organized
as follows. Firstly, the chapter presents a review of the objectives and research questions of this
study. This is followed by a discussion of the empirical findings which address the answers of
the research questions.Then it discusses contributions and implications of the study for both
theory and practice. Next, the chapter discusses the limitations of the study and provides future
directions for further research. Finally, the chapter highlights concluding remarks for the study.
Chapter 2: Literature Review (Identity Management Systems)
2.1 Introduction Given the multidisciplinary nature of IS research and particularly of this study, it is necessary to
identify the informing disciplines and the interdisciplinary field that will structure this research
(Benbasat & Weber 1996; Webster & Waston 2002).The literature review demonstrates that
little is known about user adoption of identity management systems (IdMS). Therefore, two
main bodies of relevant literature and their particular correlated sub-disciplines have been
considered: 1) identity management (IdM) and IdMS; 2) user adoption of IS/IT (UAIS/IT) and
user adoption of Web-based services and technologies (UWBST). Figure 2.1 shows a schema of
the scope of this literature review.
Figure 2.1: Informing disciplines (map of the literature review)
The IdMS literature has its foundations in identity management. Therefore, we provide a review
of the foundations of identity management. The main objective of reviewing IdMS literature is
to provide an overview of IdMS and assess the current IdMS research. It seeks to review the
pre-existing and ongoing work on IdMS that has been conducted in a variety of fields such as
IS/IT and computer science over the last decade. This study attempts to characterize the
development of and the relationships among extant research studies in IdMS. It also discusses
Chapter 2: Literature Review (Identity Management Systems)
17
some gaps in the research which represent future implications and opportunities, in order to
build a strong research tradition in this emerging area.
The aim of IS/IT and Web-based services and technologies (WBST) adoption literature review
is to establish the theoretical foundation of this study by reviewing a number of models and
theories on user adoption of IS/IT, and identifying factors that affect individual acceptance of
these technologies. Because of the lack of studies on user adoption of IdMS and this study
focuses on Web-based IdMS, we believe that the literature associated with IS/IT and WBST
might offer valuable insights into innovative IdMS adoption because of the similarity in terms
of human users interacting with these systems. This chapter (Chapter 2) discusses the literature
related to IdMS studies, while Chapter 3 presents the literature review associated with user
adoption of IS/IT research.
The chapter is organized as follows. Section 2.2 provides a general overview of identity-related
concepts. Next, the chapter presents an overview of IdMS in terms of its stakeholders
(Section 2.3), definitions (Section 2.4), functionality characteristics of IdMS (Section 2.5), and
trajectory of migration from proprietary identity to open identity exchange and types of IdMS
models (Section 2.6). Section 2.7 outlines the security of IdMS and the attacks on online
identity from the end-user perspective. Section 2.8 introduces the current IdMS research. Then,
it discusses the method used to gather and analyze the data. The findings of the analysis are then
presented and discussed. The section’s conclusion identifies the extant gaps in the IdMS context
and highlights some implications for future research directions on IdMS. Section 2.9 highlights
the IdMS landscape adopted in this study. Finally, Section 2.10 provides a summary of this
chapter.
Chapter 2: Literature Review (Identity Management Systems)
18
2.2 The Concepts of Identity This section provides an overview and definitions of identity concepts that are within the IdMS
context and relevant to the current research.
2.2.1 Identity
Identity is responsible for determining access rights to sensitive resources for users. An identity
describes an entity (a person, a computer or an organization, etc.) within a particular domain. An
identity domain is a scope in which each identity is unique (Josang & Pope 2005). Formally, the
identity of an entity within a domain consists of the set of all attributes (unique or non-unique
identifiers) such as those that have been attributed to the entity within the particular domain.
Some of these attributes include personal details, social information, financial information, etc.
The assumption is that a single identity cannot be related to more than one entity. Shared
entities may exist, such as a family identity that corresponds to some people in a family unit.
Nevertheless, the service provider deals with one real world entity (the family) and not with
multiple individuals (Josang & Pope 2005). According to Cao et al. (2011), the definition of an
identity is “the representation, proofs and credentials of user entities which should be provided
to applications and services, and being used to distinguish users from each other and provide
different privileges to different users corresponding to particular contexts” (p. 647). The
relationship between entities, identities and characteristics or identifiers is presented in
Figure 2.2. This study refers to identity information as a set of attributes (along with their
values) describing properties and relevant aspects of an entity (Mont, Bramhall & Pato 2003).
This information is dynamic, which means the set of attributes and their values can change over
time.
Chapter 2: Literature Review (Identity Management Systems)
19
Figure 2.2: Correspondence between entities, identities and characteristics/identifiers
(Source: Josang & Pope 2005, p. 79)
2.2.2 Online Identity
A digital identity or online identity is a digital representation of one or more principles that are
unique to that principal (or group), and that act as a reference to that principal (or group) (Kim,
Zheng & Gupta 2011). In terms of its content, most scholars refer to digital identity as related to
a set of identity information, that is, data relating to a person. Roussos, Peterson and Patel
(2003) declared that digital identity is the electronic representation of personal information of an
individual or organization (name, phone numbers, address, etc.). It refers to how people are
identified on computer systems and over the Internet (Josang & Pope 2005). An individual’s
digital identity may include many different identities issued by many different providers, and
these will be used and trusted by the organization that issued them.
2.2.2.1 Online identity vs. offline identity Some researchers (e.g. Turkle 1997; Kim, Zheng & Gupta 2011) emphasized that an
individual’s identity in an online context would be diverse from (and may not necessarily be
linked with) her/his identity in an offline context. Online identity differs from offline identity in
some aspects (see Table 2.1).
Chapter 2: Literature Review (Identity Management Systems)
20
Table 2.1: Comparison between offline identity and online identity (Source: Kim, Zheng & Gupta 2011, p. 1762)
Dimension Offline identity Online identity Context Face-to-face World Wide Web
Development The development of an offline identity requires considerable time and effort since a person has to build relationships and friendships that portray his or her identity
The development of an online identity is relatively fast because a person exhibits the identity that he or she wishes to portray
Control One cannot control how others perceive oneself. One cannot hide his or her name and other personally identifiable information
The portrayal of one’s identity is under one’s control. One can hide his or her personally identifiable information
Presentation It is difficult to hide one’s identity, and one’s identity is revealed in due course through interactions with others
One can portray his or her identity selectively and differently to different groups of people
Constraints One’s physical situation plays a strong role in defining one’s identity. For example, a poor person may not be able to form an identity amongst rich people
One’s identity is dependent on the characteristics of the system one is using
2.2.3 Partial Identity
An individual can represent a subset of identity information (attributes), which is often referred
to as partial identity. Identity attributes are utilized to express the contents of digital identities or
partial identities (Lips & Pang 2008). Partial identities represent a person in a particular context
in the online environment (McLaughlin, Briscoe & Malone 2010).The concept of partial
identity was introduced by Roger Clarke in 1993, not for privacy-enabling identity
management, but for surveillance (Clarke 1993). Figure 2.3 describes the relationship between
the user and a group of different identities.
Figure 2.3: Identity and partial identities of an exemplary user (Source: Borcea-Pfitzmann et al.
2006, p. 120)
Chapter 2: Literature Review (Identity Management Systems)
21
2.2.4 Identity Management
The term ‘identity management (IdM)’ has become widely used, both in academia and in
practice. However, a commonly accepted meaning for the term is lacking. This lack of a
common understanding can be clarified by the fact that IdM is quite a new term whose meaning
has not yet been completely established (Lips & Pang 2008). The literature indicates that IdM is
strongly related to processes in emerging digital environments (Lips & Pang 2008; Ferdous &
Josang 2013). Another definition of IdM described it as the framework and system used in
computer or communication systems to control identity (Dabrowski & Pacyna 2008). Josang,
Al-Zomai and Suriadi (2007) defined IdM as a process of representing and recognising entities
as digital identities in computer networks. IdM includes procedures, policies and technologies to
provide access and privileges to users through authentication schemes (Lee 2003; Ferdous &
Josang 2013).
2.2.5 Identity Theft
Identity fraud and identity theft are main concerns for consumers who regularly interact online.
These two terms are often used interchangeably. Identity fraud refers to a number of crimes
relating to false identification, that is, to the use of identification belonging to someone else
(Koops & Leenes 2006). Identity theft includes using the personally identifiable information of
another person (Finklea 2012). Both identity fraud and identity theft are crimes often committed
in relationship with other breaches. However, identity theft may include the extra element of
victimization because this form of fraud may directly influence the life of the victim (whose
identity was stolen) and involve defrauding third parties, such as providers, customers, financial
institutions, etc. (Finklea 2012).
2.2.6 Identity 3.0
Identity 3.0 is a tool of new world identity (Siegel 2009). Identity 1.0 was the world of physical
documentation such as ID cards, signatures and fingerprints. Identity 2.0 was user names and
the passwords used on diverse websites and for accessing a myriad of services (El Maliki &
Chapter 2: Literature Review (Identity Management Systems)
22
Seigneur 2007). Identity 3.0 tools encompass more global identifiers, such as OpenID and
information cards or InfoCards (see Appendix 2.1) (El Maliki & Seigneur 2007; Siegel 2009).
According to Sigel (2009), some basic principles of Identity 3.0 include:
• Online, the user is in the centre: websites and services cluster around the user who is
always logged in.
• Fewer passwords are better, but the user can have as many passwords as he/she likes.
• Third-party brokers will assist users in connecting with others with the understanding that
this will occur without the broker giving away sensitive information.
• Users authorize third parties to do only what they want them to do on their behalf and
nothing else.
• The user can create as many identities as he/she wants: each identity gives access to its
own services and communities.
• Identity 3.0 tools help prevent phishing, fraud, identity theft and other common cyber-
crimes.
2.3 Stakeholders of Identity Management Systems Diverse stakeholders participate in the IdMS in different ways. Their participation can be
classified by roles, taking into consideration that any individual participant or set of participants
can play multiple roles (both at the same time and at different times) (Cameron, Posch &
Rannenberg 2009). These roles within the IdMS are the following:
• Users: users are also known as subjects who are users of digital services. Subjects may
act on their own behalf (as individual citizens or customers) or in roles within
organizations, companies or government departments. Users are provided with Web-
based forms to complete their identity information. It is dependent on the Web systems
and by their intended usage of the services that their information is completed
facilitating their profiling. Users’ information is authenticated through various
Chapter 2: Literature Review (Identity Management Systems)
23
techniques. Users can also be businesses registering on various Web portals and
developing their business profiles.
• Identity Providers (IdPs): identity providers issue identities. For example, individuals
might use self-issued identities in contexts such as signing on to websites; credit-card
providers might issue identities that enable payment; businesses might issue identities to
their customers; and governments might issue identities to citizens. The IdPs
authenticate the user’s security and identity information and enable the implementation
of credible information credentials (Cameron, Posch & Rannenberg 2009). These
authenticated user profiles can be easily used through other partners of the system. The
process of authenticating the user information allows the users to access the resources
of service providers sharing a similar platform (Bertino & Takahashi 2010).
• Relying Parties (RPs) or Service Providers (SPs): these are an individual,
organization or service that depends on claims issued by a claims provider about a user
to control access to and personalization of services. The SPs are also the subscribers of
the identity providers and they allow the retrieval and submission of the identity
information through the Internet. These service providers store the user information
using the Web server and secure networks (Bertino & Takahashi 2010). The access
rights provided to access specific information regarding the identity of a user are
provided under limitations set by the service provider and the user.
2.4 Definition of Identity Management Systems Authentication and identification are basic processes of business procedures, technologies and
policies that enable organizations to control and manage their users’ access to critical online
applications while protecting personal business information from unauthorized users (Todorov
2007). Identification (who are you?), authentication (how do we know?) and authorization (what
services and transactions are available to you?) encompass part of identity management and are
implemented through an identity management system (Munkwitz-Smith & West 2004; Todorov
2007).
Chapter 2: Literature Review (Identity Management Systems)
24
The concept of identity management systems (IdMS) is broad and complex because the different
stakeholders’ concerned (users, identity providers and service providers) have different
requirements and different perspectives (Lips & Pang 2008; Alpar, Hoepman & Siljee 2011;
Karch 2011). In addition, IdMS can relate to systems with both a high and low level of security.
Also, IdMS come in the form of user-controlled systems, but are controlled by organizations or
governments (Poetzsch et al, 2009). Moreover, IdMS can be ‘anonymously credential-based’ or
‘token-based’ , meaning that some of these systems rely on the mediation between the user and
service providers, while other systems enable the users create their identity from anonymous
credentials (Poetzsch et al, 2009). Therefore, IdMS have been defined in different meanings and
understandings. IdMS have been defined as the integration of important personal information
from multiple systems into one collaborative and unique identity (Meints & Zwingelberg 2009;
Ferdous & Josang 2013). Cao et al. (2011) defined IdMS as the system, method, rule and policy
that implements identity authentication, authorization management, operation audit and access
control which are based on digital identity. IdMS represent solutions that are employed to
manage end-user authentication, access rights and restrictions, account profiles and other
attributes that provide an individual with more control over his/her identity information (Mont,
Bramhall & Pato 2003). Lee (2003) defined IdMS as the process, policies and emerging
technologies used to manage information about the identity of users and to control access to
online resources (Lee 2003). The goal of IdMS is to foster productivity and security while
lowering the costs related to managing users and their identities, credentials and attributes
(Jensen & Jaatun 2013).
Furthermore, the Future of Identity in the Information Society (FIDIS) (http://www.fidis.net/)
network states that identity management is “the management of digital identities or digital
identity data,” in which there are three main categories or “tiers” of IdMS (Bauer, Meints &
Handsen 2005, pp. 13-14):
a. T1: IdMS for account management, implementing identification,
authentication and authorization.
Chapter 2: Literature Review (Identity Management Systems)
25
b. T2: IdMS for profiling of user data by an organization, e.g. detailed log
files or data warehouses that support, e.g. personalized services or the
analysis of customer behaviour.
c. T3: IdMS for user-controlled context-dependent role and pseudonym
management.
2.4.1 Definition of Identity Management Systems in this Study
As was discussed previously, IdMS is a broad concept and has been defined using diverse
meanings and terminologies. The conceptualization of IdMS concepts is difficult (Seltsikas &
O’Keefe 2010), and consolidated terminology and terms for this field do not yet exist
(Pfitzmann & Hansen 2010). For this reason, it is important to provide a clear and extended
definition as well as in-depth understanding of IdMS that fits the study scope:
This study focuses on Web-based IdMS and defines IdMS as the business processes, policies and
emerging technologies for the creation, maintenance and use of online identities across the
Internet and within online service providers. IdMS are services available on the Web that
enable users to create and manage their online identities. In the offline world, a person carries
multiple forms of identification in her or his wallet, such as driver's licence, health insurance
card, credit cards and affinity cards such as frequent flyer and loyalty cards. Similarly, IdMS
enable individuals to create a number of digital cards which they use to identify themselves with
Web services that accept them. If a user subscribes to an identity management service, they can
access websites affiliated with the identity management service. The user can manage their
identity information among various websites in an integrated way through this service. (This
definition is adapted from: Lee 2003; Poetzsch et al. 2009; Pfitzmann & Hansen 2010; Hitachi
ID Systems Inc 2012; Ferdous & Josang 2013).
IdMS are denoted as systems which are used to manage end-user authentication, access rights
and implement restrictions. The account profiles of users are also managed through the usage of
the system. IdMS enable the provision of control to the end-users in order to create, alter, edit
and manage their online profiles. The concept of online identity is based on the phenomenon of
Chapter 2: Literature Review (Identity Management Systems)
26
physical identity, and it allows the creation and management of the identity of an individual or
an enterprise over the Internet to provide a single platform.
Citizens of different societies are required to obtain a number of documents clarifying their
identity and information regarding a number of personal attributes. These identity profiles are
documented in the form of their identity cards, driving licences, insurance records and health
information. It is also required in the real world that the personal information associated with
the profile of an individual be maintained and safeguarded. This is followed through in the
concept of maintaining online identity through the usage of IdMS.
IdMS have allowed the creation of a number of digital identities through which users are
facilitated in identifying their existence in the cyber world. The subscribers of an identity
management system are allowed to maintain their profile and are allowed to access the Web
services associated with the IdMS. The unique identity of an individual is used to maintain
personal information associated with the virtual profile. It also allows the maintenance of
confidential information regarding the profile.
The service is offered through the effective usage of an integrated approach allowing the users
to access various online services through various service providers. The integration of the IdMS
and expansion of the affiliated websites depends on the subscription of the similar system. The
real-world examples of the IdMS can be explained in terms of a single log-in allowing various
services to be accessed through a single log-on, for example, Facebook connect, PayPal Access
and Microsoft Passport.
A number of technological advancements are used to integrate the usage of the affiliated
websites. These websites are either maintained through the same IdMS, or through partner
companies’ websites. However, there is also a possibility of a number of companies using
similar IdMS and enabling each other’s access to the system. The access rights of the user are
also a notable concern in the system.
Chapter 2: Literature Review (Identity Management Systems)
27
2.5 Characteristics and Features of Identity Management Systems
2.5.1 The Laws of Identity
IdMS are based upon a set of principles called the Laws of Identity (Cameron 2005). The laws
were proposed, debated, and distinguished through a long-running, open and continuing
dialogue on the Internet. They have been widely acknowledged both in academia and in
practice. These seven essential laws explain the successes and failures of IdMS that can be
applied to identity on the Internet (Bertocci, Serack & Baker 2007; Adje & Olesen 2011). IdMS
functionality is based on these laws (Bertocci, Serack & Baker 2007; Poetzsch et al. 2009). The
implication of these laws is discussed further in chapter 4 (see Section 4.10.2).The laws are
summarized in Table 2.2.
Table 2.2: The Laws of Identity (Source: Cameron 2005) Law Explanation
User Control and Consent Identity systems must only reveal information identifying a user with the user's consent.
Minimal Disclosure for a Constrained Use
The identity system must disclose the least identifying information possible, as this is the most stable, long-term solution.
Justifiable Parties
Identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
Directed Identity
A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
Pluralism of Operators and Technologies
A universal identity solution must utilize and enable the interoperation of multiple identity technologies run by multiple identity providers.
Human Integration
The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human–machine communication mechanisms offering protection against identity attacks.
Consistent Experience across Contexts
The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.
2.5.2 Functions of Identity Management Systems
This section investigates and provides the basic functions of IdMS that represent the principal
design attributes of IdMS. These functions are as follows:
Chapter 2: Literature Review (Identity Management Systems)
28
Access, control, and creation management: IdMS are used in computers and
communications to access specific services and to control the management of identity.
The principle of designing IdMS was to put users into the middle of transactions
between identity providers and relying parties in a user-centric IdM paradigm. This
paradigm moves the control of digital identities from service providers (SPs) to the
users. Thus, users can decide which identities are required to be shared with other
trusted parties and under what circumstances (Cao & Yang 2010). IdMS integrate many
technologies employed in a user’s identity management and resource access control
(Bertocci, Serack & Baker 2007; Vossaert et al. 2013). IdMS provide creation,
maintenance and deletion of user identities, which represents the lifecycle of identity
management (Bertocci, Serack & Baker 2007; Dhamija & Dusseault 2008; Poetzsch et
al. 2009; Cao & Yang 2010).
Mobility: Mobility is a fundamental characteristic of IdMS and one of the user
requirements that IdMS supports (Roussos, Peterson & Patel 2003; Cao & Yang, 2010).
Roussos, Peterson and Patel (2003) divided mobility in digital identity into three forms:
device-to-device, location-to-location and context-to-context. They argued that these
three modes of mobility are not isolated but, more often than not, are different modes.
The context-to-context form is “where a person receives services based on different
societal roles: as a professional, as a sports fan, as a parent and so on” (Roussos,
Peterson & Patel 2003, p. 87). Identities are situated within particular contexts, roles,
relationships and communities (Roussos, Peterson & Patel 2003; Satchell et al. 2011).
Identity information can be disclosed, accessed and used by a number of stakeholders in
one or more contexts, including personal, social, e-commerce, government, etc. (Mont,
Bramhall & Pato 2003). This can happen via different systems, including enterprise
systems, personal appliances and Web services. IdMS enable the user to make decisions
about her/his digital identity. In that regard, the user can choose which identity will be
used to log on for a service (Poetzsch et al. 2009). For instance, payment information
Chapter 2: Literature Review (Identity Management Systems)
29
may be held at an associated bank and health information may be held at an associated
hospital and so on. In device-to-device mobility, an individual can use IdMS to gain
access to identity information and resources while using different devices such as an
office computer or a mobile (Roussos, Peterson & Patel 2003). Location-to-location
mobility is defined here as the geographic range of location (locatability) from which
users can access and use their digital identities (Roussos, Peterson & Patel 2003). Users
can access, control and manage their digital identity from anywhere and at any time
with complete freedom (Todorov 2007; Poetzsch et al. 2009).
Minimal disclosure: This is the ability to disclose the least amount of identifying
information and to limit its use (Cameron 2005). Cameron (2005, p. 7) stated that the
“aggregation of identifying information also aggregates risk. To minimize risk,
minimize aggregation”. For example, the Information Card or InfoCard (Windows
CardSpace) allows the user to create a personal card with self-asserted claims (for more
details see Appendix 2.1). InfoCards restrict the contents of personal cards to non-
sensitive data, such as that published in telephone directories. At this time, personal
cards support only 14 editable claim types, such as first name, last name, email address,
street, city, state, postal code, country/region, etc. (Al-Sinani, Alrodhan & Mitchell
2010). A set of personal data inserted in personal cards is stored in encrypted form on
the user machine as a “security token”.
Human interaction: Cameron (2005, p. 10) viewed “the human user [as] a component
of the distributed system integrated through unambiguous human–machine
communication mechanisms offering protection against identity attacks”. IdMS enable
identities to be used within systems based on different technologies. Certificate
technologies such as public key infrastructure (PKI) and X.509 certificate tool are often
used to implement this functionality (Balasubramaniam et al. 2009; Birrell & Schneider
2012). Certificate technologies involve software, hardware and policies to create and
Chapter 2: Literature Review (Identity Management Systems)
30
manage the electronic messages that are used to confirm that a third party is as claimed.
A trusted third party―the certificate authority―is used to prove identity and credentials
(Balasubramaniam et al. 2009). Most IdMS are implemented and can be used for
multiple operating systems such as Microsoft Windows and Linux. Furthermore, they
can be integrated with different browsers such as Internet Explorer and Google Chrome.
Operating systems and Internet browsers interoperate with certificate technologies. This
makes it easy for users to operate and configure IdMS correctly and securely (Dhamija
& Dusseault 2008; Poetzsch et al. 2009).
Consistent user experience: IdMS interfaces aim to provide a consistent user
experience for the management of digital identities. They provide the user with an
overview of the site information and with the certificate that has been issued to the
service provider (Poetzsch et al. 2009). Moreover, the user can create, select and delete
his/her own identity, providing end-users with a simple and consistent experience of
handling their identities over a number of contextual identity choices.
Authentication and authorization: Authentication provides confidence that the user is
the one who was intended to use the particular identifier (Satchell et al. 2011). This is
not just user authentication; instead, IdMS provide mutual authentication, which assures
the identities of both participants (user and service provider). From the IdMS
perspective, users have to authenticate their identities to websites, and websites should
authenticate themselves to the user (Poetzsch et al. 2009). Authorization establishes
privileges and permissions for the user (Satchell et al. 2011). In addition, IdMS enable
only the parties involved in the transaction to access information. By ensuring that users
do not provide their information to a phishing site, the system’s trustworthiness is
enhanced.
Anonymity and pseudonymity: A pseudonym is an identifier of a subject other than
one of the subject’s real names (Pfitzmann & Hansen 2010).Unique pseudonyms can be
Chapter 2: Literature Review (Identity Management Systems)
31
used as identifiers for online identities which make it easier to handle and to reuse
online identities (Clarke 1999). Anonymity is stronger, but it is the least known
regarding the linking to a subject (person) (Pfitzmann & Hansen 2010). Anonymity can
be described as a particular kind of unlinkability. Whereas anonymity is the least known
with respect to linkability to a subject, pseudonymity consists of all degrees of
linkability to subjects (Clarke 1999). Many online transactions can be carried out
pseudonymously or anonymously (Satchell 2011). Studies show that Internet users who
are very concerned about their privacy are not willing to provide personal information:
they want more anonymous transactions (Koch & Woerndl 2001; Satchell 2011). Koch
and Woerndl (2001) argued that IdMS “allow people to define different identities, roles,
associate personal data to it, and decide whom to give data and when to act
anonymously” (p. 2). Anonymity can be used for persistent communication, and
profiles can be associated with it. IdMS frequently assume that the identity provider
knows the anonymous user’s identity and that the identity provider assigns the
anonymity (Pfitzmann & Hansen 2010; Satchell 2011).
Identity provisioning (self service): This refers to the definition, creation and
management of identity information in electronic relationships between individuals and
the organization for account creation and maintenance purposes (Maler & Reed 2008).
Identity provisioning provides portals (including self-service portals) for aspects of
identity management (Balasubramaniam et al. 2009). This functionality can be
implemented by using user registration or enrolment and several levels of assurance that
the user is who they claim to be (pre-authentication) (Satchell et al. 2006). For example,
in online banking, the account owner is required to provide a user ID, a password or
biographical information that is associated with the account (Balasubramaniam et al.
2009).
Chapter 2: Literature Review (Identity Management Systems)
32
Single sign-on/single sign-off: This function allows a user or a system to provide
identification, a password and other information to gain access to multiple resources
(Balasubramaniam et al. 2009). The offerings of the single sign-on system allow the
users to create a log-in on one system and to gain access to related systems at the same
time. The facility enables the users to avoid multiple log-in attempts and the efforts of
repeatedly providing identity authentication information. These resources are effective
where a federated site log-on is administrated. The coalition of resources is available for
users through the single authentication system allowing users to validate their
information at once (Armando et al. 2013). The major techniques used to implement the
federated SSO are the Kerberos-based system and the smart card system (Bertino &
Takahashi 2010; Baldoni 2012). The Kerberos system utilizes the technique of ticket
granting ticket (TGT) in order to allocate credentials, whereas the smart card sign-on
technique makes use of the smart card to log-in to the system (Bertino & Takahashi
2010). This function can also be implemented through technologies such as Security
Assertion Mark-up Language (SAML).
2.6 The Trajectory of Identity Management Systems Migration Users are allowed to create their profiles using the services of various service providers. They
are also entitled to manage these profiles which serve as their online profiles. These profiles are
quite popular in the Internet world such as on social networks. The sharing of the profiles is also
a unique advantage of the service. The online identities through various service providers also
enable the profile information to be accessed through various websites. The exchange of the
identity information allows the migration of the profile information from one platform to
another upon the mutual agreement of users and service providers (O'Brien, Merson & Bass
2007; Armando et al. 2013). However, it is also noted that on various occasions users are
provided with a minimal control over using their services with other website. The trajectory of
the IdMS migration can be understood in relation to the proprietary system and the openness of
Chapter 2: Literature Review (Identity Management Systems)
33
the system to exchanging identity information (Cameron, Posch & Rannenberg 2009; Bertino &
Takahashi 2010).
2.6.1 From Proprietary Identity to Open Identity Exchange
The openness of the IdMS is regarded as the interoperability of the systems, and the user’s
identity is provided to various service providers through the network (Cameron et al 2009).
Interoperability of IdMS refers to the ability to use identity information from one system in
another system (Halperin 2006).The Internet presence of the users is shared with the associated
partners (Bertino & Takahashi 2010). The exchange of information to authenticate the usage of
the service has benefits and limitations at the same time. The open systems architecture is used
to share information across various partner websites.
The platform used to collect information regarding the usage of the proprietary identity is
known as the closed or proprietary systems architecture (Bertino & Takahashi 2010).The closed
or proprietary architecture are denoted as a system which is not available openly and where the
proprietor manages all aspects of the system. The filed security hardware of these systems
cannot be interchanged. This allows the single developer enterprise to design, develop and
maintain the system within the provided framework, and the sharing of the system is not
applicable. The end-user’s security is ensured by the service provider, and the system does not
allow the sharing of information with other organizations (Hovav & Berger 2009). In principle,
the proprietary identity is managed through the prime service provider and openness in the
system is not allowed. This enables the organization to handle security, access rights and
information privacy within the closed architecture. Identity management architecture could be
client-based, server-based or networked-based (Hovav & Berger 2009). The shortcomings of the
system are represented as the non-exchange of information. However, the standard operating
systems, proprietary applications and data gathered through proprietary protocols are integrated
to provide end-user security.
Chapter 2: Literature Review (Identity Management Systems)
34
The integration of IdMS and its application for users with regard to the sharing of information
require the establishment of open architecture (O'Brien, Merson & Bass 2007). The
requirements for the open architecture system can be achieved through the implementation of
security standards for creating, updating and maintaining the identity information of end-users
based on multiple underlying technologies, implementations and providers (Adje & Olesen
2011). These requirements can only be fulfilled after the implementation of a universal
application of standardized models for information and identity security (Bertino & Takahashi
2010). This open exchange of information should have its security system based on the
implementation of techniques and practices for ensuring key personal information. The
exchange of identity information and its usage through various websites allows service
providers to allocate a certain level of access to subscribers (O'Brien, Merson & Bass 2007).
The connectivity of the profiles through various Web systems is also an important aspect of
IdMS (Poetzsch et al. 2009; Bertino & Takahashi 2010).
The phenomenon of interest in this study is the management of online users’ identities on the
Internet. As was discussed previously in Section 2.3, a typical IdMS consists of three parts:
user; service provider (SP) and identity provider (IdP). Using this three-part framework, we
next analyze the relative openness of three types of IdMS: isolated model, centralized model
(Web single sign-on) and decentralized model. These three models characterize the trajectory of
IdMS since they have different standards and platforms with relatively different degrees of
openness (Josang & Pope 2005; Dhamija & Dusseault 2008; Poetzsch et al, 2009; Scudder &
Josang 2010; Alpar, Hoepman & Siljee 2011; Ferdous & Poet 2012). The purpose of adopting
an IdMS is to manage different identities with multiple Web services. Towards this end, an
IdMS user needs to establish a relationship with an IdP and SP in place. These parts are
described in the following section.
Chapter 2: Literature Review (Identity Management Systems)
35
2.6.2 Identity Management System Models
The extant literature identified several types of models of IdMS (Bauer et al 2005; Josang &
Pope 2005; Dhamija & Dusseault 2008; Lips & Pang 2008; Cao & Yuan 2010; Alpar, Hoepman
& Siljee 2011; Ferdous & Poet 2012). This study chooses to make the distinction and
classification of three types of model – isolated model, centralized model and decentralized
model – as we focus on the latter two approaches, and because of their differences in
architecture and standards and their different impact on security, privacy and usability issues
(Josang & Pope 2005; Dhamija & Dusseault 2008; Scudder & Josang 2010; Birrell & Schneider
2012).
2.6.2.1 Isolated model In the isolated model (also called the silo model and server-based model), SPs play the role of
service provider and of identity provider at the same time which means that all identity
information storage and user operations are done by a single enterprise (Josang & Pope 2005;
Hovav & Berger, 2009). The functions of SP and IdP in this scheme are integrated together and
users have no control of the privacy requirements of their identity or of related attributes (Hovav
& Berger 2009; Cao & Yaun 2010). The online services are maintained through the usage of a
unique identity in each Web service so the application of standards is not applicable. Each user
will have separate unique identifiers such user names and passwords (Josang & Pope 2005).
This model is not a complex system and is easy to deploy but it has limitations: with the growth
of online services, users have to remember and manage a large amount of identity information.
These systems use closed architecture which does not allow for the sharing of information with
other organizations (Meints 2009). In this model, the identity management architecture is
proprietary, application-driven and server-based (Hovav & Berger 2009). For example,
Facebook.com or Amazon.com each maintains its own users’ identity information. This
approach is illustrated in Figure 2.4. That is, a user often has many digital identities, each of
which is managed by a different provider and requires its own resources. Therefore, the
applicability of the standards and services is limited in online services.
Chapter 2: Literature Review (Identity Management Systems)
36
Figure 2.4: Isolated IdMS Model (Source: Josang & Pope 2005, p. 80)
2.6.2.2 Centralized model Centralized IdMS are relatively closed systems, requiring relationships between the IdPs and
SPs to be established in advance (Dhamija & Dusseault 2008).They are also known as network-
based IdMS (Alpar, Hoepman & Siljee 2011) or browser-based IdMS as they operate within a
Web browser (Wang, Chen & Wang 2012). In centralized IdMS, a single authority acts as the
IdP which authenticates users, issues identity tokens and provides leverage across different
organizations (Josang & Pope 2005; Dhamija & Dusseault 2008). These systems provide the
single sign-on function that allows users to create a log in one system (online provider) and gain
access to the related systems (multiple websites) without having to remember multiple log-ins
and without having to fill in multiple forms to sign up, thus these systems called Web Single
Sign-On (SSO) (Wang, Chen & Wang 2012; Armando et al. 2013). Examples of this model
include Microsoft Passport (www.passport.net); Yahoo's Browser-Based Authentication
(BBAuth) (http://developer.yahoo.com/auth); Shibboleth (http://shibboleth.internet2.edu)
Google ID (https://developers.google.com/commerce/wallet/online/sso); Facebook Connect;
and other Web SSO systems such as OpenID 1.0 (www.openid.net) and PayPal Access
(https://www.x.com/developers/paypal/products/paypal-access) (for more details of some of
these technologies see Appendix 2.1).
Figure 2.5 describes the centralized IdMS model presenting its scenario and its operation:
Chapter 2: Literature Review (Identity Management Systems)
37
1. The user wants to access a Web site and she/he requests a service e.g. by clicking on a
"log-in" button;
2. The SP answers with a redirect to the IdP;
3. The users’ browser is then directed to the IdP and includes the authentication request
from the SP (e.g. username / password);
4. After successful authentication ,the IdP answers with a redirect, back to the SP;
5. The users’ browser links to the SP indicating that it has been authenticated;
6. The SP makes a request to the IdP asking if it is true that the user has been
authenticated;
7. The IdP confirms the request and exchanges additional information;
8. The SP answers the users’ browser and enables the user to have access to the SP site.
Figure 2.5: Centralized IdMS model
2.6.2.3 Decentralized model Decentralized IdMS or claim-based IdMS do not require previous relationships between IdPs
and SPs. Therefore, no direct exchange of information occurs between SP and IdP which thus
gives the user more control over the exchange of his/her identity information (Dhamija &
Dusseault 2008; Alpar, Hoepman & Siljee 2011). Here, decentralized IdMS specifies the user
information that they need in order to be granted access via SPs. The user decides to conform to
that request, by getting claims from IdPs. A claim (also called an identity selector) is a
statement about a user (similar to an attribute) which is expressed and signed by an IdP (Alpar,
Chapter 2: Literature Review (Identity Management Systems)
38
Hoepman & Siljee 2011). Decentralized IdMS can have more than one IdP: these could be the
user, an SP that also could be an IdP, a cooperating group of SPs, or a single IdP (Dhamija &
Dusseault 2008).
Figure 2.6 describes a decentralized IdMS model and illustrates its scenario which is stated as
follows:
1. The user requests a service;
2. SP sends the policy specifying to the user the information that it needs: e.g. SP website
redirects the user to a log-in page;
3. The user chooses a specific identity (claim) that fulfils the requirements of the SP and
authenticates himself to an IdP;
4. The user receives the claim from the IdP;
5. The user forwards the claim to the SP;
6. The user is granted access.
These systems need to share platforms and protocols to exchange identities and assertions of
authorization between IdPs and RPs (Dhamija & Dusseault 2008). These systems are open
platform that support both uniform resource locator (URL) and extensible resource identifier
(XRI) user identifiers (El-Maliki & Seigneur 2007). A URL uses an Internet protocol (IP) or
domain name system (DNS) resolution used by a personal digital address which is unique and
ubiquitously supported (El-Maliki & Seigneur 2007). The XRI is a digital identifier standard
used for sharing data and resources across multiple domains (OASIS 2005). XRIs are supported
by organization for the advancement of structured information standards (OASIS). OASIS is a
global organization that drives the development, convergence and adoption of Web services,
cloud computing and e-business standards (OASIS 2005). XRIs enable identification of the
same logical resource in several contexts and multiple versions of the same logical resource.
XRIs come with two varieties: I-name and I-number registry services which can be used as an
identifier for persons, machines and agents (OASIS 2005).
Examples of decentralized IdMS protocols include Web Service Federation (WS-Federation)
(http://specs.xmlsoap.org/ws/2006/12/federation); OpenID 2.0 (www.openid.net); Light-Weight
Chapter 2: Literature Review (Identity Management Systems)
39
Identity (LID) (http://infogrid.org/trac/wiki/LID); Liberty Alliance’s Security Assertion Markup
Language (http://saml.xml.org/); Microsoft’s CardSpace (InfoCard) (http://informationcard.net);
OAuth (http://oauth.net); Simple eXtensible Identity Protocol (SXIP 2.0)
(http://www.sxip.com); U-Prove (http://research.microsoft.com/en-us/projects/u-prove); and
the Higgins Project (www.eclipse.org/higgins) (for more details of some of these protocols see
Appendix 2.1).
Figure 2.6: Decentralized IdMS model
This study focuses on two types of IdMS that are centralized (Web SSO) and decentralized
IdMS which are known as federated identity management systems (FIMS) (Cao & Young 2010;
Landau & Moore 2012; Armando et al. 2013). However, it differentiates between these two
types and has adopted centralized IdMS (Web SSO) as the first generation of IdMS (Josang &
Pope 2005; Dhamija & Dusseault 2008; Lips & Pang 2008; Poetzsch et al. 2009; Cao & Yuan
2010; Birrell & Schneider 2012).
Chapter 2: Literature Review (Identity Management Systems)
40
2.6.3 A Comparison of Identity Management Systems Models
Isolated IdMS, centralized IdMS and decentralized IdMS differ in terms of some attributes. As
we discussed previously in Sections 2.6.1 and 2.6.2, these attributes include:
• User experience: how easy the user can handle multiple identities.
• Complexity: the level of complexity of the IdMS architecture such as security polices
and requirements.
• Interoperability: the ability to use identity information from one system in another
system.
• Identity information control: the level of privacy controlled by the user.
• Identity federation: a set of agreements, standards and technologies that enable service
providers to link a user’s identities stored across different service providers (partners).
• Scalability : how can be the IdMS model in terms of number of users, service providers
and identity providers (Dhamija & Dusseault 2008;Hovav & Berger 2009; Poetzsch et
al, 2009; Cao & Yung 2010; Alpar, Hoepman & Siljee 2011; Ferdous & Poet 2012).
Table 2.3 highlights some differences between the three IdMS models and managing an online
identity from the users’ perspective.
Table 2.3: Comparison of IdMS models Attribute Isolated Model Centralized IdMS Decentralized IdMS
User Experience Acceptable (with few identities)
Good ( with SSO) Very good (with SSO and adequate interfaces)
Control over Identity Information
Very low (control by SP)
Low (control by IdP) High (control by user)
Complexity Very low Low High
Platform/Standard Close Relatively open, with previous relationships and agreements between SPs and IdPs
Open
Interoperability Lack Low/less varied High/varied
Scalability Very narrow, with single SP and IdP, (SP is IdP)
Relatively narrow, with multi SPs and single IdP
Broad, with multi SPs and multi IdPs
Chapter 2: Literature Review (Identity Management Systems)
41
Service Composition
Sole service Multi services but in the same domain
Multi services form multi domains
Identity Federation Limited Small Federated
Identity Storage On SP On IdP On both IdP and SP
Adoption High Partial Low
Examples Online service account, e.g. email account, Facebook account
Microsoft Passport Shibboleth Facebook Connect
InfoCard OpenID 2.0 U prove OAuth
The isolated model is still a dominant model for identity management on the Internet (Ferdous
& Josang 2013). This model is very scalable but it is extremely limited when the user has
multiple identities (Hovav & Berger 2009). In the isolated IdMS model, each SP is responsible
for managing the identity of each user. Here, the SP deploys its own IdMS with a low
complexity that depends on the functionality, such as security policy, that it wants to implement
(Hovav & Berger 2009; Cao & Yung 2010). The isolated IdMS model operates in a close
platform as only supports integrated single SP (SP is IdP) ;also, it does not support cross
domain access and user control over identity information(Cao & Yung 2010) .Users’ identities
are stored on the SP (IdP) .
In the centralized IdMS, the user authenticates to multiple SPs using the same identity. In
addition, centralized IdMS implement a single sign-on (SSO) function where the user
authenticates once with an IdP and then can access other SPs, which have built a trust
relationship with this IdP, with no need for extra authentication identifiers (Alpar, Hoepman &
Siljee 2011). This approach simplifies the identity management and enhances the user
experience. However, the centralized model limits the scalability because of the restricted
business agreements among the SPs and IdPs (Dhamija & Dusseault 2008). In this model,
identity information is stored in the IdP and maintained by the SPs or IdP; hence, the user has
minimum privacy control over his/her identity information (Cao & Yung 2010). These systems
Chapter 2: Literature Review (Identity Management Systems)
42
are the first initiative of new IdMS that is currently adopted by some Web service providers
(Straub & Aichholzer 2010; Wang, Chen & Wang 2012).
Decentralized IdMS model’s scalability is very broad as it enables the user to use his/her online
identity with different SPs, multi IdPs and multi services from different domains (Dhamija &
Dusseault 2008; Poetzsch et al. 2009). This model attempts to improve the problem of privacy
by delegating the control of identity information to the user. This model allows the users to
choose IdPs independently of SPs. The user can select any IdP based on its policies practices
and security .The SPs don’t need to establish a trust relationship with IdPs in order to provide
service to the user. In addition to SSO, most decentralized IdMS provide a familiar and reliable
user interface (UI) which enables the users to conduct identity management activities such as
their login, account sign-up and access their identities during online transactions (Dhamija &
Dusseault 2008). Decentralized IdMS require sharing complex platforms and authentication
protocols to exchange identities and assertions of authorization between SPs and IdPs (Dhamija
& Dusseault 2008).In this model, identity information can be stored on both SPs and IdPs (Cao
& Yung 2010). As decentralized IdMS are emerging systems, they have not been widely
adopted on the Web.
2.7 The Security of Identity Management Systems The security of IdMS is of great importance to both organizational and individual users.
However, the advantages and motives for having secure IdMS vary both within and between
these two groups. Personal information that is stored in IdMS needs to be secured so that it
cannot be obtained by unauthorized persons. Loss of identity information could have a wide
range of consequences for users and undermines the user‘s trust (Poetzsch et al. 2009). The
number of identity theft complaints and data breaches has been increasing (Finklea 2012). These
two issues are the main concerns for customers who regularly interact online. Identity
significantly affects the economic decisions that people make (Akerof & Kranton 2000) because
some digital identities are used to retrieve money from bank and credit card accounts. Although
Chapter 2: Literature Review (Identity Management Systems)
43
a significant amount of the economic loss resulting from identity fraud is carried by businesses
(Brody, Mulig & Kimball 2007), the costs in the end always carry over to the customers
themselves in the form of increased costs for goods and/or fees for services. The US Federal
Trade Commission (FTC) estimated that identity theft costs customers about 50 billion dollars
annually (FTC 2011). Loss of identity information can also lead to damage to the individual‘s
reputation. In 2010, for example, about 8.1 million Americans were reportedly victims of
identity theft (Finklea 2012).
The number of data breaches and identity theft complaints has been growing. The US Identity
Theft Resource Centre (ITRC) indicated that the number of reported data breaches increased
between 2008 and 2011. In 2008, the business industry experienced the greatest number of data
breaches (36.6%), followed by education (20.0%) and, finally, government and military (16.8%)
(Finklea 2010). In 2011, the business industry again experienced the greatest number of data
breaches (53.4%), followed by government and military (17.2%) and medical/health care
(13.8%) (FTC 2011). The majority of victims (almost 65%) did not know how their identities
had been stolen and some portion of these thefts most likely occurred as a result of data
breaches (Finklea 2012). Sherman (2010) argued that as long as data breaches continue, user
acceptance of new business tools will remain slow. Therefore, user information breaches have a
negative effect on end-users, which may generally affect their intention to adopt new
information technology, particularly the use of IdMS.
Conversely, the potential to provide increased security that could be offered by IdMS might
increase the general trust in electronic services, and consequently improve the possibilities for
making use of ICTs for communication and transactions (Poetzsch et al. 2009; Seltsikas &
O’Keefe 2010). Therefore, users have an interest in the security of IdMS. The loss of personal
data because of insecure IdMS has a negative effect on the use and supply of electronic services,
whereas trusted and secure systems could lead the way for the acceptance of more efficient and
effective services for end-users.
Chapter 2: Literature Review (Identity Management Systems)
44
2.8 The Current Identity Management Systems Research This section introduces the current IdMS research. This section discusses the method used to
gather and analyze the extant literature and presents the findings of the analysis. It also
discusses some gaps in IdMS research. This section provides an IdMS research framework
derived from the TFI model, representing an information system in technical, formal and
informal layers (see below). The section’s conclusion provides a summary and highlights some
implications for future research directions into IdMS.
2.8.1 The Innovation of the Identity Management Systems Research
Framework
In information systems (IS) research; there is an established tradition of examining the research
literature itself to better understand the research’s state of play in the field and to distinguish
patterns in the development of the field itself (Alavi & Carlson 1992; Banker & Kauffman
2004). In this regard, one of the main objectives of this study is to understand the state of IdMS
research through an examination of the existing IdMS literature.
In order to analyze the current research in the IdMS field, it is helpful to have a conceptual
framework that aids in the classification of IdMS research. This study employed a technical–
formal–informal (TFI) framework (Stamper et al. 2000) (see Figure 2.7) which conceptualizes
and separates IS into three different but interrelated layers: technical (T), formal (F) and
informal (I) (Liebenau & Backhouse 1990; Liu 2000; Stamper et al. 2000; Halperin 2006). We
adopted this model as the layers enable a holistic approach to the study of IS and related themes,
so that the layer to which specific research relates can be readily understood and its place within
the context as a whole ascertained (Halperin 2006). In addition, the TFI model can be used to
identify gaps in the literature and to provide implications for future research and practice
(Halperin 2006).
The TFI framework is based on semiotic theory (semiotics) (Stamper et al. 2000).Semiotics,
also called semiotic studies, is the study of signs (i.e. something that can be interpreted as
Chapter 2: Literature Review (Identity Management Systems)
45
having meaning) and the sign processes, and how they facilitate communication. Semiotics is
divided into three components: syntactics, semantics and pragmatics (Liebenau & Backhouse
1990, p.11-79). Syntactics provides relations and rules among signs in formal structure.
Semantics represents the relation between signs and things to which they refer to the transfer of
intended meaning. The meaning of data is often linked with a particular context. Therefore, the
focus of semantics is the relationship between what is being transmitted and what is being
understood. Pragmatics is the way in which understanding prompts action and in which context
contributes to meaning. Pragmatics represents the relation between signs using agents (Liebenau
& Backhouse 1990).
The three layers of the TFI model that are applied to IS have been defined as follows (Liebenau
& Backhouse 1990; Stamper et al. 2000; Halperin 2006). The technical layer refers to the
information technology component, which contains hardware, software, protocols, data formats
and the design of the technology, such as the layout and interface of the system. The formal
layer refers to the shared understanding of attributes and their formal procedures, policies and
rules, regulations and standards as well as other forms of bureaucracy. The informal layer of a
system refers to the ability to operate in contexts and attributes across domains. It encompasses
the uses, behaviours and systems of belief that govern the perceptions, expectations and values
of the individual members of the system.
The layers of the TFI model are interdependent. Stamper et al. illustrated this interrelationship
explaining, “Informal norms are fundamental, because formal norms can only operate by virtue
of the informal norms needed to interpret them, while technical norms can play no role …
unless embedded within a system of formal norm” (Stamper et al. 2000, p. 19).
Chapter 2: Literature Review (Identity Management Systems)
46
Figure 2.7: The TFI model of information systems (Source: Stamper et al. 2000)
2.8.2 Research Method
A structured literature review was conducted to assess the most innovative and current
literature in IdMS. The structured literature review is espoused by Tranfield, Denyer and Smart
(2003) and can be considered as a means by which important literature central to and
underpinning the research can be rigorously and systematically mapped out (Armitage &
Keeble-Allen 2008). It has been argued that this is an appropriate approach in conducting a
broad topic with a relatively small number of research questions which is opposite to systematic
literature review that is usually associated with a detailed and narrow topic and is driven by a
specific research question (Kitchenham, Budgen & Brereton 2011). Structured literature review
provides an overview of a broad research area by synthesizing major themes and issues and
categorizing previous research with respect to defined categories (Armitage & Keeble-Allen
2008). As this review focuses on the broad IdMS literature, using a structured review is an
appropriate approach. It is necessary to carry out a systematic approach to ensure the quality of
the review results (Tranfield, Denyer & Smart 2003; Kitchenham 2004). Therefore, we followed
the review method guidelines proposed by Tranfield, Denyer and Smart (2003), Kitchenham
(2004), Armitage and Keeble-Allen (2008) and Kitchenham, Budgen and Brereton. (2011).
Chapter 2: Literature Review (Identity Management Systems)
47
The scope of the literature was limited to the time frame from January 2000 to March 2013. The
literature review was carried out until early 2013 (the close of this research project). For that
reason, the time frame was limited to March 2013.
The general guidelines for the publication selection were as follows:
1. The central theme should be identity, identity management or identity management
systems;
2. Papers should have contained at least one section discussing IdMS; and
3. Selected articles should be in the IS, IT, computer science or social-science domains.
Relevant papers reflecting IdMS were retrieved from the following databases: Scopus, Science
Direct, ProQuest Science Journals, ACM Digital Library, IEEE Explore and Google Scholar.
The search strategy identified articles with the following keywords: identity, online
identity/electronic identity/digital identity, federated identity, identity management, identity
management system or identity management technology as the subject headings or text words in
titles and abstracts. Appendix 2.2 provides a description of the publications identified in the
selection phase of the literature review.
Results of this search strategy produced a list of 300 resources, 194 of which were excluded as
they did not meet the inclusion criteria. In total, 106 published papers were selected for detailed
analysis and categorization. Table 2.4 shows the publication distribution source types as well as
the percentage of total publications in each IdMS source type. Appendix 2.2 provides a
description of the publications identified in the selection phase of the literature review.
Table 2.4: Distribution of publications Source Number %
Journal Articles 41 38.7
Conference Proceedings 29 27.4
Technical Reports/White Papers 25 23.6
Books/Book Sections 11 10.3
Total 106 100
Chapter 2: Literature Review (Identity Management Systems)
48
In order to assess the state of IdMS research, the following questions were posed:
1. What is the field of research (e.g. computer science, IS/IT or others)?
2. What is the main focus of research (e.g. individual, business or technical)?
3. What is the nature of research (e.g. empirical, conceptual or review)?
4. What is the category of research (according to the TFI model)?
5. What are the key application areas involved in IdMS research?
Prior literature analyses demonstrated that these questions allow researchers to successfully
synthesize identity-related research (Halperin 2006) and other research fields in the IS discipline
(Alavi & Carlson 1992; Hoehle, Scornavacca & Huff 2012). In order to answer the questions
above, the publications needed to be carefully categorized and a framework needed to be
developed. The findings and framework are described below.
2.8.3 Findings and Analysis
It is clear that IdMS is an emerging research topic that has expanded rapidly and attracted a
number of researchers, especially in the last six years. Figure 2.8 presents the number of
publications per year and shows an overview of the growth of this research niche.
Figure 2.8: Number of publications per year
1 1 14
2
6 7
11 12 12
17
13 14
5
0
2
4
6
8
10
12
14
16
18
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
From 2000 to Marh 2013
Chapter 2: Literature Review (Identity Management Systems)
49
2.8.3.1 The field dimensions The analysis yielded several categories that represented the range of disciplines in IdMS
research. This analysis considered the relevance of diverse disciplinary standpoints and the use
of related theories and conceptual models to identify research in IdMS. 64% of the papers were
from computer science literature; 19% were IS/IT literature; and 17% were from other social
science domains, such as management, economics, organization theory, psychology, law, social
policy, etc. Our findings indicate that there is a lack of published work in identity and IdMS
research from the IS field. This supports Seltsikas and O’Keefe’s (2010) argument that
published research directly related to the topic of IdMS was sparse particularly in the
established IS journals.
2.8.3.2 Research focus A thorough analysis yielded four perspectives that represented the range of the research focus in
the IdMS field. Each article was classified into one of the following four categories: individual,
business, technical and general. Table 2.5 presents the distribution focus for the IdMS research
in the sample.
Table 2.5: Focus for the IdMS research Perspective Definition Number %
Individual User applications, user behaviour and the implications of IdM/IdMS for users.
17 16
Business Business applications, IdM providers’ impact and the implications of IdM/IdMS for businesses.
23 21.7
Technical Underlying security technologies, technical developments and solutions and frameworks for IdM/IdMS.
40 37.8
General General issues, including broad and non-specific focus on IdM/IdMS.
26 24.5
Total 106 100
The individual perspective included publications that focused on user applications, user
behaviour and the implications of IdMS for users. The individual perspective emerged as the
least mature area of IdMS research. This body of work encompassed papers related to the use
and behavioural beliefs of IdMS users. For example, Satchell et al. (2011) studied the
Chapter 2: Literature Review (Identity Management Systems)
50
relationship between identity and technology from users’ perspectives. Adjei and Olesen (2011)
attempted to understand the relationship between users’ intentions to disclose personal
information, their actual personal information disclosure behaviours and how these can be
influenced to develop privacy-enhancing IdMS that the users can trust.
The second perspective was defined as the business perspective. The business perspective
emerged after the individual perspective as the least popular area of IdMS research. The
analysis of the literature show that IdMS research from the business and individual perspectives
is limited. The business perspective encompassed papers that focused on business applications
at the organizational level, IdMS providers’ impacts and the implications of IdMS for business
and governments. Ivy, Conger and Landry (2010) and Jensen and Jaatun (2013) identified some
key factors contributing to the adoption of federated identity management systems from the
organizational level. These factors included technological complexities, cost, usability, privacy,
lack of trust between partners, and the complications and expenditures involved in establishing
and maintaining contractual agreements between partners. Some studies in this perspective (e.g.
Seltsikas & O’Keefe 2010; Baldoni 2012; Ferdous et al. 2012) contributed to a better
understanding of IdMS issues in e-government context. These studies attempted to develop,
implement and maintain the issues of IdMS that are facing stakeholders in government.
The technical perspective encompassed articles dealing with IdMS in a technological context
that focused on underlying security technologies, technical developments, and solutions and
frameworks for IdMS. The technical perspective clearly emerged as the dominant perspective,
yielding 40 studies. Many IdMS studies have stressed the importance of privacy, security and
usability in IdMS; each study focused on particular issues or looked at the problem from a
specific perspective. Research on IdMS is usually found in technical computing journals that
deal with underlying security technologies, such as cryptography (e.g. Miyata et al. 2006;
Ferdous & Josang 2013), and the research also recommended usable privacy-enhancing
solutions (e.g. Josang, Al-Zomai & Suriadi 2007; Dey & Weis 2010). Recently, Rossudowski
et al. (2010) recommended an architecture that allowed a single smart card to be used in a
Chapter 2: Literature Review (Identity Management Systems)
51
dynamic, multiple-application environment. This architecture would protect all information
communicated between the smart card and a specific application through the use of one-time
passwords, maintaining the privacy of the person. Marmol, Girao and Perez (2010) recently
submitted a Trust and Reputation Management proposal (one of the first applied in IdMS)
called TRIMS that recommended a domain that must decide whether or not to exchange
necessary information with another domain, depending on its trustworthiness and reputation.
Finally, the general perspective in IdMS research emerged as a key category in the analysis of
the literature. Papers in this category discussed general IdMS issues, and the category had a
broad, unspecific focus. The Future of Identity in the Information Society (FIDIS) Network of
Excellence provides rich information on the IdMS topic. For instance, Bauer et al. (2005)
provided a systematic review of current IdMS. For an overview of recent developments in
IdMS, see Meints (2009). Poetzsch et al. (2009) provided an overview of the features and
requirements for FIMS and analyzed four FIMS frameworks (Liberty Alliance, Shibboleth,
privacy and identity management for Europe project (PRIME) and Information Cards) on the
basis of user requirements. Dhamija and Dusseault (2008) identified seven flaws or design
challenges that should be fixed before the general community will use and accept IdMS. These
flaws included identity task facilitation, ease of use and understanding, cognitive scalability (the
user's overall cognitive burden), information disclosure, mutual authentication, consumer
experience and trust. Dhamija and Dusseault (2008) argued that these aspects are important for
achieving secure usage and wide acceptance of such systems, thus enabling users to make
suitable decisions about privacy. Ferdous and Poet ( 2012) provided a comparative analysis of a
number of IdMS (i.e. OpenID, Liberty Alliance, Shibboleth, PRIME, Information Cards and
OAuth) against a set of requirements for the privacy-enhancement of IdMS. They found that
none of these IdMS were ideal in providing privacy-preservation yet were usable.
The analysis indicated that a large proportion of IdMS research has focused on technical issues,
and little research has focused on the individual or business levels. This result is consistent with
Seltsikas and O‘Keefe’s (2010) and Jensen (2012) argument that IdMS research from both the
Chapter 2: Literature Review (Identity Management Systems)
52
business and user perspectives is limited. This suggests that business and individual areas need
more thorough development in future research.
2.8.3.3 The nature of research To investigate the nature of IdMS research (research method and data collection), a
classification was needed to categorize the selected publications. The strategy used for this
classification depended on whether the IdMS literature was dominated by intuition-based
reasoning and conceptual analysis or by empirical examination (Hirschheim 1991). In this case,
empirical research was considered to be all research originating in or based on observation or
experience, independent of whether the researcher gathered data through primary or secondary
data collection. Papers based on academic literature reviews and on intuition-based reasoning
were classified as conceptual research. Studies with an unclear nature of research were
classified as ‘not available’. Regarding these classifications, 20 publications (18.9%) used
empirical research, 76 (71.7%) were conceptual, and 10 (9.4%) were ‘not available’ (see Figure
2.11). Much of the literature was descriptive, dominated by intuition-based reasoning and
conceptual analysis rather than empirical investigation. Given that IdMS is still in an early stage
of development, much of its research is geared toward a conceptual examination aimed at
building the foundations on which future research may be established.
As we mentioned previously, empirical investigation has been limited in the IdMS literature.
The use of quantitative and qualitative methods as methodological approaches was limited. Of
20 empirical studies, 10 used qualitative methods, including interview, focus groups and
documentary evidence, with another nine studies using quantitative methods including survey,
observational data, mathematical model, event study, experiment, model checking and empirical
evaluation techniques. One study used mix-methods research (see Figure 2.9).
Chapter 2: Literature Review (Identity Management Systems)
53
Figure 2.9: Classification of IdMS empirical research based on research methods used
2.8.3.4 The TFI layers Having identified the different perspectives of IdMS research, the analysis of the literature was
framed and classified using the TFI model, which was previously introduced. The analysis
focused on how each of the selected papers related to the technical, formal or informal layers.
After careful classification, we found that 47 (44.4%) studies were technical, 43 (40.6%) were
formal and 16 (15%) were informal. Figures 2.10 and 2.11 show the publication distribution for
each layer classified by each perspective identified in this study.
The findings illustrated that the technical layer was dominant, and that a reasonable amount of
research had been undertaken in this category. Also, it appeared that the formal layer was well
studied in previous research. The informal research layer has had little attention.
In the informal layer, previous IdMS studies considered the perspective of legislation, such as
IdMS perceptions in an e-government context (Grimsley & Meehan 2007; Aichholzer & Straub
2010; Seltsikas & O‘Keefe 2010). There is a lack of research reported in the academic literature
that focused on Web-based IdMS and investigated self-regulation IdMS, such as that in e-
commerce and social media (Roussos, Peterson & Patel 2003; Adjei & Olesen 2011). Therefore,
Mixed Methods5%
Interview25%
Focus Group10%Documentry
Evidence10%
Survey15%
Observational Data10%
Mathimatical Model
5%
Event Study5%
Experiment10%
Empirical Evaluation
5%
Chapter 2: Literature Review (Identity Management Systems)
54
more research is needed focuses on self-regulatory IdMS that assumes rational behaviour from
online users consenting to services in exchange for the release of identity information.
When the findings of the previously categorized perspectives were examined (according to the
research focus and the nature of research), it was found that the analysis results accurately
corresponded to the TFI layers identified here. Most publications categorized within the
technological perspective corresponded to the technical layer of the TFI model. This finding is
consistent with Halperin’s (2006) argument that this type of research is characterized by the
exclusive attention given to the technical component of IS where identity and IdMS issues were
viewed though a purely technological lens. The technical perspective corresponds, to a certain
extent, to the formal layer, but the informal context of technology is almost never addressed.
The individual and business perspectives corresponded almost equally to the formal and
informal layers. The technical layer corresponded to the perspectives of businesses, providers
and, to a certain extent, of the individual users. Finally, the formal layer of the TFI model
corresponds directly to broad IdMS research, but the technical and informal contexts of general
issues are reasonably addressed (Figure 2.10).
Figure 2.10: Distribution of research focus perspectives over the TFI categories
30
7
3
7
10
10
8
15
6
6
4
0 5 10 15 20 25 30 35 40 45
Technological
Business
Individual
General
Technical Formal Informal
Chapter 2: Literature Review (Identity Management Systems)
55
The categorized research process also found that the categories corresponded to the TFI layers.
Most papers categorized within empirical and conceptual research corresponded to their
respective layer in the TFI model. However, the ‘not available’ category only corresponded to
the technical and formal layers (see Figure 2.11). The analysis found that empirical studies were
emerging but comprised a minor amount of research; the informal layer was adequately
addressed in the empirical research category, and the formal and technical layers had been
researched less. Quantitative research was not adequately represented, and just one study
employed the mix method. Conceptual research primarily corresponded to both the technical
and formal layers, but it also adequately corresponded to the informal layer. This indicates that
there is little exploration about IdMS from an informal perspective. Thus, further research to
explore and conceptualize users’ perceptions of IdMS is needed.
Figure 2.11: Distribution of IdMS by nature of research over the TFI categories
It is clear that empirical research in IdMS has limited documentation compared to the
conceptual type of work in all three layers of the TFI model. These findings also showed that
there was a lack of informal-type IdMS research within different perspectives identified in this
study. Figure 2.12 presents the IdMS research framework, providing all maps between the IdMS
perspectives identified in this study.
3
38
3
3
35
7
14
3
0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80
Empirical research
Conceptual research
Not available
Technical
Formal
Informal
Chapter 2: Literature Review (Identity Management Systems)
56
Figure 2.12: Identity management systems research framework Note 1: (x) indicates the number of studies in each category that was identified in this study. Note 2: studies classified with a ‘not available’ nature of research (10) are not included in this framework.
2.8.3.5. Application areas A wide range of application areas appear relevant to IdMS research, emphasizing the
importance of sectoral analysis in this emerging field of research. However, it is still very early
to allocate IdMS across entire sectors of corporate activity. Table 2.6 presents the classification
that was developed and applied to each paper. This classification sought to reflect the
application domain and primary topic of research.
Four application areas were dominant in the retrieved IdMS research. The most common
application was IdMS technologies and services (16%) which were usually approached from a
technical perspective. This application was approached in a very broad manner with several
studies focused on a specific type of identity management technology. Federated identity
management (FIM) and government topics also emerged as equally popular applications,
yielding 15% and 11% of studies respectively in each application. Most studies of government
applications highlighted and developed IdMS issues faced by stakeholders in government. The
Chapter 2: Literature Review (Identity Management Systems)
57
architecture and paradigm topic was the third emergent application (9%), and it was typically
drawn from a general, formal perspective. The final dominant applications that emerged were
crime detection and forensics and commerce/business applications, which yielded 8% and 7%
of the research respectively. Research related to crime detection and forensics considered IdMS
in relation to risk management and regulation, highlighting the critical challenges that
cybercrime poses and providing some concerns about identity theft and fraud. Studies focused
on commerce/business applications addressed the significance of IdMS as a vital marketing tool
for commercial enterprise. In addition; they addressed IdMS trust issues, discussing the
relationship between customers and service identity providers in e-commerce and financial
applications.
Table 2.6: Distribution of IdMS studies according to their applied application
Application Number % Application Number %
Technologies and Services
17 16 Education 3 3
Federated identity management
16 15 Social network 3 3
Government 12 11 E-transaction 2 2
Architecture and paradigms
10 9 Online community 2 2
Crime detection and forensics
8 8 Mobile 1 1
Business/commerce 7 7 Culture
1 1
Privacy enhancing technologies
6 6 Personalized services
1 1
Design 6 6 Ethics 1 1
Terminology 5 5 Information society 1 1
Online identity 3 3 Digital ecosystem 1 1
Total 90 100
Privacy-enhancing technologies, design and terminology areas were adequately documented in
the current literature, yielding 6%, 6% and 5% of the studies, respectively. Studies related to
privacy-enhancing technologies and design applications emerged from the technical level while
research focused on terminology emerged from the informal layer. Education, social networks,
Chapter 2: Literature Review (Identity Management Systems)
58
electronic transactions and online community applications were less frequently explored areas
in IdMS research. It was also remarkable that, among previous studies, only one paper’s main
topic was the use of IdMS in mobile and personalized services. Appendix 2.2 provides a
classification of research according to its application area.
2.8.4 Identity Management System Challenges
Our digital identities are essential to our interactions in the online world. However, IdMS that
manage and control digital identities face many challenges. Challenges associated with the
Internet stem from a lack of widely-deployed and easily-understood secure identity solutions
(Daemen & Rubinstein 2006).
Ongoing studies in IdMS encounter many challenges regarding the balance between usability,
privacy and security. Hence, suitable frameworks are needed that bring these sometimes
disparate aspects together with technical solutions that provide liability incentives for end-users
(Landau, Gong & Wilton 2009). A usable solution for mutual authentication has yet to be
proposed and developed in which both users and providers are required to provide credentials,
and the providers are authenticated to the users and vice versa (Josang & Pope 2005; Landau,
Gong & Wilton 2009). The existing literature has identified some major challenges to IdMS
which are mainly associated with design, usability, interoperability, privacy, security, trust, cost
and adoption (see Table 2.7).
Table 2.7: Identity management system challenges Perspective Challenge References
Design Dependencies, complex trade-offs and new user requirements.
(Dhamija & Dusseault 2008; Straub & Aichholzer 2010; Vossaert et al. 2013)
Usability
To reduce complexity, to combine with privacy and security requirements, cognitive scalability and user experience.
(Dhamija & Dusseault 2008; Poetzsch et al. 2009; Aichholzer & Straub 2010; Alpar, Hoepman & Siljee 2011; Jensen & Jaatun 2013)
Interoperability The use of different standards, availability of protocol options between partners, and complexity.
(Maler & Reed 2008 ; Jensen 2012)
Privacy Privacy protection, policy enforcement, privacy implications and insufficient user value.
(Josang et al. 2007; Aichholzer & Straub 2010; Satchell et al. 2011; Jensen & Jaatun 2013)
Chapter 2: Literature Review (Identity Management Systems)
59
Security To reduce (to recover from) the risk of an identity theft, breaches and spoofing attacks.
(Daemen & Rubinstein 2006; Rossudowski et al. 2010; Armando et al. 2013)
Trust Differing policies, privacy policy, lack of trust between partners and user experience.
(Poetzsch et al. 2009; Marmol, Girao & Perez 2010; Seltsikas & O’Keefe 2010; Armando et al. 2013)
Cost Investment, implementation and access. (Smith 2008; Jensen & Jaatun 2013)
Adoption
Low adoption, widespread and effective deployment.
(Poetzsch et al. 2009; Ivy, Conger & Landry 2010; Friedman, Crowley & West 2011; Aichholzer & Straub 2010; Straub & Aichholzer 2010; Smedinghoff 2012)
A challenge for stakeholders (citizens, customers, end-users and providers) is to consider the
outcomes and expectations that they desire (Seltsikas & O’Keefe 2010; Jensen & Jaatun 2013).
Therefore, further work could suggest what needs to be negotiated between users and providers
in order to fully capture the expectations necessary for the development of useful identity
management solutions (Lips & Pang 2008; Aichholzer & Straub 2010). A causal model could
be developed and tested to explore the challenges and needs of IdMS from the users' perspective
(Straub & Aichholzer 2010; Adjei & Olesen 2011; Alpar, Hoepman & Siljee 2011; Jensen
2012).
2.8.5 User Adoption of Identity Management Systems
From the user’s perspective, the IdMS is often not a target in itself but involves a means to
facilitate other tasks, such as obtaining access to specific services. This means that the adoption
of IdMS by users may often follow the path of least resistance (Dhamija & Dusseault 2008).
Users will not be likely to put much money and effort into the management and control of their
identities. Hence, IdMS must consider the need to promote its adoption by end-users (Satchell et
al. 2011). In the case of the commercial use of IdMS, it is likely that the value of IdMS will
increase as more users adopt it (Poetzsch et al. 2009). However, the adoption of IdMS has been
slow (Landau & Moore 2012). For example, the IdMS adoption rate was less than 5% in the US
and still lower in other countries (Ivy, Conger & Landry 2010). Understanding factors of human
identity (Roussos, Peterson & Patel 2003) and exploring factors that influence IdMS acceptance
may give rise to suggestions to increase user adoption of IdMS (Seltsikas & O’Keefe 2010;
Chapter 2: Literature Review (Identity Management Systems)
60
Jensen & Jaatun 2013). Hence, a model needs to be developed that captures salient aspects of
IdMS along with factors derived from understanding that their adoption is needed, particularly
from the end-user perspective (Aichholzer & Straub 2010; Ivy, Conger & Landry 2010; Alpar,
Hoepman & Siljee 2011; Satchell et al. 2011; Jensen & Jaatun 2013).
Dhamija and Dusseault (2008) posited seven flaws or design challenges that should be met in
order for the general community to use and accept IdMS. These flaws were: facilitating identity
tasks; ease of use and understanding; cognitive scalability (the user's overall cognitive burden);
information disclosure; mutual authentication; consumer experience; and trust. Dhamija and
Dusseault (2008) argued that these aspects are important in order to achieve secure usage and
wide acceptance of such systems, thus enabling users to make suitable decisions about privacy.
One study (Poetzsch et al. 2009) defined a concept of user adoption which involved assessing
the FIM initiatives on the basis of metrics and of requirements that could indicate the likeliness
of end-user adoption. These metrics include increasing trustworthiness of the system and
connection to the skill level of the users, social settings, efforts and costs (Poetzsch et al. 2009).
However, the study did not propose a theoretical model to measure and understand these metrics
or to investigate their relationship regarding attitude or intention to use.
Aichholzer and Straub (2009, 2010) conducted a case study of the national IdMS in Austria.
They identified equality of access, privacy protection and user convenience as major factors
determining users’ acceptance of IdMS. However, they called for further measures in order to
obtain a more balanced provision of citizen centricity with respect to IdMS multiple
determinants.
Adjei and Olesen (2011) attempted to understand the relationship between users’ intentions to
disclose personal information, their actual personal information disclosure behaviours and how
these can be influenced to develop privacy-enhancing IdMS that users can trust. Their
conceptual study, which was based on the technology acceptance model (TAM), proposed that
Chapter 2: Literature Review (Identity Management Systems)
61
perceived ease of use, perceived usefulness, perceived trust and perceived privacy will affect
users’ behaviour regarding their intentions and decision to use IdMS.
Ivy, Conger and Landry (2010) identified some key factors contributing to the slow adoption of
federated identity management (FIM) technology. These factors included technological
complexities, lack of trust between partners, and the complications and expenditures involved in
establishing and maintaining contractual agreements between partners. Recently, Jensen and
Jaatun (2013) have conducted and analyzed eleven interviews with industry actors to understand
the factors influencing FIM adoption. Their results demonstrate that some perceived benefits
(effectiveness of user administration, better protection, usability, user experience and reduced
cost) of FIM adoption are offset by its challenges including investment cost, interoperability,
trust, privacy and security. These two studies evaluated FIM from the organizational level, and
they suggested that user-centric FIM needs to be further studied. However, they did not develop
a theoretical model to measure these factors in relation to behaviour or intention to use FIM
technologies.
Overall, the above studies do not empirically examine or measure their proposed factors to
determine the effects on users’ behaviour towards IdMS. Therefore, there is a research call to
study these variables and explore other factors that could affect user adoption of IdMS.
2.8.6 Gaps in the Identity Management Systems literature
Many IdMS studies have stressed the importance of privacy, security and usability of IdMS,
each focusing on particular issues or looking at the problem from a special perspective (e.g.
Miyata et al. 2006; Josang, Al-Zomai & Suriadi2007; Dabrowski & Pacyna 2008; Dhamija &
Dusseault 2008; Hansen, Pfitzmann & Steinbrecher 2008; McLaughlin, Briscoe & Malone
2010; Rossudowski et al. 2010; Armando et al. 2013). The majority of these studies focused on
technical or design problems and challenges of IdMS. The findings show that there is a lack of a
behavioural research in the IdMS domain. The extant literature indicates that previous studies
have been paid little attention to the focus on the use of IdMS especially from the user
Chapter 2: Literature Review (Identity Management Systems)
62
perspective (Seltsikas 2009; Seltsikas & O’Keefe 2010). In addition, the perceptions of IdMS
from the individual perspectives are less explored (Satchell et al. 2011; García, Oliva & Perez-
Belleboni 2012). Moreover, suitable models or frameworks for understanding IdMS from both
the business and user perspectives are equally limited (Seltsikas & O’Keefe 2010; Jensen 2012).
Although few studies have identified and suggested some factors and metrics towards the
adoption of IdMS (e.g. Poetzsch et al. 2009; Ivy, Conger & Landry 2010; Adjei & Olesen 2011;
Jensen & Jaatun 2013), there are no studies which empirically examine the factors that affect
user adoption of IdMS. Also, there have been no theoretical models proposed and tested to
better understand user adoption of IdMS. Therefore, the overall literature suggests that
exploring and measuring users’ perceptions of IdMS are needed (Poetzsch et al. 2009;
Aichholzer & Straub 2010; Crompton 2010; Ivy, Conger & Landry 2010; Seltsikas & O’Keefe
2010; Adjei & Olesen 2011; Satchell et al. 2011; García, Oliva & Perez-Belleboni 2012).
2.8.7 Conclusion and Future Recommendation
This study provides a general overview of the main characteristics of the past and current states
of IdMS research through the categorization and statistical analysis of the existing academic
literature on IdMS. We reviewed previous research on IdMS in the fields of computer science,
IS/IT and social science. Based on the TFI model, we categorized 90 key studies and introduced
an IdMS research framework based on all possible connections between three different
perspectives: the research focus (technical, business, individual and general), nature of research
(empirical and conceptual) and the three TFI layers. Figure 2.12 provides a summary of this
review. Our analysis revealed that each category focused on more than one layer of the TFI
model at a time and considered the context of other layers. This indicates that there is a virtual
cross-disciplinary research capability in IdMS. In addition, this paper highlighted the analysis in
the field of IdMS and emphasized the application domains that are relevant to IdMS studies.
IdMS research is likely to develop and mature into a research concept in its own right as the
body of research grows. However, the results of our analysis suggest that for this to happen,
Chapter 2: Literature Review (Identity Management Systems)
63
researchers should focus their efforts more carefully. Some areas are promising candidates for
future IdMS research. These areas are described below.
Research from individual and business perspectives
The majority of current studies focus on the technical or design problems and challenges of
IdMS. Perceptions of online identity and IdMS from individual perspectives have not been
thoroughly explored in previous research. Moreover, current research indicates that the
provision of suitable frameworks or models to better understand IdMS from both business and
individual perspectives, are equally limited although evidence suggests that individual and
business applications are the largest growth area. More research into stakeholders’ perception
requirements as well as an expansion of application areas, including government, health care,
education, finance, the online community and mobile applications, are needed to bridge the gap
between theory and practice.
Empirical research
The current research in IdMS is descriptive, and dominated by intuition-based reasoning and
conceptual analysis rather than empirical investigation. Our findings show that there is a lack of
empirical research on all TFI layers. Research efforts should focus on high-quality research
using empirical data to develop theories. While there are many conceptual studies that represent
the face value of IdMS, this implies a change in the research methods and readdresses the
balance of IdMS research. Therefore, an increase in empirically-based research, such as
interviews, experiments, surveys, action research and simulations, should be pursued.
Research into use and behaviour
Our analysis found that the informal layer in the TFI model which encompasses the use and
perceptions of IdMS, is an underexplored area. Studies that focus on the context, use and
perception of IdMS, from the different perspectives identified in this study, have attracted little
attention. To fill this gap, more research on IdMS is necessary in order to examine the
behaviour and beliefs as well as identifying antecedents of the adoption and usage of IdMS.
Chapter 2: Literature Review (Identity Management Systems)
64
Thus, we suggest that additional research into IdMS should include the interaction between
users and the system.
Theory development
The examination of current research in IdMS found significant gaps in conceptual models and
the theories that establish them. Few theories have been applied to IdMS research. Vital issues
for the IdMS topic, such as usability, trust, risk, privacy concerns and task-fit, require
conceptualization and theorization in the context of identity and IdMS. In the IS field, for
example, there are a number of key theories, such as the technology acceptance model (TAM)
and task technology fit (TTF), that have been identified as foundations of IS research.
Researchers are called upon to apply previous theories to IdMS and develop a theory through
which to gain a better understanding of IdMS.
2.9 Identity Management Systems Landscape
Identity management (IdM) is important in different contexts, including enterprise, e-commerce
and government. The current IdM landscape is very complex due to the various interests,
concerns, perspectives and technologies that are involved (Mont, Bramhall & Pato 2003). Mont,
Bramhall and Pato (2003) identified diverse competing views on what IdM should provide and
what it should focus on. These include the enterprise focus vs. consumer focus, mobility vs.
centralization, legislation vs. self-regulation, subjects’ control vs. organizations’ control,
privacy vs. free market, etc. (see Figure 2.13).
Chapter 2: Literature Review (Identity Management Systems)
65
Figure 2.13: Identity management landscape (Source: Mont, Bramhall & Pato2003, p. 5)
As it is difficult to focus on all IdMS concerns and aspects, this study focuses on Web-based
IdMS from the perspectives of consumers (users) and self-regulation (self-control). This study
focuses on Web-based IdMS, which is a new and emerging IT where technology, services and
business processes are integrated for the creation of identity-centric approaches to the
management of users, their attributes, authentication factors and security privileges across the
Internet within online service providers. Furthermore, this study focuses on self-regulation
IdMS that assumes rational behaviour from online users in consenting to online services in
exchange for the release of identity information (Coopamootoo & Ashenden 2011). In other
words, the focus is on using IdMS when it is possible and voluntary as opposed to regulating it
when it is necessary and mandatory.
This focus is adopted for the following reasons. Firstly, the extant literature indicates that IdMS
has been well explored from the enterprise perspective (Ivy, Conger & Landry 2010; Baldoni
2012); only a few studies have focused on the individual level (Satchell et al. 2011). Secondly,
previous IdMS studies considered the perspective of legislation, such as IdMS perceptions in
the e-government context (e.g. Grimsley & Meehan 2007; Seltsikas & O’Keefe 2010; Straub &
Aichholzer 2010; García, Oliva & Perez-Belleboni 2012). There is a lack of studies reported in
Chapter 2: Literature Review (Identity Management Systems)
66
the academic literature which focus on Web-based IdMS that investigate self-regulation IdMS,
such as e-commerce and social media contexts (Roussos, Peterson & Patel 2003; Adjei &
Olesen 2011). Therefore, we believe that the selected scope of the current study focusing on the
users’ adoption of IdMS could fill these gaps and contribute to both the IdMS and IS literature.
2.10 Summary
This chapter has provided an in-depth understanding and an overview of definitions, features
and types of IdMS. This chapter also provided an assessment of the state of IdMS research and
analyzed the existing studies on the topic. Accordingly, we comprehensively reviewed the
research on IdMS that has been conducted in different fields such as IS/IT and computer
science. We also revealed the emergence of the IdMS research domain and its current status,
using a detailed analysis and taxonomy of 106 publications from key research outlets. This
chapter developed a framework for classifying studies, reviewed key findings and identified
opportunities for future research into IdMS.
The next chapter presents a review of technology adoption models and the literature on user
adoption of IS/IT and Web-based services and technologies.
Chapter 3: Literature Review (Information System, Technology Adoption)
3.1 Introduction
The review of the IdMS literature in the previous chapter (Chapter 2) demonstrates that little is
known about user adoption of IdMS. Specifically, there are no studies which empirically
examine the factors that affect user adoption of IdMS. Moreover, there have been no theoretical
models proposed and tested to better understand user adoption of IdMS. Thus, it is necessary to
explore user adoption of IdMS using a relevant approach, that is, user adoption of IS/IT and
Web-based services and technologies (WBST) research. User acceptance/adoption of IS/IT is
often defined as one of the most mature research areas within the information systems field
(Venkatesh et al. 2003; Benbasat & Barki 2007; Hirschheim 2007; Dwivedi et al. 2008;
Williams et al. 2009; Venkatesh, Thong & Xu 2012). Research in this area has created
numerous theoretical models with roots in sociology and psychology which remain pertinent
and a critical issue for the IS field (Davis, Bagozzi & Warshaw 1989; Venkatesh et al. 2003;
Jeyaraj, Rottman & Lacity 2006; Bagozzi 2007; Benbasat & Barki 2007; Goodhue 2007;
Dwivedi et al. 2008; Williams, Rana & Dwivedi 2011; Venkatesh, Thong & Xu 2012). The aim
of this chapter is to establish the theoretical foundations of the current study by reviewing a
number of models and theories on user adoption of IS/IT, and identifying factors that affect
individual acceptance of IS/IT and WBST that could influence user adoption of IdMS.
This chapter is organized as follows. Firstly, the chapter defines ‘user adoption of new
technology’ and discusses the adoption phases of IT use. Secondly, this chapter presents a
review of a number of well-known models and behavioural theories on user adoption of IS/IT.
Thirdly, it provides a review of the literature on user adoption of WBST and presents a general
analysis and the findings of the literature. Fourthly, it identifies the factors included in this study
that affect user adoption of IdMS which have been examined in relation to individual adoption
Chapter 3: Literature Review (IS/IT Adoption)
68
of WBST. Finally, the chapter highlights the gaps identified in the literature and develops the
research questions.
3.2 Defining ‘User Adoption of Technology’ System acceptance/adoption is significant in measuring the success of IS/IT applications
(DeLone & McLean 1992). Determining user adoption of a technology is an important but
difficult part of human factors’ applications and research (Dillon 2001).User
acceptance/adoption is defined as “the demonstrable willingness within a user group to employ
information technology for the tasks it is designed to support” (Dillon & Morris 1996, p.4).
According to innovation diffusion theory (Rogers 2003), technology acceptance/adoption refers
to a process by which the new technology is selected for use by an individual or an
organization. User acceptance/adoption has been viewed as the crucial factor in determining the
success or failure of any technology (Davis 1993). Consequently, both technology adoption
researchers and practitioners are less interested in unplanned uses or non-use of technologies
and more concerned with understanding the factors impacting on the adoption of technologies
as intended by users who have a number of degrees of choice (Dillon & Morris 1996; Dillon
2001).
3.3 Adoption Phases When we examine individual’s beliefs and perceptions toward adoption of a product, it is
important to distinguish between adoption phases because, according to the theory of reasoned
action, studies need to be specific as to the target behaviour of interest (Ajzen & Fishbein 1980;
Karahanna, Straub & Chervany 1999). IS research suggests that initial adoption (or pre-
adoption) and post-adoption (or acceptance) are the two adoption phases of IT usage
(Karahanna, Straub & Chervany 1999; Bhattacherjee & Premkumar 2004). At the initial
adoption phase, end-user beliefs and perceptions are captured prior to adoption or after first
experience, with antecedents of usage for non-experienced users (Karahanna, Straub &
Chervany 1999). This phase differs in approach with the post-adoption phase which identifies
Chapter 3: Literature Review (IS/IT Adoption)
69
users’ beliefs about usage behaviour after they have already adopted and are using the
technology along with more experienced users (Karahanna, Straub & Chervany 1999). Initial
adoption beliefs are formed principally based on indirect experience (affect or cognition) with
technology whereas post-adoption usage beliefs are formed derived from past experience
(Karahanna, Straub & Chervany1999). For example, before using a particular technology, users
can build their initial beliefs and perceptions based on similar technologies or others’ opinions
about the technology (Wang & Benbasat 2005; Li et al. 2008). The dependent variables in post-
adoption studies are the ‘intention to use’ or ‘continue to use’ or the current level of usage
while, for initial adoption, these should be the behavioural intention such as the ‘intention to
use’ or ‘intention to adopt’ (Karahanna, Straub & Chervany 1999). However, previous research
has suggested a strong relationship between users’ pre-implementation expectations of a new
technology and their post-implementation experiences with the technology (Staples, Wong &
Seddon 2002).
The current research focuses on the initial adoption of IdMS for the following reasons. Firstly,
IdMS technologies and services are at the early stage and users do not have experience in using
them (Friedman, Crowley & West 2011; Landau & Moore 2012; Wang, Chen & Wang 2012).
Based on a diffusion of innovations perspective, users initially seek information about an
innovation which forms their attitude towards the innovation and their subsequent adoption
decision (Rogers 2003). The decision to willingly adopt a new technology is affected by users’
initial beliefs and perceptions of the technology’s characteristics (Moore & Benbasat 1991;
Rogers 2003). Therefore, initial beliefs are needed in a relationship in which the user does not
yet have meaningful or credible information about the technology (McKnight et al. 2002;
Belanger & Carter 2008). Secondly, because adoption is a dynamic process that develops over
time, researchers have noted the importance of studying the initial adoption, particularly in
cases of novel technology, such as IdMS, where users must overcome perceptions and risk
beliefs, before using the technology (McKnight et al. 2002; Gefen, Benbasat & Pavlou 2008; Li
et al. 2008; Luo et al. 2010). Thirdly, previous studies investigated the initial adoption of Web-
Chapter 3: Literature Review (IS/IT Adoption)
70
based applications and have found that initial beliefs and perceptions have a strong effect on
individual behavioural intentions towards novel technologies (Wang & Benbasat 2005; Li et al.
2008; Luo et al. 2010). Therefore, an investigation of the users’ initial adoption beliefs and
perceptions would enhance our understanding of why they adopt or reject the use of IdMS.
3.4 Review of Existing Technology Adoption Models and Theories During the previous years of IS research, a varied body of theoretical work has been gathered on
the diffusion and adoption of IT-based innovations. From a theoretical point of view, IS/IT
adoption and innovation research has tested many determining models and theories (see Table
3.1). Some of these theoretical models focus on the individual adoption of technology (e.g. the
technology acceptance model and the theory of planned behaviour) while other models have
focused on implementation success at the organizational level (e.g. the tri-core model and the
diffusion/implementation model). This study provides a review of theoretical models that have
focused on the individual level.
Table 3.1: Theories used in individual and organizational IT adoption research (adopted from Jeyaraj, Rottman & Lacity [2006])
Theory
Main author(s) Used in individual adoption studies
Used in organizational adoption studies
Innovation Diffusion Theory (IDT) Rogers (1983, 1995) X X
Perceived Characteristics of Innovations
Moore and Benbasat (1991)
X
Social Cognitive Theory (SCT) Bandura (1986) X
Technology Acceptance Model (TAM) Davis (1989) X
Technology Acceptance Model II (TAM2) Venkatesh et al. (2000)
X
Theory of Planned Behaviour (TPB) Ajzen (1991) X
Task–Technology Fit (TTF)
Goodhue and Thompson (1995)
X X
Theory of Reasoned Action (TRA) Fishbein and Ajzen (1975)
X
Unified Theory of Acceptance and Use of Technology (UTAUT)
Venkatesh et al. (2003)
X
Diffusion/Implementation Model Kwon and Zmud (1987)
X
Tri-Core Model Swanson (1994) X
Chapter 3: Literature Review (IS/IT Adoption)
71
The motivation for reviewing user adoption of IT models/theories was to provide a solid
theoretical foundation for the current research. The models/theories described in this literature
review were based on two criteria: 1) they focus on the individual behaviour level which is the
focus of this study; 2) they have in common the behavioural intention or/and the usage of
technology as the key dependent variable which could be suitable for investigating user
adoption of IdMS. Researchers have pointed out that the role of intention as a predictor of
behaviour (e.g. usage) is crucial, and this has been well established in the IS field (Ajzen 1991;
Taylor & Todd 1995; William et al. 2009; Venkatesh, Thong & Xu 2012). Therefore, applying
the technology adoption theories and understanding the different factors that act as drivers for
behavioural intention could be a consistent vehicle for understanding the adoption of IdMS.
Ten models/theories that meet the criteria mentioned above emerged from the literature review:
(1) theory of reasoned action (TRA); (2) theory of planned behaviour (TPB); (3) technology
acceptance model (TAM); (4) innovation diffusion theory (IDT); (5) unified theory of
acceptance and use of technology (UTAUT); (6) task–technology fit (TTF); (7) integrated TAM
and TTF model; (8) social cognitive theory (SCT); (9) cognitive dissonance theory (CDT); and
(10) the trust–risk framework.
These models/theories and their applicability for investigating user adoption of IdMS are
discussed in the following sub-sections.
3.4.1 Theory of Reasoned Action
The theory of reasoned action (TRA) is one of the most influential and fundamental theories of
human behaviour (Malhotra & Galletta 1999). The TRA has been drawn from social
psychology (Fishbein & Ajzen 1975; Venkatesh, et al. 2003). According to this theory, an
attitude towards a given behaviour and a subjective norm will impact on the behavioural
intention which results in an actual behaviour (Fishbein & Ajzen 1975) (see Figure 3.1).
Attitude towards behaviour can be defined as “an individual's positive or negative feelings
(evaluative affect) about performing the target behaviour” (Fishbein & Ajzen 1975). Subjective
Chapter 3: Literature Review (IS/IT Adoption)
72
norms refer to “the person's perception that most people who are important to him think he
should or should not perform the behaviour in question” (Fishbein & Ajzen 1975, p. 325).
Although the TRA is among the major theories of human behaviour and is widely used in social
psychology, it has some limitations (Malhotra & Galletta 1999). These limitations include a
significant risk of confusion among norms and attitudes as norms could be reframed as attitudes
and vice versa. Another limitation is the assumption that when the individual forms an intention
to act, she/he will be free to act without limitation (Ajzen 1991).The theory of planned
behaviour (TPB) tries to address these limitations (Malhotra & Galletta 1999).
Figure 3.1: Theory of reasoned action (TRA) (Source: Fishbein & Ajzen 1975, p. 302)
3.4.2 Theory of Planned Behaviour
The theory of planned behaviour (TPB) is anchored in the theory of reasoned action (TRA)
(Ajzen 1991). The TPB modifies the TRA by incorporating the construct “perceived
behavioural control” to address situations in which individuals lack substantive control over a
certain behaviour (Ajzen 1991). The TPB proposes that behaviour can be explained by
behavioural intention which is impacted by attitude, subjective norms and perceived
behavioural control (see Figure 3.2). As the TPB was derived from the TRA, the determinants,
attitude and subjective norms, are defined in similar ways. Perceived behavioural control is
defined as “the perceived ease or difficulty of performing the behaviour” (Ajzen 1991, p. 188).
The TPB is constructed in psychology and has not been widely used in the IS field (compared
with other models such as the TAM). Nevertheless, several IS researchers (Venkatesh & Davis
Chapter 3: Literature Review (IS/IT Adoption)
73
2000; Sun & Zhang 2006; Lee 2009b) have successfully applied this theory to the
understanding of individual acceptance and usage of diverse technologies. TPB is often praised
for including the influence of social factors (subjective norms) on technology acceptance (Lee
2009b). As the focus of the current study is the adoption of IdMS, which is considered as an
example of the acceptance of innovative technology intertwined with social systems and
personal characteristics, using TPB variables for our research model could provide a suitable
framework to examine user adoption of IdMS.
Figure 3.2: Theory of planned behaviour (TPB) (Source: Ajzen 1991, p. 182)
3.4.3 Technology Acceptance Model
In the context of IS, the technology acceptance model (TAM) has been used to study attitudes
towards a new technology and its acceptance. The TAM, which was proposed and developed by
Davis (1989), is widely used to describe the technology acceptance procedure within diverse
contexts. Of the models that have been proposed and examined, the TAM is arguably the most
widely accepted (Taylor & Todd 1995). The theoretical foundation for the TAM is based on the
TRA (Fishbein & Ajzen 1975). However, unlike the TRA, the conceptualization of the TAM
excludes the attitude construct in order to explain intention parsimoniously (Venkatesh et al.
2003).
The TAM presents two independent variables: perceived usefulness (PU), which is defined as
“the degree to which a person believes that using a particular system would enhance his or her
job performance” (Davis 1989, p. 320); and perceived ease of use (PEOU), which is defined as
Chapter 3: Literature Review (IS/IT Adoption)
74
“the degree to which a person believes that using a particular system would be free of effort”
(Davis 1989, p. 320). The TAM suggests that beliefs about ease of use and usefulness are
essential elements in determining user attitude towards using a new technology (Davis 1989),
whereas perceived usefulness has an effect on the use and “intention to use” (Davis, Bagozzi &
Warshaw 1989) (see Figure 3.3). The TAM is probably one of the most often used theoretical
models found in the IS literature. In early 2013, a search on Google Scholar found 14,574
citations of ‘TAM; Davis (1989)’ and 8,196 citations of ‘Davis, Bagozzi and Warshaw (1989)’.
Figure 3.3: Technology acceptance model (TAM) (Source: Davis, Bagozzi & Warshaw 1989, p. 985)
There are extended versions of the TAM. Venkatesh and Davis (2000) presented TAM2,
extending the original TAM to include subjective norms as an additional predictor of intention
in the case of mandatory settings. Venkatesh and Bala (2008) provided TAM3 which suggests
that perceived usefulness and perceived ease of use are driven by a number of other external
factors, such as individual differences, system characteristics, social influence and facilitating
conditions.
As the importance of individual characteristics is stressed, some variables have been suggested
to extend the original TAM (Kown & Wen 2010). New external variables and perceived
constructs have extended the TAM in accordance with the specific characteristics of the
technology, such as individual, task and system characteristics. Moreover, some researchers
Chapter 3: Literature Review (IS/IT Adoption)
75
have argued that basic models might not be sufficient to explain the adoption and use of diverse
types of technologies and services where specific features of the technology might play a
significant role (Mallat 2007). Thus, it is important to add some explanatory variables into the
TAM. King and He (2006) defined four main categories for external factors to extend the core
TAM model. These factors are as follows:
• Prior factors (or the inclusion of external precursors), such as situational involvement,
personal computer self-efficacy and prior usage or experience
• Factors suggested by other theories, such as task–technology fit, trust and risk
• Contextual factors, such as gender, culture and technology characteristics that may have
moderator effects
• Consequence factors, such as attitude and actual usage (see Figure 3.4).
Legris, Ingham and Collerette (2003) noted that there is no clear pattern with respect to the
choice of the external variables considered. Previous studies have listed various external
variables, such as demographic variables (Venkatesh et al. 2003); trust (Cho 2006; Ha & Stoel
2009); privacy and security (Vijayasarathy 2004; Cheng, Lam & Yeung 2006); perceived risk
(Cho 2006; Lee 2009a); perceived compatibility (Vijayasarathy 2004; Schierz, Schilke & Wirtz
2010); perceived enjoyment (Lingyun & Dong 2008; Sun & Zhang 2008), personal
innovativeness and social identification (Gwebu & Wang 2011; Lee et al. 2012); cost (Chong,
Chan &Ooi 2012) and future usefulness (Behrend et al. 2011) (see Appendix 3.1 for more
details). These studies confirm that external variables are completely mediated by perceived
ease of use and perceived usefulness; thus, the addition of such variables contributes slightly to
the explanation of the variations in system use. In fact, external variables provide a better
understanding of what influences perceived ease of use and perceived usefulness as their
presence shows the actions needed to encourage greater use (Lee, Kozar & Larsen 2003;
Bagozzi 2007).
Chapter 3: Literature Review (IS/IT Adoption)
76
Figure 3.4: The original TAM model and four categories of modifications (Source: King & He 2006, p. 641)
Some TAM-based empirical studies have provided meta-analyses and critical reviews (Lee,
Kozar & Larsen 2003; Legris, Ingham & Collerette 2003; King & He 2006; Bagozzi 2007;
Hirschheim 2007; Turner et al. 2010). These studies have confirmed the robustness of the TAM
model; however, some researchers have stressed that there are several limitations of the model
(Legris, Ingham & Collerette 2003; Bagozzi 2007). In general, criticism of the TAM is
categorized into three classes: (1) the methodology used for the TAM model; (2) the variables
and the relationships within the TAM model; and (3) the most significant limitation which is the
core theoretical foundation underlying the TAM model (Legris, Ingham & Collerette 2003;
Bagozzi 2007).
In their empirical research using the TAM, Legris, Ingham and Collerette (2003) noted that the
analysis of the results was not totally clear. They suggested that significant factors are not
included in the model. They concluded that the TAM is a useful model, but that it has to be
integrated into a broader model that included variables related to both human and social change
processes, and to the adoption of the innovation model. Bagozzi (2007) pointed out that that
there are poor theoretical relationships between different constructs formulated in the TAM. He
disputed that the intention and actual use relationship is theoretically strong, and noted that
behaviour could not be supposed to be a terminal goal. As an alternative, Bagozzi proposed that
Chapter 3: Literature Review (IS/IT Adoption)
77
behaviour must be treated as a means to a more primary goal. He also highlighted the possibility
of determining behaviour by adding measures for perceived usefulness and perceived ease of
use. In addition, he concluded that the TAM was a deterministic model and. thus, an
individual’s use was assumed to be fully determined by their intention to use. However, he
argued that an individual’s intention could be subjected to reflection and evaluation, which
might direct the person to reformulate his/her intention. Therefore, Bagozzi asserted that the
basic TAM model could not be appropriate for predicting and explaining system use.
Accordingly, to overcome the limitations of TAM, the current study adopts TAM constructs:
PU and PEOU (see Section 3.6.1) and extended the conventional TAM with new perceived
constructs and external factors (see Section 3.6). Moreover, this study integrated TAM variables
with some constructs suggested by other models, such as TTF and TPB, to provide better
understanding and prediction of the adoption of IdMS as discussed further in detail in Chapter
4.
3.4.4 Innovation Diffusion Theory
The innovation diffusion theory (IDT) was proposed by Rogers (1995, 2003). Rogers (1995)
visualized innovation adoption as a procedure through which an individual passes from initial
knowledge of an innovation, to forming an attitude towards the innovation, to a decision to
adopt or reject it, to the implementation of the new idea and then to confirmation of this
decision. According to Rogers (1995), diffusion theory categorizes five characteristics of
perceived innovations of acceptance of a technology:
• Relative advantage: “the degree to which an innovation is perceived as better than the
idea it supersedes”
• Compatibility: “the degree to which an innovation is perceived as being consistent with
the existing values, past experiences and needs of potential adopters”
• Complexity: “the degree to which an innovation is perceived as difficult to understand
and use”
Chapter 3: Literature Review (IS/IT Adoption)
78
• Trialability: “the degree to which an innovation may be experimented with on a limited
basis”
• Observability: “the degree to which the results of an innovation are visible to others”.
Rogers (2003) proposed that innovations with high relative advantage, trialability, compatibility
and observability and with less complexity would be adopted more rapidly than other
innovations with the opposite characteristics. In particular, relative advantage, compatibility and
lack of complexity have the greatest influence (Dillon 2001). Other researchers have suggested
the additional factors of image and trust to extend Roger’s model (Barnes & Huff 2003):
• Image: “the degree to which adoption and use of the innovation is perceived to
enhance one’s image or status”
• Trust: “the extent to which the innovation adopter perceives the innovation
provider to be trustworthy”.
Research models directly based on IDT often produces unsatisfactory findings in empirical tests
(Agarwal & Prasad 1998; Wu &Wang 2005).Although some IDT variables, such as compability
and relative advantage, have been successfully used to explain intention to use IT (Taylor &
Todd 1995; Karahanna, Straub & Chervany 1999; Wu &Wang 2005; Yang et al. 2012),
empirical evidence has shown that some variables employed in established theories, such as
TAM and TPB, which provide theoretical linkages between beliefs, attitudes, intentions, and
actions; are a better mechanism for explaining user adoption decision and behaviour (Taylor &
Todd 1995; Legris, Ingham & Collerette 2003; Venkatesh et al. 2003; King & He 2006;Turner
et al. 2010). As the current research aims to examine users’ beliefs, intentions and the linkage
between them toward IdMS adoption, IDT might be an inapplicable approach.
3.4.5 Unified Theory of Acceptance and Use of Technology
In 2003, a unified theory of acceptance and use of technology model (UTAUT) was established
with the aim of integrating the eight main competing user acceptance models (Venkatesh et al.
2003). The
reviewed in
model of P
the technol
Todd 1995
In the UTA
intention a
conditions.
expectancy
influence i
believe he
conditions
infrastructu
of the UTA
age, exper
technology
Figure 3
e integrated
n addition to
PC utilization
logy acceptan
); and social
AUT model
are performa
Performanc
y refers to pe
is defined a
or she shou
are “the deg
ure exists to
AUT model i
rience and v
y adoption an
3.5: Unified th
models inclu
o the motiva
n (MPCU) (T
nce model an
cognitive th
l illustrated
ance expect
ce expectanc
erceived ease
as “the degre
ld use the ne
gree to which
support use
is that it cons
voluntariness
nalysis.
heory of acce
C
7
uded the TR
ational mode
Thompson, H
nd the theory
heory (SCT)
in Figure 3
tancy, effort
cy is closely
e of use (Ve
ee to which
ew system”
h an individ
of the system
siders the ro
s of use, wh
eptance and ual. 2003
Chapter 3: L
79
RA, TAM, T
l (MM) (Da
Higgins & H
y of planned
(Bandura 19
.5, the four
t expectancy
y related to
enkatesh et a
h an individ
(Venkatesh
ual believes
m” (Venkate
le of some m
hich provide
use of technol3, p. 447)
Literature ReTPB and IDT
vis, Bagozzi
Howell 1994)
behaviour (C
986; Compea
major deter
y, social inf
perceived u
al. 2003; Hon
ual perceive
et al. 2003,
that an orga
esh et al. 200
moderating v
es a compre
logy (UTAUT
eview (IS/ITT theories a
i & Warshaw
); a model th
C-TAM-TPB
au & Higgins
rminants of
fluence and
usefulness, w
ng & Tam 2
es that impo
p. 451), and
anizational a
03, p. 453). T
variables, suc
ehensive fra
T) (Source: V
T Adoption)s previously
w 1992); the
hat combined
B) (Taylor &
s 1995).
behavioural
d facilitating
whilst effort
2006). Social
ortant others
d facilitating
and technical
The strength
ch as gender,
amework for
Venkatesh et
) y
e
d
&
l
g
t
l
s
g
l
h
,
r
Chapter 3: Literature Review (IS/IT Adoption)
80
The UTAUT model has distilled the contingencies and important factors related to the
prediction of behavioural intention to use a technology and technology use primarily in
organizational and mandatory contexts (Venkatesh et al. 2003; Al-Gahtani, Hubona & Wang
2007; Venkatesh, Thong & Xu 2012), in a cross-cultural research (Bandyopadhyay &
Fraccastoro 2007) and to examine cultural influence (Im, Hong & Kang 2011). In addition, most
studies applied and tested the UTAUT model to different technologies within a single country
(Al-Gahtani, Hubona & Wang 2007) or compared between two or more countries (Lee et al.
2007a; Im, Hong & Kang 2011). Although some studies (Im, Kim & Han 2008; Zhou 2010)
applied the UTAUT model in a voluntary context which is the focus of this study, they found
insignificant effects of some UTAUT constructs on behavioural intention. Therefore, the
UTAUT model could not be suitable for the current study because we did not focus on an
organizational or mandatory context. Moreover, the model would not deal with a specific
country and did not consider the culture in which the current study was conducted. However, in
our proposed model, some conditions, such as the facilitating conditions of IdMS, based on the
UTAUT were considered.
Recently, Venkatesh, Thong and Xu (2012) extended and developed the UTAUT to UTAUT2
in order to study acceptance and use of technology in a consumer use context. The UTAUT2
(Figure 3.6) incorporates three constructs into UTAUT: hedonic motivation, price value and
habit. Individual differences—that is, age, gender, and experience—are proposed to moderate
the effects of these constructs on behavioural intention and technology use. UTAUT2 could be a
suitable approach for understanding IdMS adoption. As this model was published lately after
the research model had been proposed, this study does not adopt this theory nor any of its
extended constructs.
Chapter 3: Literature Review (IS/IT Adoption)
81
Figure 3.6: Unified theory of acceptance and use of technology2 (UTAUT2) (Source: Venkatesh, Thong & Xu 2012, p. 160)
3.4.6 Task–Technology Fit
Task–technology fit (TTF) was developed by Goodhue and Thompson (1995) in order to gain
an understanding of the link between individual perception and information systems. TTF is
“the degree to which a technology assists an individual in performing his or her portfolio of
tasks. More specifically, TTF is the correspondence between task requirements, individual
abilities, and the functionality of the technology” (Goodhue & Thompson 1995, p. 216). TTF is
a combination of two systems of research streams: the TTF focus and the utilization focus (Cane
& McCarthy 2009). Thus, users should suppose that any given characteristic of a technology
will have diverse effects on acceptance, use and performance depending upon the type of user or
the task requirements (Goodhue, Klein & March 2000). TTF is the extent to which a technology
aids an individual’s acceptance if the functions of the technology (fit) correspond to the tasks
that must be performed (Cane & McCarthy 2009). A system function supports an activity if it
facilitates that activity (Dishaw, Strong & Bandy 2004). Hence, a technology will only be
accepted by individuals if its functions correspond with the tasks to be carried out. TTF models
have four key constructs: task characteristics, technology characteristics, fit between task
characteristics and technology characteristics, and the outcome variable(s) of individual
Chapter 3: Literature Review (IS/IT Adoption)
82
performance and/or technology utilization (see Figure 3.7). The definitions of TTF constructs
are presented as follows:
• Task Characteristics are actions taken by the individual to run inputs into outputs. Task
characteristics are those tasks that a user might use IT to perform.
• Technology Characteristics describe the tools, and include whether the IT is a single
system or a set of systems, policies or services.
• Utilization represents the action of individual using the technology to complete his or
her task. It is important to note that in this context, utilization is a measure of whether a
system is used, not a measure of the duration of its use.
• Performance Impacts imply improved efficiency, effectiveness or quality in the
accomplishment of an individual’s tasks. Performance impact is used as a surrogate
measure of IS success (Cane & McCarthy 2009, p. 110).
Figure 3.7: Basic task-technology fit (TTF) model (Source: Goodhue & Thompson 1995, p. 220)
TTF has been studied using qualitative, quantitative and mixed methods. From the qualitative
perspective, different methods have been employed to study TTF, such as an exploratory case
study (Gebauer, Shaw & Gribbins 2004) as well as individual cases and focus groups (Ip 2005).
Many researchers have extensively examined TTF using quantitative methods. These include
surveys (D’Ambra & Wilson 2004a, 2004b; Lee et al. 2012), experiments (Junglas, Abraham &
Watson 2008) and field studies (Dishaw & Strong 2003). In addition, mixed methods have been
used to test the TTF model, such as Chang’s (2010) study (see Cane and McCarthy [2009] for a
Chapter 3: Literature Review (IS/IT Adoption)
83
detailed discussion). All these studies have led to useful insights into the TTF model and the
effectiveness of utilization technologies.
The TTF model attempts to solve limitations deemed as the major weakness of the TAM
(Dishaw & Strong 1999). One weakness of the TAM in terms of its use for understanding IT
utilization is its lack of task focus. IT is a tool by which the user completes his/her tasks. Thus,
because of the lack of task focus in evaluating IT and its use, performance and acceptance
contribute to the varied results in IT evaluations (Goodhue & Thompson 1995). While the
concept of the TAM's usefulness consists of tasks, the addition of more task characteristics
could provide a better model of IT utilization. The TTF viewpoint addresses this problem
(Dishaw & Strong 1999). Accordingly, even though TTF is not as well-developed as the TAM,
TTF is a significant user evaluation construct in understanding and predicting the utilization of a
particular technology.
3.6.7 Integrated Model of TAM and TTF
An empirical study by Goodhue, Klein and March (2000) noted the difference between the
TAM and TTF. They observed that the TAM seeks to predict use, while TTF seeks to predict
performance. However, Dishaw and Strong (1999) and Moon and Kim (2001) showed that TTF
requires that the influence of a users’ behaviour be taken into account. Goodhue (1995)
proposed that utilization would be affected by TTF through the concept of perceived usefulness,
which is one of the core concepts in the TAM, but he does not provide empirical evidence in his
study. Many researchers have called for further research in which TTF is extended and
integrated with the TAM or vice versa to reinforce the ability to investigate and understand IT
use and provide design suggestions for a specific context (Goodhue 1995; Dishaw & Strong
1999; Legris, Ingham & Collerette 2003; Bagozzi 2007; Goodhue 2007; Cane et al. 2009; Lee et
al. 2012).
The first attempt to combine both the TTF and TAM was made by Dishaw and Strong (1999).
They suggested six paths to link the TAM and TTF (see Figure 3.8). The integrated TTF and
Chapter 3: Literature Review (IS/IT Adoption)
84
TAM model confirms that users’ beliefs regarding ease of use and usefulness are influenced by
characteristics of technology and task. Dishaw and Strong revealed that the integrated model
“provides more explanatory power than either model alone” (1999, p. 9). They found that the
utilization variance explained 36% with the TAM, 41% with TTF and 51% with the TAM/TTF.
Moreover, they noted that the weaknesses of these two models could be compensated for by
connecting them with each other.
Figure 3.8: Integrated TAM/TTF model (Source: Dishaw & Strong 1999, p. 13)
Klopping and McKinney (2004) integrated the TAM and TTF to study e-commerce adoption,
including the intention to shop online and make purchases. Klopping and McKinney found that
TTF affects perceived usefulness and perceived ease of use. They found that the TTF model is a
valuable addition to the TAM for online shopping tasks. They also argued that combined TTF
and TAM models provide a better instrument for predicting customers’ intentions and use rather
than the TAM alone.
Yen et al. (2010) studied users’ intention to use wireless technology using a combined
TAM/TTF model. Their result noted that both the TAM and TTF are robust models. They found
that both perceived ease of use and usefulness significantly affected users’ behavioural intention
Chapter 3: Literature Review (IS/IT Adoption)
85
to use wireless technology. Moreover, their study suggested a new relationship between
perceived usefulness and technology characteristics. This direct and significant influence
indicated that users can decide whether the technology would be helpful in accomplishing their
tasks directly from the evaluation of technology characteristics, rather than from indirect
influence of the perceived ease of use proposed by Dishaw and Strong (1999). Hence, the role
of technology characteristics in determining users’ intention to adopt technology is important
(Yen et al. 2010; Lee et al. 2012). Table 3.2 presents findings of previous studies that have
integrated the TAM and TTF.
Therefore, it is rational to expect a model that integrates both TAM and TTF variables to be
more effective in the explanation and prediction of user adoption of new IT systems such as
IdMS. The current study has integrated TAM constructs (PU and PEOU) with a number of TTF
model variables (fit, task and technology characteristics) to provide a better understanding and
prediction of the adoption of IdMS (see sections 3.6.1, 3.6.2 and 3.6.3).
Table 3.2: Previous studies that integrate TAM/TTF Reference Technology Findings
Dishaw and Strong (1999)
Software utilization
The model provides more explanatory power than either model alone.
Klopping and McKinney (2004)
e-commerce adoption
Support for the use of the TAM to predict online shopping activity, both intention to shop online and to make purchases. Also found that TTF was a valuable addition to online shopping tasks.
Gebauer , Shaw and Gribbins (2004)
Mobile business application
Found inconclusive results for the validity of TTF constructs.
Chang (2010) Online auction Consumer familiarity with the agent’s functionality was positively associated with seven dimensions: online auction site’s task, agent’s technology, task–technology fit, perceived ease of use, perceived usefulness, perceived playfulness, intention to use tool, and negatively associated with perceived risk.
Yen et al. (2010)
Wireless technology
The results indicated that both the TAM and TTF are robust models by themselves. They found that the users’ intention to adopt wireless technology was determined directly by fit between characteristics of task and technology as well as users’ perceived usefulness and ease of use.
Lee et al. (2012)
Mobile financial services
Perceived task technology from a task characteristic view significantly affects perceived usefulness.
Chapter 3: Literature Review (IS/IT Adoption)
86
3.4.8 Social Cognitive Theory
The social cognitive theory (SCT) (Bandura 1986) (also called social learning theory [SLT]) is a
widely accepted theoretical model of individual behaviour and adoption of IT-based
innovations. The SCT provides a framework for predicting, understanding and changing human
behaviour. This theory identifies human behaviour as an interaction of personal factors,
behaviour and the environment (Bandura 1986). The concept of self-efficacy (SE) is a key
element in the SCT. SE refers to an individual’s capability to perform a specific task (Chan &
Lu 2004).
Some studies have found evidence in the relationship between SE and computer use (Compeau,
Higgins & Huff 1999), technology innovation adoption (Chan & Lu 2004) and performance in
Web applications (Liaw et al. 2006). All these studies have found that individuals with high
computer self-efficacy (CSE) are able to use different computer applications, while those with
low CSE perceived their capabilities as limited to particular software or a computer system.
These studies have argued the need for further research to explore the role that SE has in
computing behaviour. The self-efficacy is an important component that comes from users'
beliefs regarding their capability (the skills and resources that they possess) and intentions to
use new IT (Venkatesh et al. 2003; Chan & Lu 2004). The current study attempts to understand
IdMS adoption as a function of an underlying situation of self-efficacy of the users. Hence, the
SCT could be a useful approach for this study.
3.4.9 Cognitive Dissonance Theory
The cognitive dissonance theory (CDT) was developed by Leon Festinger (1957). This theory
has been provided from consumer behaviour research and has been used in a variety of
disciplines including management, marketing, communication, technology adoption
(Karahanna, Straub & Chervany 1999) and IT usage (Bhattacherjee & Premkumar 2004).
According to this theory, use of a product may change an individual's cognitions (i.e. opinions,
attitudes, perceptions and needs) with respect to use of the product (Karahanna, Straub &
Chapter 3: Literature Review (IS/IT Adoption)
87
Chervany 1999). Therefore, beliefs that have led to initial adoption may not be the same as the
beliefs after the use of the product (Karahanna, Straub & Chervany 1999). Klonglan and
Coward (1970) in the innovation diffusion literature supported this notion and they suggested
that economic variables may be important in explaining use, while sociological variables may
be more important in explaining mental adoption of innovations.
In IT usage contexts, the CDT proposes that user’s pre-usage cognitions (e.g. attitude and
beliefs) are generally based on second-hand information, such as that communicated via
interpersonal or mass media channels, industry reports or vendor claims (Bhattacherjee &
Premkumar 2004). As IdMS are novel technologies and many people have no experience using
them, the users’ beliefs and perceptions toward IdMS could be based on indirect experience or
cognition with IdMS (Karahanna, Straub & Chervany 1999; Li et al. 2008). Therefore, the CDT
is a suitable approach for examining issues related to users’ initial adoption of IdMS.
3.4.10 Trust–Risk Framework
The trust–risk framework suggests that “in the situation in which potential risks are present,
trust plays an important role in determining one’s (trusting/risk-taking) behaviour” (Malhotra,
Kim & Agarwal 2004, p. 341). This model has been used to explain different individuals’
behaviours in a variety of uncertain environments, including the employee–organizational
relationship (Mayer, Davis & Schoorman 1995; McKnight et al. 1998); consumer–firm
relationships (Jarvenpaa & Tractinsky 1999) and consumer–Web vendor relationship
(McKnight et al. 2002; Malhotra, Kim & Agarwal 2004). The trust–risk model has also been
used in previous technology adoption research to investigate individuals’ risk, trust and privacy
perceptions toward diverse Web-based technology such as e-commerce (e.g. Lou 2002;
Malhotra, Kim & Agarwal 2004), e-government services (Belanger & Carter 2008) and social
networking (Lo 2010). This model is suitable for testing individual behaviours in an uncertain
environment such as during the initial adoption of a product (Lou 2002; Malhotra, Kim &
Agarwal 2004). In addition, this model involves trust and risk as a suitable lens through which
Chapter 3: Literature Review (IS/IT Adoption)
88
to examine the phenomenon of behavioural intention towards risky actions such as personal
information disclosure on the Internet (Lo 2010). This is the case with the IdMS artefact. This
uncertainty raises the importance of examining the factors that comprise the dimensions of the
users’ perceived risks and the mechanisms that are effective in helping users overcome their
uncertainties about IdMS. Therefore, the trust-risk model is a suitable approach for examining
user’s perceptions of trust and risk and their effect on behavioural intentions toward using
IdMS.
3.4.11 Conclusion of Review of Technology Adoption Models and
Theories
From the viewpoint of the above reviewed models and theories, the decision of individuals to
perform a particular behaviour is affected by a variety of factors. Each factor is suggested by a
particular model. Each basic model has some limitations which does not make it sufficient to
explain the adoption of IdMS in this study. Although some factors have different names in the
diverse models, they represent the same concept and their definitions are very similar and close
to each other. For example, the perceived usefulness construct in the TAM is obviously close to
both the relative advantage construct in the IDT and performance expectancy in the UTAUT. In
addition, perceived ease of use in the TAM is close to complexity in the IDT and effort
expectancy in the UTAUT (Venkatesh et al. 2003; Cho 2006; Hong & Tam 2006). Moreover,
subjective norm in TRA is relatively close to image and visibility in the IDT as well as to social
influence in the UTAUT. Furthermore, facilitating conditions in the UTAUT is similar to
perceived behavioural control in the TPB and self-efficacy in the SCT (Venkatesh et al. 2003).
Based on the above conclusion, it can be proposed that the decision of users to adopt IdMS is
likely to be affected by factors which originate from the above review of technology adoption
models/theories such as perceived ease of use, perceived usefulness, risk, subjective norms, etc.
These factors are introduced and identified further in Section 3.6. Also, they will be explained
and discussed in detail in Chapter 4, including their measurement and the justification for their
Chapter 3: Literature Review (IS/IT Adoption)
89
likely impact on user behavioural intentions toward IdMS. Furthermore, the current research
integrated and adopted a number of these models and theories (i.e. TAM, TTF, TPB and trust-
risk model) as theoretical foundation for explaining user adoption of IdMS as will be discussed
in the research model development in Chapter 4.
3.5 User Adoption of Web–based Services and Technologies
This section develops the literature review on user adoption of Web-based services and
technologies (WBST). The aim of this review was to identify factors that affect individual
adoption of WBST. We define WBST as services and technologies that are usable only with an
active Internet connection and their primary communication protocol; which allow individuals
to perform a wide range of financial and non-financial activates through the Web, and often
require users to disclose personal information in order to use them such as online shopping,
Internet banking and social networking. Because of the lack of studies on user adoption of IdMS
and as this study focuses on Web-based IdMS, we believe that the literature associated with
WBST might offer valuable insights into innovative IdMS adoption because of the similarity in
terms of human users interacting with Web systems (Luo et al. 2010). However, difference
existed in consumer’s perception of Web systems value. For example, both online shopping and
IdMS services require users to disclose some identity information but the perceived benefits and
risks associated with each system are different. More discussion on the different between IdMS
and other Web systems are addressed further in Chapter3 (see Section 3.9).
This section is divided in two parts: the first part explains the research methods employed to
carry out the literature review (Section 3.5.1), while the second part presents a general overview
and some findings of the literature (Section 3.5.2). The section’s conclusion highlights some
gaps identified in the user adoption of WBST literature (Section 3.5.3).
Chapter 3: Literature Review (IS/IT Adoption)
90
3.5.1 Research Method
Similar to the approach taken in the IdMS literature (discussed previously in Chapter 2, Section
2.8.2), we used a structured literature review to assess the current literature in WBST
(Tranfield, Denyer & Smart 2003; Armitage & Keeble-Allen 2008). This review technique
provides an overview of broad research by categorizing previous studies based on defined
categories (Armitage & Keeble-Allen 2008). Therefore, using a structured review is an
appropriate approach as the aim of this review was focused on broad WBST research.
The period of this analysis was studies published from January 2003 to December 2012. This
time frame was selected because more recent studies were necessary. In addition, Jeyaraj,
Rottman and Lacity (2006) had already published a review of the literature prior to 2004, which
included just two publications from 2003 that identified factors affecting individual acceptance
of IT.
Considering the nature of the research on WBST, it would be difficult to group the literature
under a specific discipline. Further evidence of this can be seen from the fact that WBST
articles are scattered across various journals and conferences in various disciplines such as
business, management, computer science, IT and IS. Consequently, various online journal and
conference databases were selected and searched to provide a comprehensive picture of the
existing literature. Databases including JSTOR, Scopus, Science Direct, ProQuest Science, ACM
Digital Library and Google Scholar were used to select the related articles. The articles were
searched for by using a number of key words including acceptance, adoption, diffusion,
intention, use, Web and perception.
The selected studies were defined based on a set of inclusion criteria: firstly, the article was to
have been published in primary journals or conferences; secondly, the research needed to have
examined or reviewed adoption and diffusion of WBST by individuals; thirdly, the research
needed to have reviewed or commented on the adoption of theories or factors that affected
individual adoption of WBST; fourthly, ‘behaviour intention’ or ‘usage intention’ was to be the
Chapter 3: Literature Review (IS/IT Adoption)
91
dependent variable examined in individual adoption; and, finally, the study was to have carried
out one or more empirical, conceptual, literature analyses or meta-analyses of research.
The initial selection of 420 primary publications was made based on a review of the title,
keywords and abstract. At this stage, only primary publications that appeared to be completely
irrelevant were excluded. In total, 118 selected articles met the criteria and then were carefully
categorized and analyzed in detail.
In order to conduct an in-depth analysis of the research literature on user adoption of WBST, the
following questions were posed:
1. What was the purpose of the study?
2. What was the principal focus of research?
3. What models or theories of technology adoption were used?
4. What types of technologies/services were studied?
5. What are those factors that have an effect on individual acceptance of technology?
Previous literature analyses showed that the above mentioned questions allow researchers to
successfully synthesize technology-adoption research (Alavi & Carlson 1992; Standing,
Standing & Love 2010; Hoehle, Scornavacca & Huff 2012). The next section presents the
findings of the literature analysis.
3.5.2 Analysis and Findings
3.5.2.1 Number and year of publication
After in-depth investigation, 118 studies were selected for further analysis of which 90.3% were
journal articles and 9.7% were conference papers (see Appendix 3.2). Table 3.3 presents the
findings according to year of publication. The largest number of studies (16) appeared in 2010,
closely followed by 2012,2008 and 2011 which each had a total count of 15,14, and13 studies
respectively. A slightly lower number of studies appeared in the other years. Our findings
Chapter 3: Literature Review (IS/IT Adoption)
92
demonstrate that there are increasing levels of interest and research activity in the individual
adoption of Web-based services and technologies.
Table 3.3: Studies published between 2003 and 2012 Year No. % Year No. %
2003 7 6 2009 8 7
2004 10 8 2010 16 14
2005 12 10 2011 13 11
2006 11 9 2012 15 13
2007 12 10 Total 118 100
2008 14 12
3.5.2.2 Classification of publications
After the in-depth analysis, we classified the selected studies into three categories. Table 3.4
presents this classification as well as the number and frequency of the studies in each category
(See Appendix 3.1 for more details related to this classification).
Table 3.4: Studies according to subject category Classification of Studies No. %
Based on technology adoption models/theories 71 60
Not based on technology adoption models/theories 32 27
Literature analysis 15 13
Total 118 100
3.5.2.3 Studies according to adoption theories
In order to identify the foundation theoretical models on technology adoption employed by the
authors, we analyzed 71 studies that were based on technology adoption theories. Among the
five theoretical models reviewed in Section 3.4 (the TAM, TPB, IDT, UTAUT and TTF), the
TAM emerged as the most popular, appearing in more than half of the studies (59%). This was
followed by TTF at 19.8%, UTAUT at 10.8%, TPB at 6% and the others, such as TRA, TAM2
and SCT, at 4.5%. No study employed the IDT model alone. Table 3.5 presents the intersections
and distribution of theoretical models revealed in the sample.
Chapter 3: Literature Review (IS/IT Adoption)
93
Table 3.5: Intersection of theoretical models Models/Theories TAM TPB IDT UTAUT TTF Other Total
TAM 27 3 4 0 6 2 42
TPB - 3 0 0 0 1 4
IDT - - 0 0 0 1 1
UTAUT - - 1 6 2 1 10
TTF - - - - 11 0 11
Other - - - - - 3 3
Total 27 6 5 6 19 8 71
3.5.2.4 Studies according to focus of the research
Each article was classified into one of the following three categories: consumer, business and
general. Table 3.6 describes the characterizations of each category and the distribution of
studies across the three categories. The findings indicate that a large percentage of WBST
adoption research had been focused on consumer issues. This supports Wu et al.’s (2011a)
argument that employees and businesspersons from all types of organizations are potential users
of business-based technologies and that there is a lack of Web-based applications in the
workplace setting.
Table 3.6: Focus of the WBST adoption research Category Definition No. %
Consumer Consumer behaviour, acceptance of consumer-focused WBST 66 55.9
Business Organization impact, individual adoption of WBST at workplace 30 25.4
General General issues about adoption of WBST, broad and unspecified focus 22 18.6
Total 118 100
3.5.2.5 Studies according to technology/service examined
Table 3.7 lists the various range of Web-based services and technologies examined in the 118
publications that yielded the findings. This classification was based on the objective stated in
each study. It was clear that the findings revealed different Internet-based technologies and
applications as was the aim of this research. Significantly however, this result indicated that no
study examined online identity or IdMS technologies and services.
Chapter 3: Literature Review (IS/IT Adoption)
94
Table 3.7: Web-based services and technologies examined Category Technology/System
Communication (6)
MS Messenger; Wireless PDA; Wireless technology(2);email; Broadband triple play
Internet/online (33)
Internet (3); online shopping (10); online service (5); airline online service; Internet banking (4); online trading; online auction; travel Web services (2); online tax; online recommendation; online transaction (2); online marketplace
Internet applications and technologies (30)
E-commerce (7); Web 2.0 services(2); video sharing; social networking (7); social bookmarking; E-tourism; blog; Weblog technologies; E-government Services (4); WoredaNet E-government services; ubiquitous commerce; health care services; I-mode
IS/IT application (20)
Open source software (OSS); Web-based negotiation support systems (NSS); cloud computing; data warehouse software; focal system; decision support system; software (3); Web-based unified modelling language (UML) (2); MP3 player; prepayment metering systems; firewalls; word processing; location aware marketing (LAM), location-based services (2); RFID; National Identity System (NID)
Mobile (17) Mobile Internet; mobile payment services (3); mobile information system (2); mobile locatable information systems; mobile banking (4); mobile wireless (2); mobile commerce (2);mobile Internet; mobile financial services
Website (5) Web board; search engine; website (2); Web-based company
Note: the numbers in parentheses indicate how many of the technologies/services examined fell into a given category.
3.5.2.6 Factors affecting user adoption of WBST
Table 3.8 presents 65 factors identified among the selected papers that were analyzed and
classified into 12 categories based on which the theoretical construct attributes examined in
each study. The numbers in parentheses in Table 3.8 indicate how many of the factor attributes
reviewed fell into a given category. These external factors were in addition to the factors found
in existing theoretical adoption models. It is important to note that most of these factors, which
were proposed by the authors, are in the conceptual stage or have not been thoroughly validated
or developed.
Almost 88% of the previous studies investigated factors such as perceived ease of use,
perceived usefulness, personal innovativeness and social norms that had originated from the
technology adoption models. The analysis indicated that only 19 (16%) papers had examined
risk perceptions, 20 (17%) examined trust and 18 (15%) examined privacy concerns. Among
these studies, only four papers had conceptualized and examined all three factors (i.e. risk, trust
and privacy) in one research paper (Malhotra, Kim & Agarwal 2004; Bansal, Zahedi & Gefen
Chapter 3: Literature Review (IS/IT Adoption)
95
2010; Liao, Liu & Chen 2011; Zhou 2011). However, these studies examined these factors as
single constructs and Malhotra, Kim and Agarwal (2004) proposed only information privacy
concerns as a multi-dimensional construct. Furthermore, only 10 (8 %) studies investigated
individual characteristics and just 16 papers (13.6%) examined situational factors. These results
are consistent with previous research that stated that the impact of individual difference factors
on technology adoption had been paid a little attention in previous work (Malhotra & Galletta
2005; Sun & Zhang 2006; McCoy, Galletta & King 2007; Djamasbi, Strong & Dishaw 2010;
Zhou et al. 2011). The result indicated that there was a lack of research investigating security
factors (risk, trust and privacy), individual characteristics and situational variables on user
adoption of WBST.
Table 3.8: Factors affecting user adoption of WBST Category Factor Attributes
General technology perception (5)
Perceived usefulness; perceived ease of use; relative advantage; performance expectancy; complexity
Specific technology perception(7)
Compatibility ;quality; technology type; perceived service; availability; perceived monetary value; need for uniqueness; technology characteristics
Social influence (6) Subjective norms; social presence; culture; social awareness; critical mass; sociality need
Trust (3) Institutional trust; trusting base; trust belief
Risk perception (5) Uncertainty; technology anxiety; causality; risk beliefs; security
Privacy concerns (5) Privacy statement; information sensitivity; information disclosure; prior privacy invasions; privacy calculus
Psychographics (personal attributes) (10)
Perceived benefit; innovation resistance; perceived enjoyment; playfulness; fun; altruism; telepresence; perceived encouragement; personal innovativeness; image
Individual characteristics(9)
Gender; age; education; personality traits; personal dispositions; self presentation; self-orientation; positive mood; cognitive style; social identity
Contextual factor(4) Self-efficacy; task characteristics; fit, perceived mobility
Situational factors(6) Time perception; Internet literacy; reliability; Web experience; computer experience; accessibility; facilitating conditions
Cost (2) Perceived cost–value; company’s willingness to fund
Other(3) Future usefulness; network externality; job relevance
Chapter 3: Literature Review (IS/IT Adoption)
96
3.5.3 Gaps in the Literature on Adoption of Web–based Services and
Technologies
The review of the extant literature revealed several individual IS/IT adoption theories and
models aid in the exploration and prediction of user adoption of WBST. Moreover, the review
revealed that previous studies have addressed an extensive range of factors related to user
adoption of WBST, but most of these studies have not relied on strong theoretical foundations.
In addition, although many researchers have examined factors such as usefulness, ease of use,
enjoyment, etc. which drive individuals to adopt or reject IT products in general, research on
WBST adoption that focused on security factors, such as risk, trust and privacy, had been
limited (Gefen, Benbasat & Pavlou 2008; Im, Kim & Han 2008; Sheng, Nah & Siau 2008; Luo
et al. 2010; Shin 2010; Liao, Liu & Chen 2011; Zhou 2011; Li 2012). Furthermore, the majority
of prior studies that examined the effect of risk, trust and privacy beliefs on individual
behaviour typically tested them as a single construct (e.g. Cho 2006; Dinev & Hart 2006; Lee
2009b; Bansal, Zahedi & Gefen 2010). There is a lack of research investigating and testing
these variables as a multi-dimensional construct (Junglas, Johnson & Spitzmuller 2008; Luo et
al. 2010; Liao, Liu & Chen 2011; Li 2012). Research on information security behaviour and
security factors should be defined from the users’ perspective and its conceptualization should
result in a multi-faceted construct (Crossler et al. 2013).
Previous studies have focused on online users’ willingness to provide information (e.g.
Malhotra, Kim & Agarwal 2004; Bansal, Zahedi & Gefen 2010; Li, Sarathy & Xu 2010; Xu et
al. 2011). However, there was a lack of research focused on the degree to which information
disclosure and intention to disclose might influence behaviour and on what other factors might
affect the relationship (Metzger 2004; Norberg, Horne & David 2007; Lowry, Cao & Everard
2011). Studies investigating online information disclosure and their antecedents have been
limited (Metzger 2004; Norberg, Horne & David 2007; Li, Sarathy & Xu 2010; Lowry, Cao &
Everard 2011). In addition, our findings indicated that there was a lack of research investigating
individual differences such as individual characteristics and situational variables affecting the
Chapter 3: Literature Review (IS/IT Adoption)
97
adoption of WBST. Overall, the literature highlighted that no research had examined user
adoption of Web-based IdMS. In addition, there was no empirically-tested model in this
context. Therefore, there was also a clear gap in this field regarding a conceptual perspective.
These gaps offered a research opportunity to empirically examine the factors that made users
adopt or reject the IdMS.
3.6 Factors Affecting User Adoption of Identity Management
systems (Background and Theoretical Concepts) After an extensive review of previous studies on individual adoption of WBST, we identified
65 factors related to user adoption of WBST (see Table 3.8). These factors were previously
reviewed and summarized in Section 3.5.2.6. Another study (Jeyaraj 2006) identified 67
independent variables affecting user acceptance of IT that had been used in individual adoption
studies.
Clearly, it is not possible to examine all significant factors of a phenomenon in one study as it
leads to unmanageable complexity. In addition, factors could be diverse in nature, which make
it difficult to include them in a specific context. Therefore, decisions regarding the inclusion of
some factors must be made and reasoned arguments to justify these decisions should be given
(Hair et al. 2007).
Accordingly, this section aims to introduce the included factors in this study, discusses the
reasons for choosing them and identifies their theoretical concepts that are fundamental for the
development of the conceptual model of the current research. In addition to the TAM constructs
(perceived usefulness and ease of use) and TTF constructs (fit, task and technology
characteristics), perceived risk, trust, privacy concerns, situational and individual difference
variables (i.e. subjective norms, facilitating conditions, cost, experience and demographic
variables) were included in the current study to investigate their role in user adoption of IdMS.
These factors are also explained and discussed in detail in Chapter 4, including their
Chapter 3: Literature Review (IS/IT Adoption)
98
measurement and the justification for their likely impact on user behavioural intentions toward
IdMS.
3.6.1 Perceived Ease of Use and Perceived Usefulness
As discussed previously in Section 3.4.3, the TAM provides perceived usefulness (PU) and
perceived ease of use (PEOU) as dormant variables to explain the behaviour intentions.
However, in the case of an IS that focuses on IdMS, researchers have not examined whether the
two perceptions and external variable constructs are sufficient for explaining the behavioural
intentions.
This study adopted TAM constructs (i.e. PU and PEOU) for four reasons. Firstly, the TAM is
capable of explaining user behaviour across a broad range of end-user technologies. Although
the TAM has aided the understanding of IS/IT adoption, many researchers have suggested that a
deeper understanding of factors contributing to ease of use and usefulness was needed (Lee,
Kozar & Larsen 2003; Bagozzi 2007; Benbasat & Barki 2007). Venkatesh and Davis (2000)
noted that a better understanding of PU and PEOU would enable the design of efficient
organizational interventions that might lead to increased use and user acceptance of new IT
systems. In addition, some researchers, including Amoako-Gyampah and Salam (2004), Wixom
and Todd (2005) ,Venkatesh (2006) , and Schilke and Wirtz (2012) suggested more TAM
studies on IT artefacts, multi-user systems and more complex technologies such as IdMS. The
TAM has previously been applied to diverse contexts and its adoption phenomena typically
related to complex technologies, such as the e-library (Hong et al. 2002) and firewalls (Kumar,
Mohan & Holowczak 2008), suggesting that these TAM variables could also be applied to the
case of IdMS.
Secondly, of the models that have been proposed and examined for user adoption of technology,
the TAM is arguably the most widely accepted (King & He 2006; Williams et al. 2009). The
TAM has been examined for the causal relationships between task, human or organizational
characteristics by researchers in several high-use Internet-based technology products, the
Chapter 3: Literature Review (IS/IT Adoption)
99
environment and services. This includes e-commerce (e.g. Lingyun & Dong 2008; Ha & Stoel
2009); the World Wide Web (e.g. Vijayasarathy 2004); online service (e.g. Cho 2006); Internet
banking (e.g. Cheng, Lam & Yeung 2006; Lee 2009b); mobile technology (e.g. Schierz, Schilke
& Wirtz 2010; Lee et al. 2012); and open source software (OSS) (e.g. Gwebu & Wang 2011)
(see Appendix 3.1 for more details). Overall, most of these studies provided strong evidence to
support the TAM as an approach for predicting system usage behaviour. As IdMS adoption is
an example of Web-based technology adoption, the TAM should thus be an applicable
approach.
Thirdly, despite recent extensions to the TAM such as the TAM3 model (Venkatesh & Bala
2008) and revisions such as the UTAUT model (Venkatesh et al. 2003), the basic TAM model
has high reliability and explanatory power, and obtains high levels of robustness. Thus, the
TAM is a suitable basis for an illustrative application case (King & He 2006; Recker &
Rosemann 2010). In addition, existing measurement items for TAM constructs have repeatedly
been shown to be robust and to display excellent reliability and validity in a wide diversity of
settings (e.g. Lee, Kozar & Larsen 2003; King & He 2006; Recker & Rosemann 2010).
Finally, although individual-level technology adoption research, specifically TAM-related
research, is one of the most widely-studied areas of IS research, there are still a number of
productive research avenues, including the role of individual characteristics (Djamasbi, Strong
& Dishaw 2010), as well as new and different contexts (Benbasat & Barki 2007; Turner et al.
2010). Turner et al. (2010) argued that “it should be possible to predict future technology use by
applying the TAM at the time that a technology is introduced” (p. 464). Benbasat and Barki
(2007) proposed that different adoption contexts have to obtain diverse specific beliefs as
antecedents, and that these specific beliefs would present more actionable suggestions to design
and practice than simply arguing for increased usefulness. Recently introduced, IdMS are in the
early stage and researchers have not examined whether PU and PEOU perceptions and external
variable constructs remain sufficient for explaining users’ behavioural intentions to adopt IdMS.
Therefore, PU and PEOU are both necessary and appropriate for examining them in this study.
Chapter 3: Literature Review (IS/IT Adoption)
100
3.6.2 Task and Technology Characteristics
Task–technology fit (TTF) is a critical construct both before and after individual decisions about
technology use (Goodhue 2007). Users intend to use an IT product if it meets their task
requirements (Dishaw, Strong & Bandy 2004). The TTF model clearly includes task
characteristics and technology characteristics (see Section 3.4.6). The extant literature indicates
that many studies have examined and measured TTF constructs in different contexts, such as
computer-based information systems (CBIS) (e.g. Vlahos, Ferratt & Knoepfle 2004); unified
modelling language (UML) (e.g. Grossman et al. 2005); personal digital assistants (PDA) and
mobile commerce (e.g. Lee, Cheng & Cheng 2007); mobile information systems (e.g. Gebauer,
Shaw & Gribbins 2010); Web usage (e.g. D’Ambra & Wilson 2004a, 2004b); and blogs (e.g.
Shang, Chen & Chen 2007) (see Appendix 3.1 for more details). These studies examined
different applications that are all used for specific tasks.To the best of our knowledge, TTF has
not been previously considered for IdMS and has not been assessed regarding its suitability for
particular combinations of tasks and technology.
The current research employs TTF constructs (fit, task and technology characteristics) for the
following motives. The system and technological levels are principally focused on the
technology itself (Cho 2006). IdMS would be associated with products or services that assist
Internet users in their online tasks. Therefore, IdMS are regarded as a tool to control
communication in addition to performing complicated tasks, such as managing and controlling
online identity. Consequently, the adoption and use of IdMS may be perceived as difficult and
generally TTF should be considered. Researchers suggested that studies on new technology
adoption should include an examination of its compatibility with the current style (Cho 2006).
Moreover, the extent to which the technology itself can be adopted determines whether or not a
change is success. An investigation using the TTF model variables provides an understanding of
the hypothesis involved in comprehending technology use and clarifies technical areas needing
future examination (Cane & McCarthy 2009).
Chapter 3: Literature Review (IS/IT Adoption)
101
3.6.3 Fit
3.6.3.1 Defining and measuring fit in IS/TTF research
Fit models that reveal the gap between what technologies are able to provide and what the
technologies are expected to support are critical instruments in IS. They have been successfully
applied to explain and predict IT utilization, adoption and performance (Goodhue & Thompson
1995; Junglas, Abraham & Watson 2008). Examining the fit of an IT to a user‘s task is a
frequent focus of human computer interaction (HCI)/IS research (Dishaw & Strong 2005).
The user‘s intention to use the technology should come from the fit between tasks and functions
(Yen et al. 2010; Lee et al. 2012). A method of conceptualizing and measuring fit can be found
in TTF. Some TTF researchers have investigated the fit conceptualization and measurement in
different contexts. A number of these studies have examined the effect of fit on performance
(Goodhue & Thompson 1995), tool usage (Dishaw & Strong 1998, 1999, 2005) and intention to
use (Yen et al. 2010). However, to our knowledge, no research has conceptualized and
measured fit, and examined its effect on users’ intention to use in the IdMS context. Therefore,
the current study aimed to conceptualize fit and its relationship to the users’ intention to use
IdMS.
Venkatraman (1989) proposed a conceptual framework derived from the concept of fit. Fit is
identified from six different perspectives for its conceptualization: fit as moderation, fit as
mediation, fit as matching, fit as gestalts, fit as profile deviation and fit as covariation
(Venkatraman 1989) (see Table 3.9). Fit as moderation, mediation and matching identify a
relationship between just two variables, whereas fit as gestalts, profile deviation and covariation
identify a relationship between many variables. While these six perspectives are described in the
context of strategy research, they apply equally well to HCI/IS research focusing on the fit
between IT and tasks (Dishaw & Strong 2005).
Chapter 3: Literature Review (IS/IT Adoption)
102
TTF is defined as the degree to which the functionality of a technology matches the task and the
abilities of the individual who performs the task (Goodhue & Thompson 1995). In this study,
we decoupled fit from current utilization, and the operationalization of TTF was defined as “the
degree to which a technology does or could meet your task needs” (Goodhue, Littlefield &
Straub, p. 458). IS/TTF research has examined methods for conceptualizing and measuring TTF
to determine which particular IT fits a particular task (see Table 3.9). However, a number of
researchers have pointed out that there has been a lack of distinction between the conceptual
understanding of fit and its measuring schemes (Venkatraman 1989; Junglas, Abraham &
Watson 2008). To the best of our knowledge, no study has yet conceptualized or measured the
fit concept in the IdMS context.
Junglas and Waston (2003) noted that there is limited process in defining and measuring fit.
They defined fit as ideal, under or over; this reveals the ideal mappings of task needs and
technology functionality in the context of ubiquitous commerce (u-commerce). Junglas and
Waston identified three dimensions for task characteristics—time dependency, location
dependency and identity dependency—and four dimensions for the technology characteristics of
u-commerce, specifically ubiquity, uniqueness, universality and unison. Junglas, Abraham and
Watson (2008) tested how various fit levels affect individual performance across different tasks
performed with mobile locatable information systems. They examined efficiency and
effectiveness with regards to diverse levels of technology fit and with regards to different kinds
of tasks. The results of a wireless laboratory experiment with 112 subjects showed that subjects
perceive differences between under and ideal, as well as under and over, fit conditions when
exposed to tasks that include localization components.
Chapter 3: Literature Review (IS/IT Adoption)
103
Table 3.9: Fit conceptualization used in TTF research Fit
perspective Definition Reference Context
Fit as moderation
“is based on contingency perspective that operationalizes fit as a statistically derived interaction relationship between two variables that predicts the third” (Cane & McCarthy 2009, p. 108)
Goodhue and Thompson (1995); Goodhue (1995) Dishaw and Strong (1998, 1999, 2003); Strong, Dishaw and Bandy (2006)
Computer system Software maintenance tool
Fit as matching
"a theoretically defined match between two related variables" (Venkatraman 1989, p. 430)
Nance and Straub (1996); Dishaw Strong and Bandy (2004) Junglas, Abraham and Watson (2008)
Knowledge work Software maintenance tool Mobile locatable IS
Fit as profile deviation
"the degree of adherence to an externally specified profile" (Venkatraman 1989, p. 433)
Zigrus and Buckland (1998); Zigrus et al. (1999); Murphy and Kerr (2000); Dennis, Wixom and Vandenberg (2001) Junglas, Abraham and Watson (2008) Gebauer, Shaw and Gribbins (2010) Lee et al.(2012)
Group support systems (GSS) Mobile locatable IS Mobile IS Mobile financial services
Fit as gestalts
“is a multivariate perspective to fit as opposed to fit as moderation, mediation and matching, which are based on a bivariate fit approach” (Cane & McCarthy 2009, p. 108)
Benslimane, Plaisent and Bernard (2002)
WWW /E-commerce
Fit as mediation
“statistically derived as the mediating mechanism and there can be two or more variables in the specification of fit” (Cane & McCarthy 2009, p.108)
NA NA
Fit as covariation
"a pattern of covariation or internal consistency among a set of underlying theoretically related variables" (Venkatraman 1989, p. 435)
Klopping and McKinney (2004) Ferrat and Vlahos (1998) D’Ambra and Wilson (2004)
E-commerce Computer-based information systems (CBIS) WWW
3.6.3.2 Conceptualizing the fit (fit as moderation)
Venkatraman (1989) has argued that researchers should “justify their specification of fit within
a particular research context” (p. 439), as each conceptualization of fit has implications for the
analytical techniques used to test the relationships. Therefore, this study viewed fit as
moderation (interaction). Fit as moderation is a common conceptualization in the HCI/IS
Chapter 3: Literature Review (IS/IT Adoption)
104
literature. In this perspective, IT is a moderator that impacts the resulting outcome measure
(performance of a task or utilization of the technology) (Dishaw & Strong 2005). Fit as
moderation has two direct effects and an interaction effect (Venkatraman 1989). The statistical
model includes task and technology main effects and an interaction effect between task and
technology, each of which directly impacts on an outcome variable (see Figure 3.9).
Goodhue and Thompson (1995) used the fit as moderation approach and developed an original
instrument with the following eight dimensions to test the TTF construct: the quality of data;
locatability of data; authorization; data compatibility; training and ease of use; production
timeliness; systems reliability; and the IS‘s relationship with users. This instrument was later
refined and validated to a 12-dimensional construct (Goodhue 1998), without considering the
available IT functionality or tasks needed. Goodhue, Klein & March (2000) also proposed the
following 11 items for the exploration of information integration: consistency; educational
training; helpfulness of system; reliability of the system; accessibility of information;
meaningfulness of information; the right data; ease of use of the system; understandability;
familiarity with a database system; and familiarity with programming; these were all used as a
starting point. The researchers have revealed that as a new combination of task and technology
occurs, new measurement items must be developed (Dishaw & Strong 1998). This makes the
applicability of the instrument too specific and raises the concern of validity across contexts
(Junglas, Abraham & Watson 2008). Hence, the operationalization of the TTF model in a
specific context is difficult as the task and technology must be specified (Dishaw & Strong
2005).
Dishaw and Strong (1998) used the fit as moderation conceptualization in the context of
software maintenance support tools. They developed TTF as a computed match between the
available IT functionality and the functionality needed to complete multiple tasks. Their model
involved two dimensions of fit: production fit and coordination fit. The first model included
production functionality in the technology, characteristics of production tasks and production
fit, which is the interaction of production technology with production tasks. The other model
Chapter 3: Literature Review (IS/IT Adoption)
105
was similar, but focused on coordination functionality, coordination tasks and coordination fit.
Dishaw and Strong have continued using the fit as moderation concept; they have explored the
addition of other explanatory variables to TTF models, but have focused on the single
dimension of production fit. They examined the addition of TAM variables to TTF (Dishaw &
Strong 1999), task and tool experience variables (Dishaw & Strong 2003) and self-efficacy
(Strong, Dishaw & Bandy 2006).
Figure 3.9: Statistical model for task-technology fit as moderation (Source: Dishaw & Strong 2005, p. 2404)
3.6.4 Perceived Risk
3.6.4.1 Perceived risk in IdMS
Perceived risk presents an individual’s assessment of the relative probability of negative or
positive outcomes of a given transaction or situation (Cho 2006). New threats to online
consumers emerge as the Internet continues to evolve into a more social and interactive space.
These threats target the relationship between consumers and online services by attacking the
identity at the core of their relationship (Friedman,Crowley & West 2011). Identity management
is often viewed as a set of processes and technologies to manage the risks associated with
identity (Seltsikas & O’Keefe 2010). The implementation of new IdMS brings with it new risks.
We argue that understanding how the risks arising from new IdMS deployed in online service
are perceived and addressed may be critical to the individual’s acceptance of online services.
Chapter 3: Literature Review (IS/IT Adoption)
106
In the early adoption stage of an IT-enabled artefact such as IdMS, individuals are uncertain
about not only the services or product but also the soundness of the underlying technology
platform (Luo et al. 2010). Therefore, this dual uncertainty raises the importance of studying the
factors that constitute the major dimensions of the users’ perceived risks and the mechanisms
that are effective in helping consumers overcome their uncertainties about the services, products
or underlying technical platform.
3.6.4.2 Definition of perceived risk
Perceived risk (or uncertainty) influences people’s confidence in their decisions (Im, Kim &
Han 2008). Perceived risk refers to the expectation that a high potential for loss is associated
with the release of personal information to the organization (Dowling & Staelin 1994).
Featherman and Pavlou (2003) defined perceived risk as ‘‘the potential for loss in the pursuit of
a desired outcome of using an e-service’’ (p. 454). Cunningham (1967) specified two major
types of perceived risk: performance and psychosocial. Cunningham divided performance into
three categories: (1) economic, (2) temporal and (3) effort. He divided psychosocial risk into
two kinds: psychological and social. He further identified perceived risk as having six
dimensions, which are performance, financial, opportunity/time, safety, social and
psychological loss. Featherman and Pavlou (2003) classified perceived risk into seven types
called “seventh risk facets” which were: (1) performance, (2) financial, (3) time, (4)
psychological, (5) social, (6) privacy and (7) overall risk (see Table 3.10).
Anxiety is a UTAUT construct similar to perceived risk (Venkatesh et al. 2003). However,
anxiety is mainly about the concerns and fears about trying a new technology rather than a long
term impact, thus it differs from perceived risk. In a practical sense, perceived risk remains
unchanged for some time, whereas anxiety can be mitigated (Im, Kim & Han 2008).
Perceived risk includes two forms: behavioural and environmental uncertainty (Cho 2006;
Belanger & Carter 2008). Behavioural risk arises due to the belief that online service providers
may behave in an opportunistic manner by taking advantage of the impersonal nature of the
Chapter 3: Literature Review (IS/IT Adoption)
107
electronic environment. Exposing personal data to a third party could be an example of
opportunistic behaviour (Cho 2006). Environmental risk is derived from the underlying
technological infrastructure and exists because of the unpredictable nature of Internet-based
technology, which is beyond the control of both online service providers and individuals (Cho
2006; Belanger & Carter 2008). For instance, environmental uncertainty is inherent in the IdMS
medium due to the unpredictable nature of the Internet and wireless technologies, which are
often beyond the control of the individual user (Luo et al. 2010).
IS/IT studies have confirmed the importance of perceived risk as an inhibitor to user adoption of
emerging-IT artefact and Internet-based services and technologies, including e-commerce
(Featherman & Pavlou 2003; Malhotra, Kim & Agarwal 2004), online services (Cho 2006), e-
government (Belanger & Carter 2008) and mobile services (Luo et al. 2010). However, little is
known about how perceived risk affects user acceptance of IdMS.
Table 3.10: Description and definition of perceived risk facets (adopted from Featherman and Pavlou [2003])
Perceived Risk Facet
Definition
Performance risk
The possibility of the product malfunctioning and not performing as it was designed and advertised and therefore failing to deliver the desired benefits.
Financial risk The potential monetary outlay associated with the subsequent maintenance cost of the product and the recurring potential for financial loss due to fraud.
Time risk Consumers may lose time when making a bad purchasing decision by wasting time researching and making the purchase, learning how to use a product or service only to have to replace it if it does not perform to expectations.
Psychological risk
The risk that the selection or performance of the product will have a negative effect on the consumer’s peace of mind or self-perception.
Social risk Potential loss of status in one’s social group as a result of adopting a product or service, looking foolish or untrendy.
Privacy risk Potential loss of control over personal information, such as when information about you is used without your knowledge or permission. The extreme case is where a consumer is ‘‘spoofed’’ meaning a criminal uses their identity to perform fraudulent transactions.
Overall risk A general measure of perceived risk when all criteria are evaluated together.
Chapter 3: Literature Review (IS/IT Adoption)
108
3.6.5 Trust
3.6.5.1 Trust in technological artefacts and IdMS
In most previous studies, trust was initially advanced in the context of interpersonal
relationships in which trust targets are human (Wang & Benbasat 2005; Gefen, Benbasat &
Pavlou 2008; Li et al. 2008; Hwang & Lee 2012). Most trust research has focused on virtual
team members or a web vendor, and therefore the trustee has been human, or a group of humans
(Li et al. 2008). The role and nature of trust in technological artefacts remain unclear (Wang &
Benbasat 2005; Li et al. 2008; Luo et al. 2010). In the technological artefact context, trust has
been identified similarly to interpersonal trust in that it reveals the willingness of the truster to
‘‘behaviourally depend on a piece of software (e.g., a statistical system) to do a task”
(McKnight 2005). Recent IS trust research has been applied to the relationship between humans
and technology and has identified trust in technology when the trustee is a technological
artefact, such as a recommendation agent (Wang & Benbasat 2005), an information system (Li
et al. 2008) and mobile banking (Luo et al. 2010). Research findings have showed that
components of trust in technological artefacts and in humans do not differ significantly. This
indicates that individuals not only use technological artefacts as tools but also form trusting and
social relationships with them (Wang & Benbasat 2005). Therefore, we identify trust in IdMS as
an extension of interpersonal trust and a technological artefact that has been studied both in
other contexts and in the recent literature on IS.
Gefen, Benbasat and Pavlou (2008) argued that “[y]et, we do not have a conceptual framework,
nor taxonomy of constructs, to guide such research by identifying the constructs of importance
and for deriving propositions “(p. 281). Therefore, they suggested developing a theory or a
number of theories that identify the IT artefact constructs that have the potential to increase trust
in the online environment, and they further specify how these constructs can be incorporated
into technology adoption models. Little empirical evidence exists to support the nomological
validity (construct validity) of applying trust to technological artefacts. Wang and Benbasat’s
Chapter 3: Literature Review (IS/IT Adoption)
109
(2005) research is the first empirical study to examine trust in online recommendation agents.
However, to the best of our knowledge, the nomological validity of trust in IdMS has not yet
been empirically examined. Therefore, empirical testing is needed regarding whether or not
trusting beliefs hold true for IdMS. To examine the nomological validity of trust in IdMS and
reveal the relative importance of different trusting beliefs, this study has followed Wang and
Benbasat (2005) and Gefen, Benbasat and Pavlou (2008) and has tested integrated trust–
technology adoption theories and external factors in the context of IdMS.
3.6.5.2 The importance of trust in IdMS
Trust plays a critical role in exchange relationships, including unknown risks in the online
environment (Gefen, Karahanna & Straub 2003). With respect to the adoption of IdMS, users
face similar situations and must rely on trust to overcome their risk perceptions because many
online interactions require the user to disclose identity information. Trust in IdMS is a
behavioural belief related to the perception of security in using a particular IdMS technology
(Greenwood et al. 2007). This may be guaranteed by a security identity provider and a service
provider by using specific mechanisms such as encryption or digital signatures. Although IdMS
are reliable and include measurement against risks (Poetzsch et al. 2009), potential risks may
come from multiple sources, such as the vulnerability of Internet communication platforms and
the reasonable technical and operational safeguards of the identity service provider or a service
provider. Many identity management researchers have suggested that the trust relationship
among the parties (user, identity provider and service provider) using IdMS should be
investigated and formulised (Roussos, Peterson & Patel 2003; Marmol 2010; Seltsikas &
O’Keefe 2010; Adjei & Olesen 2011; Alpar, Hoepman & Siljee 2011; Armando et al. 2013).
3.6.5.3 Definition of trust in this study
Trust has been explored extensively and defined differently in many research studies. Because
of the varied definitions of this complex construct, we chose to use a well-referenced and
respected definition of trust set forth in numerous studies. This study adopted Mayer, Davis and
Schoorman’s (1995) definition of trust as “the willingness of a party to be vulnerable to the
Chapter 3: Literature Review (IS/IT Adoption)
110
actions of another party based on the expectation that the other will perform a particular action
important to the truster, irrespective of the ability to monitor or control that other party” (p.
712). This study followed the call from Gefen, Karahanna and Straub (2003) and Gefen,
Benbasat and Pavlou (2008) for further studies on trust in new IT artefacts.
The current study focused on users’ initial trust belief which is formed after users have a first
experience with a specific system (Wu & Chen 2005) or previous experience with other systems
(Li et al. 2008). Initial trust refers to trust in an unfamiliar trustee (McKnight et al. 2002). The
truster is the party who grants the trust and the trustee is the party who receives the trust
(McKnight, Cummings & Chervany 1998). In initial trust, the truster depends on other sources,
such as second-hand information or contextual factors, in order to make trust inferences (Li et
al. 2008). For example, before using a particular IdMS, a user can build initial trust in this
system based on their experiences with the Internet or other Web-based technologies, such as
online services or others’ opinions about the system. Because IdMS technologies are in the early
stage, initial trust is needed in a relationship in which the user does not yet have meaningful or
credible information about the technology (McKnight et al. 2002; Belanger & Carter 2008).
This study focused on the initial adoption of IdMS and therefore aligned with the research on
initial trust (Li et al. 2008). Because trust is a dynamic concept that develops over time, some
researchers have noted the importance of studying initial trust, particularly in cases of novel
technology such as IdMS, where users must overcome uncertainty and perceptions of risk
before using the technology (McKnight et al. 2002; Wang & Benbasat 2005; Gefen, Benbasat &
Pavlou 2008; Li et al., 2008; Luo et al., 2010). Moreover, all these studies showed that initial
trust has a strong influence on individual behavioural intentions towards novel technologies.
Therefore, an investigation of the initial trust circumstance will enhance our understanding of
why users initially trust in the context of IdMS and IS.
This study has followed McKnight et al. (2002), Pavlou (2003), Gefen, Karahanna and Straub
(2003), Cho (2006), Belanger and Carter (2008), and Luo et al. (2010), and has suggested that
trust is the belief that allows individuals to be willing to react after having taken into
Chapter 3: Literature Review (IS/IT Adoption)
111
consideration the characteristics of the providers and the underlying Internet infrastructure.
Therefore, the user should consider both the characteristics of the Web vendor and of the
enabling technological infrastructure before using an electronic service (Pavlou 2003). Trust in
IdMS is therefore derived from the traditional view of trust in a specific provider (trust of the
IdMS providers: SPs and IdPs) and trust in the reliability of the supporting technology (trust of
the Internet) (Pavlou 2003; Belanger & Carter 2008; Luo et al. 2010). Overall, initial trust here
includes trusting beliefs (trust in IdMS artefact and the IdMS providers) and institution-based
trust (trust in the Internet).
3.6.5.4 Trusting beliefs
The term, trusting beliefs, is defined as the confident truster perception that the trustee—such as
a specific Web-based vendor—has attributes that are beneficial to the truster (McKnight et al.
2002). Trust in the providers (artefact) refers to the user’s perceptions regarding the integrity
and ability of the providers (artefacts) providing the online service (Mayer, Davis & Schoorman
1995; McKnight et al. 2002; McKnight 2005; Belanger & Carter 2008). Previous Web-based
technology adoption studies found that trust in an agent or a vendor has a strong and significant
effect on the acceptance of specific technology (Gefen, Karahanna & Straub 2003; Belanger &
Carter 2008; Luo et al. 2010; Chong, Chan & Ooi 2012).
3.6.5.5 Institution-based trust
Trust of the Internet refers to institution-based trust (McKnight et al. 2002; Gefen, Karahanna &
Straub 2003). Institution-based trust refers to “the belief that needed structural conditions are
present (e.g., in the Internet) to enhance the probability of achieving a successful outcome in an
endeavour like e-commerce” (McKnight et al. 2002, p. 339). Institution-based trust is especially
important in situations where there is no previous interaction or where the truster is not familiar
with the trustee (Li et al. 2008). When studying trust in an Internet-based IT artefact such as
IdMS, trust in the Internet as an institution should be considered. Trust of the Internet is
consistently defined as a key predictor of Internet-based technology adoption (McKnight et al.
2002; Pavlou 2003; Belanger & Carter 2008; Luo et al. 2010). Trust in the Internet is based on
Chapter 3: Literature Review (IS/IT Adoption)
112
trust in the security measures, safety nets and performance structures of this electronic channel
(Belanger & Carter 2008). IdMS adoption is contingent upon users’ belief that the Internet is a
dependable medium, capable of protecting identity information and securing transactions.
Numerous researchers have examined the effect of trust on an individual’s behavioural intention
to adopt Web-based services and technology in different contexts, including the online
marketplace (Pavlou & Gefen 2004); online services (Cho 2006; Lee 2009b; Bansal, Zahedi &
Gefen 2010); e-commerce (McKnight et al. 2002; Gefen, Karahanna & Straub 2003; Malhotra,
Kim & Agarwal 2004; Ha & Stoel, 2009); and mobile banking (Luo et al. 2010; Chong, Chan &
Ooi 2012). These studies have showed that trust significantly influenced and increased the
individual’s behavioural intention toward a particular Web-based service or technology.
However, researchers have not empirically explored the role of trust in IdMS adoption. As with
the above studies, trust will be the important potential influencer to examine in the context of
the initial adoption of IdMS.
3.6.6 Privacy Concerns
3.6.6.1 Privacy in IdMS
Privacy is the most important issue related to online identity management and IdMS (Satchell et
al. 2011). Identity and privacy are considered as connected concepts (Agre 1997; Poetzsch et al.
2009). For example, privacy has been defined as the likelihood of persons to ‘build identities
without unreasonable constraints’, as well as to freely develop these collected identities with
others (Agre 1997). Privacy enhancing is a feature in IdMS which give users the privilege of
choosing what information to disclose when dealing with a service provider in online
transactions (Aichholzer & Straub 2010). However, the implementation of IdMS involves new
risks, and users still have some privacy concerns towards new IdMS (Dhamija & Dusseault
2008; Seltsikas & O’Keefe 2010). Therefore, privacy concerns can influence the user’s
behaviour toward using a particular IdMS (Adjei & Olesen 2011). Previous identity
management studies addressed privacy issues from a technical perspective (e.g. Marmol, Girao
Chapter 3: Literature Review (IS/IT Adoption)
113
& Perez 2010; Rossudowski et al. 2010; Birrell & Schneider 2012). Theoretical, social and
regulatory dimensions have not been well addressed in the literature (Adjei & Olesen 2011).
Many identity management researchers suggest that privacy concerns as well as the relationship
among them should be investigated and formulized (Roussos, Peterson & Patel 2003; Marmol et
al. 2010; Seltsikas & O’Keefe 2010; Adjei & Olesen 2011; Jensen & Jaatun 2013). To enhance
the design of IdMS and increase its adoption, theoretical, social and regulatory dimensions of
users’ privacy must be considered (Landau, Gong & Wilton 2009; Dey & Weis 2010; Adjei &
Olesen 2011; Jensen & Jaatun 2013).
3.6.6.2 Definition and the importance of privacy concern
Privacy is defined as “the moral right of individuals to be left alone, free from surveillance or
interference from other individuals or organizations, including the state” (Laudon & Traver
2001, p. 467). There are reasons for privacy protection: (1) privacy enables people to control
their information; (2) privacy is the right to be left alone; (3) privacy can be used as an agent to
use and control information collection (Sheng, Nah & Siau 2008).
Online users have serious privacy concerns about how their personal and sensitive information
is used, protected and disclosed in addition to the degree of control they have over the
dissemination of this information (Bansal, Zahedi & Gefen 2010). Furthermore, they are
concerned about possible undesirable social effects resulting from the abuse of such
information. In fact, 88.2% of Internet users express concern about the privacy of their personal
information (Bansal, Zahedi & Gefen 2010), and research has implied that privacy of
information is a crucial concern for individuals (Stewart & Segars 2002; Buchanan et al. 2007;
Bansal, Zahedi & Gefen 2010; Xu et al. 2011; Li 2012).
Many researchers have argued that information privacy, with related user concerns, is one of the
most important issues in today’s technology-based setting (Junglas, Johnson & Spitzmuller
2008; Lee & Cranage 2010). Moreover, privacy is a major concern when online consumers
make a transaction (Udo 2001). Concern about privacy has co-evolved with advances in IT as
Chapter 3: Literature Review (IS/IT Adoption)
114
businesses have begun to use the Internet for sharing and exchanging personal information. The
term, privacy concern, refers to the sense of anxiety that persons have because of a variety of
types of possible threats to the person’s right to freedom from invasion (Malhotra, Kim &
Agarwal 2004). Users feel that they are in danger when technology has the capability to
retrieve, store and communicate their personal information (Sheng, Nah & Siau 2008). A user’s
perception of privacy includes an estimation of the possible privacy benefits and risks related to
his/her use of IT applications. A user’s privacy concerns start from the feeling that his/her
information is vulnerable and he/she is not able to control and manage his/her personal
information (Hui, Teo & Lee 2007). Hui, Teo and Lee (2007) explored features relating to
users’ attitudes towards privacy with regard to using an online website and communicating
personal data. Their study empirically showed that online users care about how their personal
data (including identity data) is managed online. Consistent with expectancy theory, users will
perform in ways that maximize positive effects and minimize negative results (Dinev & Hart
2006). Hence, users’ privacy concerns differ, depending on the purpose of using the technology.
Therefore, users’ privacy concerns in the context of IT/IS use and adoption are situation
dependent (Sheng, Nah & Siau 2008).
3.6.6.3 Privacy concerns in technology adoption
Privacy concerns have been shown to directly influence users’ behavioural intentions in a
variety of contexts, including e-commerce (Malhotra, Kim & Agarwal 2004); ubiquitous
commerce (Sheng, Nah & Siau 2008); radio frequency identification (RFID)-based u-commerce
(Lee et al. 2007b); social networking communities (Shin 2010; Fogel & Nehmad 2009);
location-based services (Junglas, Johnson & Spitzmuller 2008; Zhou 2011); travel websites
(Lee & Grange 2010); and security technology (Kumar, Mohan & Holowczak 2008). In
addition to its direct influence on users’ behaviour, privacy concern also indirectly influences
users’ behaviour through perceived usefulness, trust and perceived risk. Liu et al. (2005) noted
that privacy concern influences customers’ trust, further determining their behavioural intention
to use shopping websites. Kumar, Mohan and Holowczak (2008) found that privacy concern
Chapter 3: Literature Review (IS/IT Adoption)
115
affects the intention to use firewalls according to their perceived usefulness. Although several
researchers have examined individual privacy concerns in various Web settings, little is known
about how privacy concern affects user acceptance of IdMS.
Smith, Milberg and Burke (1996) suggested that what drives users’ concerns about information
privacy (CFIP) consists of four dimensions: errors, collection, improper access and secondary
use. This measure was the first of its kind to measure individuals’ concerns regarding
organizational practices. Stewart and Segars (2002) argued that these four dimensions can be
incorporated into a second-order factor and that CFIP should be developed following advances
in technology and research as well as in practice. Based on social contract theory, Malhotra,
Kim and Agarwal (2004) found that Internet users' information privacy concerns (IUIPC) is a
second-order factor with three dimensions: control, collection and awareness. Liu et al. (2005)
found that the condition of privacy includes notice, choice, access and security. Table 3.11
summarizes some measures of privacy concern that have been developed previously in different
contexts.
Table 3.11: Studies of privacy concerns and their measures Authors Area or
Application Privacy Concern Measures
Smith, Milberg and Burke (1996)
Organizational practices
Concern for information privacy (CFIP)
Errors (4 items), collection (4 items), improper access (3 items) and secondary use (4 items)
Malhotra, Kim and Agarwal (2004)
Internet Internet users’ information privacy concerns (IUIPC)
Collection (4 items), control (3 items) and awareness (3 items)
Chen et al. (2004) Internet Privacy concerns and control techniques
Concerns about unauthorized use (6 items) and concerns about giving out personal information (4 items)
Liu et al. (2005) E-commerce Privacy concern Notice, choice, access and security (all 7 items)
Dinev and Hart (2006)
Internet Privacy concerns Information privacy concerns (4 items)
Buchanan et al. (2007)
Internet Privacy concern
Privacy attitude (16 items), privacy behaviour, general caution (6 items), technical protection (6 items)
Although different measures and sub-diminutions of privacy concerns have been robustly
developed, the majority of prior studies that examine the influence of privacy concerns on
individual behaviour typically test them as a single construct (e.g. Sheng, Nah & Siau 2008;
Chapter 3: Literature Review (IS/IT Adoption)
116
Bansal, Zahedi & Gefen 2010; Liao, Liu & Chen 2011). There is a lack of studies that
investigate and test privacy concerns as a multi-dimensional construct (Junglas, Johnson &
Spitzmuller 2008; Li 2012).
3.6.6.4 Australian Privacy Principals
Australian Privacy Principles (APPs) are part of the Privacy Act 1988.The Privacy Act 1988 is
concerned with protecting personal information of individuals from unauthorised collection,
disclosure and use by private sector organisations and Commonwealth government agencies
(Ludwing 2010). APPS replace the National Privacy Principles (NPPs) which apply to certain
private sector organisations, and the Information Privacy Principles (IPPs) which apply to
Commonwealth agencies. APPs include 13 principals as the following (Ludwing 2010; Privacy
Law 2012):
1. Open and transparent management of personal information: emphasises that an entity should first plan how it will handle personal information before it collect and process it.
2. Anonymity and pseudonymity: ensures that an individual is permitted to interact with entities while not identifying herself / himself, or by using a pseudonym.
3. Collection of solicited personal information: ensures that personal information should only be collected where it is necessary.
4. Receiving unsolicited personal information: ensures that personal information that is received by an entity is still afforded privacy protections, even where the entity has done nothing to solicit the information.
5. Notification of the collection of personal information: sets out the obligations on entities to ensure that individuals are aware of certain matters at the time of collection of their personal information.
6. Use or disclosure of personal information: sets out the circumstances in which entities may disclose or use personal information that has been collected or received.
7. Direct marketing: sets out limitations on organisations that disclose or use personal information to promote services or sell goods directly to individuals.
8. Cross-border disclosure of personal information: ensures that the obligations to protect personal information set out in the Australian Privacy Principles cannot be avoided by disclosing personal information to a recipient outside Australia.
9. Adoption, use or disclosure of government related identifiers: ensures that organisations (not agencies) do not refer to an individual within their own systems according to identifiers (e.g. Medicare numbers) issued by government agencies. In addition, it prevents the facilitation of unlawful data-matching by organisations through disclosure and use of such identifiers.
Chapter 3: Literature Review (IS/IT Adoption)
117
10. Quality of personal information: protects the quality of personal information collected, disclosed and used by entities.
11. Security of personal information: imposes specific obligations about protecting personal information.
12. Access to personal information: ensures that an individual has access to her/his personal information that entities hold about them and can correct the information where it is incomplete, irrelevant inaccurate, or out-of-date. 13. Correction of personal information: imposes obligations on entities to correct personal information if it is incomplete, irrelevant inaccurate, or out-of-date.
This study adopts some APPS to address IdMS users’ privacy concerns as discussed further in
Chapter 4(see Section 4.9.1).
3.6.7 Individual Difference Variables
The characteristic of individual difference is important for human computer interaction research
and IS success (Dillon & Watson 1996; Hong et al. 2002). In this study, individual differences
are characteristics of individuals that include demographic variables and situational variables
(Alavi & Joachimsthaler 1992; Agarwal & Prasad 1999). Including individual characteristics in
our proposed model was important for several reasons from the point of view of using
theoretically meaningful constructs. In general, there is increasing evidence that individual
differences influence users’ choices and acceptance of technology (Agarwal & Prasad 1999;
Hong et al. 2002; Strong, Dishaw & Bandy 2006; Djamasbi, Strong & Dishaw 2010;
Venkatesh, Thong & Xu 2012). Although theoretical variables are generally robust, they do not
always adequately explain user behaviour (Venkatesh, Thong & Xu 2012). For example, the
TAM does not pay sufficient attention to internal factors that impact on cognition and
behaviour, particularly users' individual characteristics (Malhotra & Galletta 2005; McCoy,
Galletta & King 2007; Djamasbi, Strong & Dishaw 2010). Recent studies have argued that the
inclusion of individual difference in a conceptual model can improve understanding of the
conditions under which this model may not be sufficient for investigating acceptance behaviour
(Djamasbi, Strong & Dishaw 2010). Therefore, there is a need for acceptance studies that
examine the individual characteristics influencing cognition and behaviour (Strong, Dishaw &
Bandy 2006; Djamasbi, Strong & Dishaw 2010; Zhou et al. 2011; Venkatesh, Thong & Xu
2012).
Chapter 3: Literature Review (IS/IT Adoption)
118
Many IT acceptance studies have ignored the moderating impacts of individual factors (Sun &
Zhang 2006; Zhou et al. 2011) although several researchers have acknowledged that the absence
of such variables is a limitation (e.g. Davis, Bagozzi & Warshaw 1989). Sun and Zhang (2006)
examined the moderating effects in user technology acceptance and argued that, when a
complex context is faced (such as IdMS), additional factors (moderating) are needed to capture
the complexity of the context. Chin Marcolin and Newsted (2003) examined and validated the
significant effect of moderating variables on existing models of user technology acceptance.
Their empirical study confirmed that the inclusions of a moderating variable could increase the
model’s explanatory power although the impact was limited. Similarly, identity management
research mentioned the crucial role of individual characteristics and situational factors on IdMS
adoption (Dhamija & Dusseault 2008; Poetzsch et al. 2009). This study defines demographic
variables as the characteristics relating to individual users, such as gender, age and education
(Alavi & Joachimsthaler 1992). Situational variables refer to the characteristics particular to the
context, such as experience, subjective norms, facilitating conditions (skill level of the user and
familiarity or knowledge), and cost (Agarwal & Prasad 1999). Further discussion on the
individual difference variable will be presented in Chapter 4.
3.7 Overall Gaps in the Literature After the in-depth review of the extant literature on IdMS (Chapter 2) and on user adoption of
IS/IT (Chapter 3), we have identified the following gaps:
Major gap
There was no study which had investigated the adoption of IdMS and empirically examined the
factors affecting users’ behavioural intention to adopt IdMS.
IdMS literature gaps
• Perceptions of online identity and IdMS from individual perspectives have been rarely
explored in previous research.
Chapter 3: Literature Review (IS/IT Adoption)
119
• Studies that focus on context and the use of IdMS, especially from the IS perspective,
have been paid little attention.
• Issues related to IdMS such as usability, risk, trust and privacy have been intensively
explored from the technological perspective: the theoretical, social and regulatory
dimensions of these issues are less frequently addressed in the extant literature.
• There is a lack of empirical and behavioural research in identity management and IdMS
contexts.
• No theoretical model has been proposed and tested to better understand user adoption of
IdMS.
Gaps in the literature on user adoption of IS/IT and WBST
• Factors that influence user adoption of IdMS have not been examined or determined:
this is a significant gap.
• There is a lack of studies that examine the security factors (risk, privacy and trust) and
the relationship among them in the context of IT adoption studies and the IdMS field.
• Studies that have focused on online information disclosure and their antecedents have
been limited.
• There is a lack of theoretical and conceptual frameworks guiding IT artefact research.
• The nature and role of the trust in IT artefact remain unclear and little research has been
undertaken.
• Studies that have conceptualized or measured the fit concept in non-work settings are
limited, and no study to date has examined the IdMS context.
• The influence of individual factors (demographic and situational characteristics) and
their direct and moderating impact on user acceptance of IT have received little
attention in prior works and have not yet been examined in the context of IdMS.
Chapter 3: Literature Review (IS/IT Adoption)
120
3.8 Research Questions The literature review was guided by the initial research question: what factors affect the
adoption of identity management systems from the user’s perspective? Below are the research
sub-questions, which aim to achieve the set objectives of this study:
1) To what extent do the factors (perceived ease of use, usefulness, risk, trusting beliefs,
trust in the Internet, information disclosure, privacy concerns, fit, cost, facilitating
conditions and subjective norms) affect users’ behavioural intentions to adopt IdMS?
2) How do users perceive these factors that affect IdMS adoption?
3) How does prior experience of IdMS (SSO) affect the adoption of IdMS?
4) Do individual differences have any effect on user adoption of IdMS?
These questions address the gaps identified in the literature. Through the answers to these
questions, this study will contribute to the existing body of knowledge of user adoption of
IdMS, WBST and IS/IT.
3.9 Why Studying the Adoption of IdMS is Different to Any Other IT Artefact The adoption of IdMS is a complex process due to their scope and the implementation impact
related to the user’s information security (Cameron, Posch & Rannenberg 2009; Poetzsch et al.
2009; McLaughlin, Briscoe & Malone 2010). IdMS are different in a number of ways from the
IS/IT that have been examined in previous technology adoption studies. Most of the prior
studies have examined relatively simple IT, such as personal computers, email systems, and
word processing and spreadsheet software (Hong et al. 2002; Im, Kim & Han 2008). IdMS are
also different from the IT artefacts and Internet-based services that have been investigated in
previous studies such as a recommendation agent (Wang & Benbasat 2005) and online/mobile
banking (e.g. Lee 2009a; Luo et al. 2010). IdMS are much broader in nature. IdMS are complex
artefacts including not only the enabling technology, but also the content, services, architecture,
standards, distributed environments and even institutions (Cameron, Posch & Rannenberg 2009;
Chapter 3: Literature Review (IS/IT Adoption)
121
Alpar, Hoepman & Siljee 2011). IdMS enable interactions and security of financial and non-
financial transactions, as well as the exchange of private and sensitive information among
people, service providers, organizations and institutions via the Internet (Garcia, Oliva & Perez-
Belleboni 2012).
The differences between IdMS and other Web-based services (e.g. email and online shopping)
are based on the applicability of the scope. The scope for those services is limited to the single
user sharing the information across one enterprise (online provider). However, the Web-based
IdMS has a wider scope of applicability and interoperability (Cameron, Posch & Rannenberg
2009). As we discussed previously in Chapter 2 (See Section 2.3), IdMS require three parties:
the users, the IdMS provider and the Web service (which is whatever we may access via the
IdMS). Therefore, with an IdMS, users provide their identity details to the IdMS which will
then maintain and manage the identity data of the user providing the user with access to Web
services. Therefore, with an IdMS, the user relationship is much broader as it is placed with the
provider of the IdMS, that is, the identity provider as well as the Web service (e.g. internet
banking; online shopping; credit card management) thus the relationship is different; therefore,
the nature of trust and risk is different (Cameron, Posch & Rannenberg 2009). The usage of
IdMS requires the provision of detailed information attributes whereas other related Web-based
services have a relatively narrow scope and, as a result, the exposure of information is of a
limited scale allowing the users to reduce the risk perceptions associated with their identity
information (Halperin & Backhouse 2008).
Overall, the perceptions and beliefs such as trust, risk and privacy concerns are considerably
higher in IdMS than other Web-based services and technologies for the following reasons:
firstly, advancements and open standards in IdMS technologies and services have increased the
amount of users’ identity information that should be provided when using an IdMS (Bertocci,
Serack & Baker 2007). Secondly, the IdMS allow the mutual sharing of identity information
among different subscribers that allows third parties to identify users, and the misuse of data can
occur at the level of the IdP and SP which increases the risk of identity information being
Chapter 3: Literature Review (IS/IT Adoption)
122
damaged (Poetzsch et al. 2009). Thirdly, all identity information would be stored and collected
via a limited identity provider, thus users face bigger risk and privacy concerns instead of facing
the smaller risk which occurs when different information is stored in different sites (Hovav &
Berger 2009). Finally, users can access, control, and manage their digital identity from
anywhere and at any time with complete freedom and can decide which identities are required
to be shared with other trusted parties and under which circumstances (Cao & Yang 2010). This
paradigm moves the control of digital identities from service providers to the users (Bertocci,
Serack & Baker 2007; Poetzsch et al. 2009; Cao & Yang 2010). Therefore, new variables
reflecting the perceptions of a wide range of providers are needed to address the decision to
adopt IdMS. Correspondingly, the scope of IdMS is likely to be quite different. Owing to the
uniqueness of IdMS, it is imperative that the perceptions, beliefs and adoption of this complex
new technology be examined from the users’ perspective.
3.10 Summary The aim of this chapter was to provide a review of existing user adoption theories and identify
factors that could affect user adoption of IdMS. The chapter was organized as follows. Section
3.2 provided a definition of technology adoption and Section 3.3 discussed the initial adoption
stage adopted for the current study. Section 3.4 presented a review of a number of behavioural
and technology adoption models and theories that form the theoretical foundation of this study.
Section 3.5 reviewed and analyzed the literature related to individual adoption of WBST.
Section 3.6 introduced factors in this study that affect user adoption of IdMS. Section 3.7
addressed the significant gaps identified in IdMS, WBST and IS/IT adoption literature. Section
3.8 highlighted the research questions that aim to achieve the objectives of this study. Finally,
Section 3.9 clarified a justification of why study of the adoption of IdMS is different than study
of other IT artefacts that have been previously investigated in prior adoption and innovation
research. The next chapter will discuss the development of the conceptual research model and
associated hypotheses that will be used to guide this study.
Chapter 4: Conceptual Model and Research Hypotheses
4.1 Introduction This chapter discusses the development of the conceptual research model and research
hypotheses that will be used to guide this study. Firstly, the research model is presented. This is
followed by an in-depth discussion of each construct and the development of the hypotheses for
this research.
4.2 Research Model
A model is a set of statements or propositions or expressions of associations among constructs
(March & Smith 1995). A model is viewed simply as a description that represents how things are
(March & Smith 1995). The proposed model (Figure 4.1) is based on the IdMS and IS/IT
adoption literature as the study focuses on user adoption of IdMS. It was developed based on
integrating the behavioural theories and technology adoption models reviewed previously in
Chapter 3 (see Section 3.4), that is, TAM (Davies 1989), TTF (Goodhue & Thompson 1995),
TPB (Ajzen & Fishbein 1980; Ajzen 1991), and the trust–risk framework (Mayer, Davis &
Schoorman 1995; McKnight, Cummings & Chervany 1998; Jarvenpaa & Tractinsky 1999;
Malhotra, Kim & Agarwal 2004). In addition, the model’s development has drawn upon
theoretical lenses from the physiology and economic perspectives such as cognitive dissonance
theory (CDT) (Festinger 1957) and social contract theory (SCT) (Donaldson & Dunfee 1994;
Caudill & Murphy 2000). Drawing upon these previous theories and research in both
interpersonal and computer-mediated communication contexts along with the context-specific
characteristics of IdMS, we developed the conceptual model for this study and explained the
associated hypotheses.
Chapter 4: Conceptual Model and Research Hypotheses
124
The proposed conceptual model is composed of 15 key constructs: (1) behavioural intention:
intention to use and intention to disclose identity information on the Internet; (2) technology
acceptance constructs: perceived usefulness and perceived ease of use; (3) technology and task
characteristics of IdMS and the interaction between them (fit); (4) perceived risk; (5) trusting
beliefs; (6) trust in the Internet; (7) information disclosure; (8) privacy concerns; (9) prior use of
IdMS (SSO) as a moderator variable; and (10) individual differences which include situational
variables (i.e. cost, facilitating conditions and subjective norms) and demographic variables and
Internet-related services’ experience (as control variables). An integrated model is proposed
because both models and variables make a significant contribution to the study of technology
adoption, specifically the adoption of IdMS.
In Figure 4.1, the proposed model asserts that behavioural intention is a key variable in
determining IdMS adoption. The study conceptualizes a behavioural intention by proposing that:
firstly, intention to use is related to some primary factors, that is, perceived usefulness, perceived
ease of use, perceived risk, trusting beliefs, trust in the Internet, the interaction between the
variables of task and technology (fit), cost, facilitating conditions and subjective norms.
Secondly, intention to disclose identity information is influenced by perceived ease of use,
trusting beliefs, trust in the Internet, privacy concerns and past information disclosure.
The face validity of the conceptual research model was examined in two stages by a number of
specialists (including six IS professors) as suggested by Creswell (2003). Firstly, a formal
research proposal was presented to the School of Information Systems, Technology and
Management. Secondly, the proposed model and research design were presented to the Pacific
Asia Conference on Information Systems (PACIS 2012) Doctoral Consortium.
Chapter 4: Conceptual Model and Research Hypotheses
125
Figure 4.1: Research model
Perceived Usefulness
Perceived Ease of Use
Perceived Risk
Fit
Privacy Concerns
Trusting Beliefs
Trust in the Internet
Intention to Use an IdMS
(INTU)
Cost Subjective Norms
Facilitating Conditions
Control Variables
• Age, Gender, Education
• Internet experience
• Web services experience
• Previous identity theft experience
Information Disclosure
Prior Use of Web Single Sign-On
Intention to Disclose Identity
Information (INTD)
Behavioural Intention
Direct Effect Moderate Effect
Chapter 4: Conceptual Model and Research Hypotheses
126
IT research and frameworks should facilitate the generation of specific research hypotheses by
conjecturing interactions among identified variables (March & Smith 1995). Methodologically,
Gefen, Rigdon & Straub (2011) argued that all possible paths that were theoretically assumed
needed to be included in order to confirm the significant paths in the theoretical model.
Furthermore, as IdMS adoption is an under-studied area and no research has developed or tested
such a model in the same context, assessing all possible relationships between the constructs
could provide foundations for further research. Therefore, this study hypothesizes 35
relationships between the constructs in order to test all possible associations in the proposed
model.
In the following sections, we define the constructs and sub-constructs of the research model
(Figure 4.1) and discuss each relationship proposed among the constructs.
4.3 Behavioural Intention (the Outcome Variable)
This study establishes the importance of behavioural intention (BI) as a determinant of the user’s
adoption of IdMS. Behavioural intention is a measure of the strength of one's intention to
perform a specific behaviour (Davis 1989; Ajzen 1991). We define behavioural intentions in
terms of user intentions to adopt an IdMS in two specific behaviours: intention to use and
intention to disclose identity information on the Internet. We define intention to use as a user’s
intention to use an IdMS whereas intention to disclose is defined as a user’s willingness to
disclose (submit and store) her/his identity information on the Internet. Each behavioural
intention construct captures a user’s anticipation that she/he will behave in a specified way
(Ajzen 1991).
This study follows behaviour theories such as the TRA and TPB (Ajzen 1991) and previous
studies (e.g. Moon & Kim 2001; Legris, Ingham & Collerette 2003, Jeyaraj, Rottman & Lacity
2006) in assigning importance to behavioural intention as a dominant predictor and determinant
of the user’s adoption of technology: therefore, behavioural intention is taken as the dependent
(outcome) variable in the proposed research model. Ajzen and Fishbein (1980) argued that
intention has a significant effect on behaviour in mediating the effect of other determinants of
Chapter 4: Conceptual Model and Research Hypotheses
127
behaviour. Moreover, behavioural intention has been noted to be a better predictor of systems’
usage than competing predictors, such as motivational force, realism of expectations and value as
well as user satisfaction (Venkatesh & Davis 1999). From a theoretical perspective, previous
empirical studies have reported a significant and strong correlation between the actual behaviour
and intention to engage in a behaviour (Davis 1989; Venkatesh & Morris 2000; Vijayasarathy
2004; Bagozzi 2007; Turner et al. 2010). Agarwal and Prasad (1999) also argued that in a
survey-based research design (which this study adopted), behavioural intention is more suitable
than actual usage as “they are measured contemporaneously with beliefs” (p. 367). From a
practical perspective, it is worth noting that IdMS are still in an early stage of development
(Landau & Moore 2012; Armando et al. 2013). Hence, the choice of behavioural intention rather
than actual usage as the dependent (outcome) variable is considered both necessary and
appropriate.
Based on utility theory which assumes that any decision is made based on the utility
maximization belief (Fishburn 1968), we argue that the benefits of using IdMS are to manage
online identities on the Internet. In the absence of negative consequences, individuals should
readily disclose their identity information in order to benefit from IdMS (Dhamija & Dusseault
2008). For IdMS, the primary objective is to persuade the user to manage and control his/her
online identities. To use an IdMS, the user must be willing to share personal information, such as
name, address and credit card number. On the Web, a user will be willing to use an IdMS if they
intend to disclose their identity information as the main purpose of IdMS is to manage and
control users’ identity information. Each of the two intention constructs relates to a behaviour
that an individual may perceive to be easy to use or fraught with concerns, making it an
interesting issue for adoption to address (Landau, Gong & Wilton 2009). For example, sharing
identity information on the Web makes one potentially vulnerable to identity theft or loss of
privacy (McKnight et al. 2002). In addition; sudden breakdown of a service website or identity
provider site may lead to unexpected losses while conducting online transactions using IdMS.
Furthermore, incorrect identification of the user view of IdMS increases as risk performance
Chapter 4: Conceptual Model and Research Hypotheses
128
prevails (Seltsikas & O‘Keefe 2010). Thus, these two specific behavioural intentions are
important outcomes of IdMS adoption. Therefore, we hypothesize that:
H1: Intention to disclose identity information has a positive effect on users’ intention to use
IdMS.
4.4 Perceived Usefulness and Ease of Use
Davis (1989) defined perceived ease of use (PEOU) as “the degree to which a person believes
that using a particular system would be free from effort” (p. 320) and perceived usefulness (PU)
as “the degree to which a person believes that using a particular system would enhance his or her
job performance” (p. 320). We define PU as the degree to which a user believes that using a
particular IdMS would enhance managing and controlling his or her online identities, whereas
PEU is defined as the degree to which a user believes that using IdMS would be free from effort.
PU has been the most important variable to affect user technology acceptance (Sun & Zhang,
2006) and the greatest predictor of the dependent variable, behavioural intention (Jeyaraj,
Rottman & Lacity 2006). PU is a measure of the subjective assessment of the utility offered by
the new technology in a specific task-related context (Chang 2010). PEOU is an indicator of the
cognitive effort required to employ user acceptance of technology (Gefen, Karahanna & Straub
2003). Based on the TAM model, PEOU and PU influence behavioural intention. The empirical
literature reveals that PU positively and significantly affects behavioural intention to use and
influences intentions indirectly throughout PEOU (Davis, Bagozzi & Warshaw 1989; Agarwal &
Prasad 1999; Venkatesh & Morris 2000; Hong et al. 2002; Sun & Zhang 2006). In the domain of
IT adoption and e-services, the results of previous studies show no significant relationship
between PEOU and intention to use (Gefen, Karahanna & Straub 2003; Wang & Benbasat 2005;
Kumar, Mohan & Holowczak 2008). According to the TAM, useful IdMS will be utilised more
readily. An IdMS technology that requires less effort and is easier to use will be perceived as
more useful. Therefore, we hypothesize that:
H2a: Users’ perceived usefulness of IdMS has a positive effect on intention to use.
Chapter 4: Conceptual Model and Research Hypotheses
129
For an online transaction with an unfamiliar provider or website, the attractiveness of services is
most likely the foremost factor that drives consumers’ willingness to disclose personal
information (Li, Sarathy & Xu 2010). Consumers may evaluate the attractiveness of IdMS
services and technologies based on their usability (Dhamija & Dusseault 2008). PEOU and PU
have been found to influence online shoppers’ intention to purchase and disclose their personal
information (Gefen, Karahanna & Straub 2003; Li, Sarathy & Xu 2010; Li 2012). According to
the drive theory of motivation (Atkinson 1964), the expectation of benefits provides direction for
actual behaviour through motivating and energizing individuals as well as enhancing the
perceived value of multiple outcomes. Therefore, a higher expectation about the usability of the
product or service will increase the desire to engage in the target behaviour. Since IdMS enable
users to manage different online identities, the usefulness and ease of use of an IdMS application
should increase online users’ willingness to disclose identity information in return for the utility
from the IdMS. This leads to the following hypotheses:
H2b: Users’ perceived usefulness of IdMS has a positive effect on intention to disclose identity
information.
H3: Users’ perceived ease of use of IdMS has a positive effect on intention to disclose identity
information.
4.5 The Relationships between Perceived Risk and Trust
Trust is affected by the way that risk is perceived and evaluated. Trust is linked to increased risk-
taking behaviour and a reduction in opportunistic behaviour (Cho 2006). However, the extant
literature indicates that there has been confusion about the relationship between perceived risk
and trust (Mayer, Davis & Schoorman 1995; Pavlou 2003; Gefen, Benbasat & Pavlou 2008, Luo
et al. 2010). According to Mayer, Davis and Schoorman (1995, p. 711), “[i]t is unclear whether
risk is an antecedent to trust, or is an outcome of trust.” For that reason, researchers called for
further study in this area to confirm the complex interrelationships between these two constructs
(Pavlou 2003; Gefen, Benbasat & Pavlou 2008; Luo et al. 2010). The current research considers
the need for further clarification of the role of these two constructs in the context of IdMS. The
Chapter 4: Conceptual Model and Research Hypotheses
130
literature has confirmed that researchers have different views about the relationship between trust
and perceived risk. We identified the following four types of relationship between trust and
perceived risk (see Table 4.1):
(a) Both perceived risk and trust have a significant impact on behavioural intention.
Perceived risk has a negative impact and trust has a positive impact. In addition,
both have a relationship to the TAM constructs, PU and PEOU.
(b) Perceived risk has a direct negative impact on trust. The literature has paid little
attention to this type of relationship.
(c) Trust has a direct negative impact on perceived risk.
(d) Perceived risk has a moderate impact on the relationship between trust and
behavioural intention. The literature has paid little attention to this type. Thus,
researchers (e.g. Pavlou 2003; Gefen, Benbasat & Pavlou 2008) called for further
research on this kind of relationship.
In accordance with the classification of the relationship between perceived risk and trust, this
study considers two types of relationships, ‘A’ and ‘C’, which will be discussed in the next two
sections (Sections 4.6 and 4.7). This study adopts these types of relationships for two reasons.
Firstly, the extant literature shows that the relationships between perceived risks, trust and
behavioural intentions are significant and researchers called for further research in new IT
artefact such as IdMS (Gefen, Benbasat & Pavlou 2008; Luo 2010). Secondly, it has been
suggested that the effect of trust on risk perceptions among the parties (user, identity provider
and service provider) using IdMS should be investigated (Seltsikas & O’Keefe 2010; Adjei &
Olesen 2011; Armando et al. 2013).
Chapter 4: Conceptual Model and Research Hypotheses
131
Table 4.1: Relationships between perceived risk and trust Case Relationship Explanation Examples
(A)
Perceived Risk Behavioural Intention Trust
Both perceived risk and trust have a direct impact on behavioural intention
Malhotra, Kim and Agarwal (2004) Belanger and Carter (2008) Luo et al. (2010) Liao, Liu and Chen (2011)
(B) Perceived Risk Trust
Perceived risk has a direct impact on trust
Liao, Liu and Chen (2011)
(C) Trust Perceived Risk
Trust has a direct impact on perceived risk
Malhotra, Kim and Agarwal (2004) Cho (2006) Belanger and Carter (2008) Luo et al. (2010)
(D)
Perceived Risk Trust Behavioural Intention
Risk has a moderate impact on trust and behavioural intention
Stewart (1999)
(A), (C)
Perceived Risk Behavioural Intention Trust
- Perceived risk has a direct negative impact on behavioural intention
- Trusting beliefs and trust in the Internet have a positive impact on behavioural intention
- Trusting beliefs have a negative impact on perceived risk
This study
4.6 Perceived Risk
Perceived risk is defined as the expectation that a high potential for loss is associated with the
release of identity information to the IdMS providers and when using an IdMS (Dowling &
Staelin 1994; Featherman & Pavlou 2003). Perceived risk enters the technology adoption
decision when the circumstances of the decision create feelings of uncertainty, anxiety and/or
discomfort (Dowling & Staelin 1994), and cognitive dissonance (CD) (Festinger 1957;
Germunden 1985). Based on the cognitive dissonance theory (Festinger 1957) (as discussed
previously in Section 3.4.9), the dissonance covers cognitive and emotional aspects as well as
arising from the evaluation of the product as having benefits and cost, utility and risks
(Featherman & Pavlou 2003). For this research context, the risks consist of the uncertainty of the
Chapter 4: Conceptual Model and Research Hypotheses
132
Internet and IdMS as an unsecured communications medium and possible task performance-
related problems such as the likelihood of identity theft, while the utility gains are potential
increased task performance efficiencies.
The IdMS context does not incur any threat to human life; thus, measures of physical risk are not
included in the current study. In addition, privacy risk is not included as a factor of perceived risk
because it is included in the dimensions of privacy concerns in this study. Many Internet users
such as online bankers and shoppers are aware of losing money while performing transactions or
transferring money over the Internet (Lee 2009a). Similarly, using IdMS requires the provision
of sensitive information, such as credit card numbers that could be stolen and cause identity theft
or uncertainty. Therefore, risk perceptions may negatively influence the intention to adopt IdMS.
4.6.1 Perceived Risk and Behavioural Intention
Prior consumer behaviour and IS research have stressed the importance of perceived risk as an
inhibitor of the adoption of emerging-IT artefacts and Internet-based services (Featherman &
Pavlou 2003, Cho 2006; Im, Kim & Han 2008; Belanger & Carter 2008; Luo et al. 2010; Yang et
al. 2012). It is necessary for behaviour to comprise measures of perceived risk since consumers
consciously and unconsciously perceive risk when evaluating services or products for adoption
(Featherman & Pavlou 2003). Also, it has been identified that IS/IT adoption creates discomfort
and anxiety for consumers (Featherman & Pavlou 2003). The combination of danger (cost of
loss) and uncertainty (probability of loss) that make up perceived risk has been shown to inhibit
product adoption (Dowling & Staelin 1994; Featherman & Pavlou 2003).
Based on the theoretical rationale of the TRA, behavioural intention is a reliable predictor of
actual behaviour (Ajzen 1991). It argues that the intention to disclose identity information serves
as a good proxy for whether one actually discloses identity information at the request of an
online service (Malhotra, Kim & Agarwal 2004). The trust–risk literature confirms that risk
beliefs have a significant effect on behavioural intention. Malhotra, Kim and Agarwal (2004)
found that risk belief has a significant impact on intention to release personal information
through the Internet. Belanger and Carter (2008) also showed that perceived risk negatively
Chapter 4: Conceptual Model and Research Hypotheses
133
affects citizens’ intention to use e-government services. Luo et al. (2010) pointed out that risk
perception is a salient antecedent to innovative technology acceptance. Online users may not
want to disclose identity information if they sense that their information is not effectively
protected and that there are high risks of uncertainty and identity theft. Thus, users' behavioural
intentions to adopt IdMS are expected to be enhanced by lower risk perceptions of IdMS. This
leads to the following hypotheses:
H4a: Perceived risk has a negative effect on intention to use IdMS.
H4b: Perceived risk has a negative effect on intention to disclose identity information.
4.7 Trust Constructs According to the theory of social responses to computers (Nass 1995), people unconsciously treat
technological artefacts as social actors and apply social rules to them. Although there is the
absence of more human-like features such as voice and embodiment, humans tend to
anthropomorphize technology (Nass et al. 1995). Consistent with this theory, Sztompka (1999)
argued that, in the case of trust in a technological artefact, “we trust those who design the
technology, those who operate them and those who supervise the operations” (p. 46). Hence, this
study defines trust as the users’ belief in the competence, benevolence and integrity of the IdMS
artefact, IdMS providers and the Internet platform. The initial trust model developed in this study
is shown in Figure 4.2. This model consists of two levels of constructs: (1) trusting beliefs and
(2) institution-based trust. The research distinguishes two types of trust: initial trust perception of
the IdMS artefact and IdMS providers (may be a pre-existing trust), and pre-existing trust of the
Internet platform.
Chapter 4: Conceptual Model and Research Hypotheses
134
Figure 4.2: Initial trust in IdMS adoption
Trust is often viewed as a three-dimensional construct consisting of competence, integrity and
benevolence (McKnight et al. 2002). Although many trust dimensions have been posited in the
literature, these three trust beliefs have been well accepted in many recent studies (McKnight et
al. 2002; Wang & Benbasat 2005; Cho 2006; Luo et al. 2010; Hwang & Lee 2012). Competence
refers to the ability of the trustee to do what the truster needs; benevolence is defined as the
trustee caring and having the motivation to act in the truster’s interests; and integrity means
trustee honesty and the keeping of promises (McKnight et al. 2002). As mentioned earlier, the
current study has focused on initial trust which develops after a user has had a first experience
with IdMS (Wu & Chen 2005) or after his/her experiences with other systems and other opinions
about the system (Li et al. 2008). These three trust beliefs apply to diverse temporal contexts,
such as the initial stage of trust formation (Koufaris & Hampton-Sosa 2004; Wang & Benbasat
2005). Users may have concerns about the competence of IdMS providers to satisfy their needs,
as well as concerns about whether they are working on their behalf rather than on behalf of
others. Trust can help users overcome these concerns and encourage them to adopt the IdMS.
The benevolence of IdMS providers can be engendered by informing users that they care about
user needs and therefore that they will protect their identity information. Thus, their integrity can
be promoted by providing technical ability.
Chapter 4: Conceptual Model and Research Hypotheses
135
4.7.1 Trusting Beliefs
Trust in the IdMS artefact and IdMS providers refers to trusting beliefs. Trusting beliefs are
defined as the feeling of confidence in which a truster believes that the other party is trustworthy
in the situation (McKnight et al. 2002). Trust in the IdMS providers refers to the user’s
perceptions regarding the integrity and ability of the IdMS providers who are providing the
online identity service (Mayer, Davis & Schoorman 1995; McKnight et al. 2002). Belanger and
Carter (2008) argued that citizens’ confidence in the ability of an e-government service provider
to give e-services is crucial for the widespread adoption of e-government initiatives. Moreover,
Gefen, Karahanna and Straub (2003) hypothesized that trust in the agency has a strong effect on
the adoption of a technology. Luo et al. (2010) posited that trust in the bank has a significant
influence on users’ acceptance of mobile banking. Similarly, users must believe that IdPs and
SPs have the technical and astuteness resources necessary to protect and respect their identity
information. Truthful and non-fraudulent interactions with IdMS providers will enhance users’
trust and acceptance of IdMS.
Trust in the IdMS artefact refers to the users’ perceptions regarding the integrity and ability of
the IdMS as a technology providing the management and maintenance of their online identities
(McKnight 2005). Previous trust studies have shown that trust in technological artefacts has a
positive effect towards users’ intention to adopt a new IT artefact, such as a recommendation
agent (Wang & Benbasat 2005) and mobile banking (Luo et al. 2010).
It is necessary to distinguish between trust beliefs about an online service provider and trust in
the technology as a platform for online transactions (McKnight et al. 2002; Luo et al. 2010).
Trust in IdMS is different than other Web-based services and technologies. IdMS are not owned
by the users, and there is a provider relationship between an IdP, a SP and its users. Thus, the
concept of trust in this case is important and complicated, and it must be built into all IdMS roles
(i.e. the user, IdP and SP) because the IdMS enables mutual authentication (Poetzsch et al. 2009;
Friedman, Crowley & West 2011; Landau & Moore 2012). In this research context, identity
service provider, service provider and IdMS artefact-specific trust beliefs are one type of initial
Chapter 4: Conceptual Model and Research Hypotheses
136
trust. However, they differ when users interact with an IdMS for the first time. This study
focuses on factors that drive existing online services users to adopt IdMS. Therefore, trust in an
SP is one type of pre-existing belief. As an IdP is another party but could be an SP at the same
time (Cameron, Posch & Rannenberg 2009), trust in an IdP includes both new and pre-existing
beliefs. Trust in an IdP is one type of pre-existing belief when the user interacts with the IdP as
an SP at the same time or the user has had familiarity and an experience with the IdP. An
example of this case is Google Accounts. Google utilizes the OpenID protocol as an IdP and
allows users to authenticate as an SP to use Google services and applications on behalf of the
user identity (Google account) (Valkenburg et al. 2011). Thus, users can authenticate to any SP
that uses the OpenID protocol by identifying their Google accounts as an OpenID. Conversely,
trust in an IdP is one type of new belief when the user interacts with an IdP for the first time. For
example, users may be uncomfortable linking their email account to their bank (Satchell et al.
2011). The trust in an IdMS is a new belief when users interact with an IdMS service or
technology for the first time (see Figure 4.2).
4.7.1.1 Trusting beliefs and behavioural intention
The extant literature on trust demonstrates that trust belief is a key determinant of people's
behavioural intentions to conduct activities involving risk (Luo et al. 2010). In addition, trust
belief is a fundamental construct in understanding users’ perceptions of technology and
overcoming the perception of risk (Pavlou & Gefen 2004; Li et al. 2008). Gefen, Karahanna &
Straub (2003) found that trust belief increased customers’ behavioural intention to buy CDs and
books from an online vendor. Malhotra, Kim and Agarwal (2004) showed that trust belief had a
significant influence on the intention to release personal information through the Internet. Luo et
al. (2010) showed that trust beliefs about a bank had a significant influence on consumers'
behavioural intention to adopt mobile banking. Consistent with the notion of the cognitive
dissonance theory (Festinger 1957), the individuals may be less willing to provide their identity
information to IdMS providers using IdMS if they perceive this action as dangerous. Therefore,
users with positive trust perceptions towards the IdMS artefact and providers would be more
likely to disclose their identity information and to use IdMS. Thus, we expect that trusting beliefs
Chapter 4: Conceptual Model and Research Hypotheses
137
toward IdMS providers and the IdMS artefact influence users’ behavioural intentions to adopt
IdMS. The hypotheses regarding the relationship between trusting beliefs and behavioural
intention are:
H5a: Trusting beliefs have a positive effect on intention to use IdMS.
H5b: Trusting beliefs have a positive effect on intention to disclose identity information.
4.7.1.2 Trusting beliefs and TAM
Several researchers have noted the importance of trust in the TAM (Wang & Benbasat 2005; Wu
et al. 2011b). Some studies have integrated trust with the TAM, in which the relationships
between PU, PEOU and trust are hypothesized in several Web-based services (Gefen, Karahanna
& Straub 2003; Pavlou 2003; Wang & Benbasat 2005; Wu & Chen 2005; Lee 2009b). Table 4.2
summarizes the key differences between the trust–TAM models examined in previous research
and in this study. In their study of online services, Wu and Chen (2005) indicated that trust is an
antecedent of perceived usefulness, perceived ease of use is an antecedent of trust, and trust has a
direct effect on intention to adopt online tax services. Wang and Benbasat (2005) extended the
TAM model with the trust construct in the context of an online recommendation agent. They
found that initial trust in online recommendation agents has a positive effect on both the intention
to adopt an agent and the consumers’ perception of the usefulness of the agent. Recently, Lee
(2009b) integrated trust, perceived risk and perceived benefit with TAM and TPB models in
online trading. He found that trust in online trading can positively affect its PU. Furthermore, Lee
(2009b) argued that “trust is one of the determinants of PU, especially in an online environment,
because part of the guarantee is that consumers will sense that the expected usefulness from the
web site is based on the sellers behind the web site” (p. 136). Similarly, users’ expectations of
gaining benefits from using IdMS, which lead to their perceptions of its usefulness, largely
depend on their trust in the identity service provider, service provider and in the IdMS itself as a
new technology. Hence, we hypothesize that:
H5c: Trusting beliefs have a positive effect on users’ perceived usefulness.
Chapter 4: Conceptual Model and Research Hypotheses
138
Previous trust–TAM research (Gefen, Karahanna & Straub 2003; Wang & Benbasat 2005; Lee
2009a; Chong, Chan & Ooi 2012) examined the influence of perceived ease of use on trust of e-
commerce. They found that PEOU has a positive effect on trust because the PEOU can
encourage customers’ favourable impressions of a website in the initial adoption of online
services and can also cause customers to be willing to make investments and carry out the
commitment relationship. From the IdMS perspective, the user controls the identities used in a
particular online service through a reliable site–user authentication that websites should
authenticate with the users (Poetzsch et al. 2009). Ease of use demonstrates that an IdMS or
IdMS providers have expended effort in managing online identities, and that they care about
users. On the other hand, users may perceive if there are difficulties in using an IdMS or in
making a relationship with an IdMS provider that the provider is less capable and less
considerate, and thus they may lower their trust in the IdMS providers and applications.
Therefore, we propose that:
H5d: Users’ perceived ease of use of IdMS has a positive effect on their trusting beliefs.
Table 4.2: Difference between this study and previous trust-TAM studies
Study Trust Targets PU and PEOU Targets
Behavioural Intentions
Gefen, Karahanna and Straub (2003) Pavlou (2003)
e-vendors Websites Intentions to use a website and purchase on the website
Koufaris and Hampton-Sosa (2004)
Online company Websites Trusting intentions towards an online company
Wang and Benbasat (2005)
Online recommendation agents
Online recommendation agents
Intention to adopt agents to get shopping advice
Wu and Chen (2005) Online tax service Online tax service Intention to use online tax services
Lee (2009b) Online trading Online trading Intention to use online trading
Chong, Chan and Ooi (2012)
Mobile commerce transactions
Mobile commerce Intention to adopt mobile commerce
This study
Service provider Identity provider IdMS services and technologies Internet
Identity management systems (IdMS)
Intention to use IdMS Intention to disclose identity information
Chapter 4: Conceptual Model and Research Hypotheses
139
4.7.1.3 Trusting beliefs and perceived risk
Trusting beliefs have been shown to be helpful in explaining how consumers may overcome
perceived risk in e-transactions (Luo et al. 2010). In transactions including uncertainty, trust
plays an important role in mitigating perceived risks (Luo et al. 2010). According to cognitive
dissonance theory, customers are very likely to experience cognitive dissonance and to re-
evaluate their online trust of the multi-channel retailer to reduce cognitive dissonance. Evidence
suggests that trusting beliefs directly influence risk beliefs (Malhotra, Kim & Agarwal 2004; Cho
2006; Belanger & Carter 2008; Luo et al. 2010). As IdMS are still in the initial adoption stage,
users are unclear about the technical capability of IdMS providers or technologies to provide
online identity services and about the reliability and security of the Internet in protecting their
identity information. Users who believe in the technical capability, integrity and benevolence of
IdMS providers and technologies are more likely to overcome their risk perceptions toward new
IdMS technology. Therefore, the more trusting belief the user has in an online provider and
identity provider as well as the IdMS, the less likely he/she will be to foresee risk in providing
identity information to the providers and in using a particular IdMS. Therefore, we posit the
following hypothesis:
H5e: Trusting beliefs have a negative effect on perceived risk.
4.7.2 Trust in the Internet
Trust in an IdMS platform (the Internet) for managing online identity through online transactions
is one type of pre-existing trust. Institution-based (Internet) trust is defined as having two
dimensions: situational normality and structural assurance. In situational normality, “one
believes that the environment is in proper order and success is likely because the situation is
normal or favorable” (McKnight et al. 2002, p. 339). For example, a user who perceives high
situational normality would believe the Internet environment is suitable, well-ordered, and
favourable for disclosing identity information and using IdMS. In structural assurance, “one
believes that structures like guarantees, regulations, promises, legal recourse, or other procedures
are in place to promote success” (McKnight et al. 2002, p. 339). A user with high Internet-related
Chapter 4: Conceptual Model and Research Hypotheses
140
structural assurance would believe that technological and legal Internet protections, such as data
encryption, would safeguard him/her from loss of money, privacy or identity information. In
general, users would believe that IdMS providers on the Internet have the attributes of
competence, benevolence and integrity.
4.7.2.1 Trust in the Internet and behavioural intention
The proposed model predicts the relationship between trust in the Internet and behavioural
intention. Based on cognitive dissonance theory (Festinger 1957), if the Internet environment
itself is perceived as dangerous, the individual may be less willing to disclose his/her identity
information in that environment regardless of the trust he/she has in a particular provider.
Previous studies found a significant correlation between trust in the Internet and behavioural
intention. For example, Bélanger and Carter (2008) proposed a model of e-government trust
involving disposition to trust, trust of the Internet, trust of the government and perceived risk.
The results of their citizen survey indicated that disposition to trust positively impacts on trust of
both the Internet and the government, which in turn affect intentions to use an e-government
service. Similarly, in the context of IdMS, users with favourable trust perceptions towards the
Internet are more likely to disclose their identity information and to use IdMS. Therefore, we
hypothesize that trust in the Internet positively affects users’ behavioural intentions to adopt an
IdMS technology or services.
H6a: Trust in the Internet has a positive effect on intention to use IdMS.
H6b: Trust in the Internet has a positive effect on intention to disclose identity information.
4.7.2.2 Trust in the Internet and trusting beliefs
Previous trust research has suggested that initial trusting beliefs are more influenced by the
situational normality of the platform of the context (McKnight et al. 2002; Li et al. 2008).
Similarly, users are more likely to have positive, initial trusting beliefs in IdMS if they believe
that most online providers on the Internet are operated with honesty and integrity in a benevolent
and competent manner. In a technology context, technological safeguards such as encryption,
specific system development processes and procedures have been found to facilitate initial
Chapter 4: Conceptual Model and Research Hypotheses
141
trusting beliefs in a Web vendor and site (Li et al. 2008; Luo et al. 2010). When using IdMS,
end-users may also seek Internet policies and regulations and sometimes even legal means to
protect their information (Sun, Hawkey & Beznosov 2012). We propose that the situational
normality and structural assurance related to the Internet in general will increase initial trusting
beliefs in IdMS providers and new technology. Thus, we expect that if users are comfortable
interacting with the Internet in general, they are more likely to build positive initial trusting
beliefs towards IdMS. This leads to the following hypothesis:
H6c: Trust in the Internet has a positive effect on trusting beliefs of IdMS.
4.8 Information Disclosure
This study defines information disclosure as an exchange where online users disclose their
identity information including personal information and location data for the purpose of using
Web-based services and using IdMS (Xu et al. 2005).Researchers suggest that more studies are
needed on the effects of information disclosure (Metzger 2004; Norberg, Horne & David 2007;
Lowry, Cao & Everard 2011; Li 2012). They also suggested that future research should be
geared towards risk and trust interaction in ambiguous cases, such as an IdMS in which the
provider could be familiar or unfamiliar (Norberg, Horne & David 2007). Previous studies have
focused on online users’ willingness to provide information (e.g. Malhotra, Kim & Agarwal
2004; Bansal, Zahedi & Gefen 2010; Li, Sarathy & Xu 2010; Xu et al. 2011). However, there is a
lack of studies that focus on the degree to which information disclosure intentions may influence
behaviour and on what other factors may affect the relationship (Metzeger2004; Norberg, Horne
& David 2007; Lowry, Cao & Everard 2011).
This study focuses on past online information disclosure rather than actual disclosure. We define
past information disclosure as an exchange where users had disclosed their identity information
for the purpose of using Web-based services for both financial and non-financial transactions
(Metzger 2004). Individuals’ past online information disclosure is likely to impact on their
disclosure to online providers (Metzger 2004). Based on social exchange theory (SET) and
Chapter 4: Conceptual Model and Research Hypotheses
142
research on self-disclosure in interpersonal contexts, Chelune (1987) clarified that past
experiences with interpersonal exchanges influence the value placed on such exchanges and
affect expectations about future interactions, which then guide future exchange behaviours. In
view of that, studies of disclosure in online contexts have found that past disclosure has a
positive effect on future willingness to disclose information (Metzger 2004; Norberg, Horne &
David 2007). Empirical research has found that individuals are more likely to disclose a
significantly greater amount of personal information than shown by their stated intentions
(Norberg, Horne & David 2007). For these reasons, users’ past disclosure of information on the
Internet is likely to predict their future disclosure of identity information to use an IdMS.
H7: Past information disclosure has a positive effect on users’ behavioural intention to
disclose identity information.
4.9 Privacy Concerns 4.9.1 Privacy Concern Constructs
This study defines privacy concern as the subjective view and the sense of threat that individuals
have about how IdMS providers are using or would use their identity information (Malhotra,
Kim & Agarwal 2004). The literature in consumer privacy points out that social contract theory
(SCT) is appropriate for understanding the tensions between consumers and firms over
information privacy (Caudill & Murphy 2000; Xu et al. 2005, 2011). SCT proposes that
members of a given industry or community behave fairly if their practices are governed by social
contracts (Donaldson & Dunfee 1994). In the context of information privacy, “a social contract is
initiated, therefore, when there are expectations of social norms (i.e., generally understood
obligations) that govern the behaviour of those involved” (Caudill & Murphy 2000, p. 14). SCT
has been used as a conceptual tool for understanding and predicting consumer behaviour in the
context of information privacy (Malhotra, Kim & Agarwal 2004; Xu et al. 2005, 2011).
Malhotra, Kim and Agarwal (2004) developed Internet users' information privacy concerns
(IUIPC) based on SCT. They argued that “[w]hen applied to information privacy, SCT suggests
that a firm’s collection of personally identifiable data is perceived to be fair only when the
Chapter 4: Conceptual Model and Research Hypotheses
143
consumer is granted control over the information and the consumer is informed about the firm’s
intended use of information” (p. 338).
Privacy concerns, such as concern for information privacy (CFIP) (Smith, Milberg & Burke
1969), IUIPC (Malhotra, Kim & Agarwal 2004) and Australian Privacy Principles (APPs)
(Ludwing 2010) arise as part of the interaction between a user and a provider. Both CFIP and
IUIPC have been applied in various settings. Similarly, during user-centric IdMS, the individual's
interests are known in the sense that they manage their own personal data and get credentials
from identity providers, which they can use in their interaction with service providers (Poetzsch
et al. 2009). In that regard, IdMS users are subject to specific privacy-related risks. Hence, this
study adopts the existing measures CFIP (Smith, Milberg & Burke 1969), IUIPC (Malhotra, Kim
& Agarwal 2004) and APPs which are sufficient to capture all relevant dimensions of user
concerns regarding the Internet, specifically in the IdMS context. (CFIP, IUIPC and APPS were
discussed in Chapter 3, Sections 3.6.6.3 and 3.6.6.4).
When collecting users’ identity information, IdMS providers may require much unnecessary
information such as financial details and other identifiers. This may raise users’ concern about
information over-collection (Zhou 2011). IdMS providers ensure that only authorized users can
access the databases containing identity information. However, they may be unable to prevent
hacker attack and intrusion into the databases. This leads to users’ concern regarding improper
access. IdMS may not adopt measures such as verification to ensure information accuracy
(Friedman, Crowley & West 2011). This could have a negative effect on the service quality of
IdMS and increases users’ concern about information errors. IdMS providers may share this
information with third parties. This hurts users’ benefits and brings great privacy risk to them.
Privacy is a necessary feature of IdMS. ‘The Privacy and Security Best Practices’ statement
outlines several privacy laws and fair information principles in many IdMS technologies such as
the Liberty Alliance (Poetzsch et al. 2009). This statement recommends giving individuals:
(1) clear notice considering information collection, (2) choice with regard to what personally
identifiable information is collected, (3) the possibility to review, verify or update consent, (4)
Chapter 4: Conceptual Model and Research Hypotheses
144
reasonable access to view non-proprietary personally identifiable information, and (5) the
opportunity to provide corrections (Poetzsch et al. 2009). Moreover, privacy related to IdMS can
be assured on the basis of the following metrics (Kosta et al. 2008): (i) the IdM system‘s
possibilities for providing ex-post and ex-ante information to the end-user, (ii) the possibilities
for the end-user to choose an identity, and consent to – and confinement of – the use of identities,
and (iii) the possibilities of alteration and deletion of used identity-information by the end-user.
Therefore, for the purposes of this study, privacy concerns have seven dimensions: collection,
improper access, control, unauthorized secondary usage, awareness/notice, error and choice.
Table 4.3 defines the privacy concerns measures proposed in this research.
Table 4.3: Definition of the dimensions of privacy concerns Privacy
dimension Definition
Collection Users are concerned whether their identity information is properly collected and exchanged.
Improper access Information storage security.
Errors Accuracy of identity information storing in databases.
Secondary use
Identity provider gives user identity information for other purposes without users’ permission.
Control Users are concerned whether they can control their identity information.
Awareness/notice The degree to which a user is concerned about his/her awareness of information privacy practice.
Choice Users are concerned whether they can choose, alter or delete their identity information.
4.9.2 Privacy Concerns and Behavioural Intention
Privacy concern has been viewed directly as a negative antecedent belief which influences users’
behavioural intention and can affect users’ attitudes towards using an IT artefact. Any rational
decision maker makes the decision derived from an evaluation of perceived costs and benefits
(Goodhue, Wybo & Kirsch 1992). Rational decision makers are motivated to minimise negative
outcomes (Dinev & Hart 2006; Sheng, Nah & Siau 2008). Consistent with the theory of reasoned
action (Ajzen & Fishbein 1980), privacy concerns were viewed as a negative antecedent belief
which could influence an individual’s attitude and, in turn, affect an individual’s behavioural
intention (Sheng, Nah & Siau 2008). Previous research has found that privacy concerns can have
Chapter 4: Conceptual Model and Research Hypotheses
145
a negative effect on the adoption of IT applications and therefore these concerns are a main threat
to e-commerce usage (Malhotra, Kim & Agarwal 2004). Dinev and Hart (2006) found that
consumers’ privacy concerns are negatively associated with their purchases on the Internet and
negatively influence their willingness to provide personal information on the Internet. An
experimental study on the adoption of ubiquitous commerce (Sheng, Nah & Siau 2008) also
showed that privacy concerns have a negative effect on the intention to adopt u-commerce
services. Lee and Granage (2010) examined how privacy assurance affects privacy concerns and
perceived usefulness on travel websites and identified the role of these outcomes in predicting
customer behaviour responses, such as making purchases and the willingness to reveal personal
information. They noted that by enhancing privacy assurance, customer privacy concerns
decreased and the perceived usefulness of the services increased.
Moreover, their findings indicated that customer behavioural responses were negatively related
to privacy concerns and positively associated with the perceived usefulness of the services (Lee
& Granage 2010). Junglas, Johnson and Spitzmuller (2008) argued that future technology
adoption will be less determined by usefulness factors than by concerns that go against human
nature. In addition, Crespo and del Bosque (2008) suggested that it would be interesting to
consider consumers’ privacy concerns and trust in Internet-based services and technologies
among other variables. In that regard, it would be interesting to determine the most innovative
user concern and the cases where privacy concern explains the most significant impacts on the
future intention to adopt IdMS. Therefore, we expect that:
H8a: Privacy concerns have a negative effect on the intention to disclose identity information.
4.9.3 Privacy Concerns and Information Disclosure
Privacy concerns may predict whether consumers have ever disclosed personal information on
the Internet (Metzger 2004; Li 2012). Consistent with communication boundary management
theory, withholding information in interpersonal relationships is a way to reduce feelings of
vulnerability and protect felt privacy needs (Petronio 2000). Internet users cite privacy concerns
as a barrier to engaging in online transactions (Malhotra, Kim & Agarwal 2004; Bansal, Zahedi
Chapter 4: Conceptual Model and Research Hypotheses
146
& Gefen 2010; Xu et al. 2011). Based on prior literature that investigated customers’ privacy
concerns in the online context (e.g. Swaminathan, Lepkowska-White & Rao 1999; Metzger
2004), evidence from this research provides empirical support indicating that Internet users’
privacy concerns negatively affect their past online information disclosure. Accordingly, we
expect that general concern for privacy and the degree to which the users believe IdMS protect
their privacy will influence online identity information disclosure. Therefore, we hypothesize
that:
H8b: Privacy concerns have a negative effect on users’ past online information disclosure.
4.9.4 Privacy Concern, Trust and Perceived Risk
Privacy concern not only affects users’ behaviour but also indirectly influences users’ behaviour
regarding trust and risk perception. In line with the trust–risk model (McKnight et al. 1998), if
potential risk is present, trust plays an important role in determining a person’s behaviour. The
trust–risk model suggests that trust is most likely to solve online privacy concerns (Luo 2002).
This model had been used to explain different behaviours including a variety of uncertain
environments such as employee–organization relationships (Mayer, Davis & Schoorman 1995)
and the Internet (Malhotra, Kim & Agarwal 2004). The literature on trust and risk confirms that
to some extent personal traits affect trust and risk beliefs (Mayer, Davis & Schoorman1995;
Malhotra, Kim & Agarwal 2004; Luo et al. 2010). This suggests that the user’s tendency to
worry about information privacy affects how the user perceives a specific situation (e.g. trust or
risk beliefs) in which IdMS providers request identity information. More specifically, Internet
users with a high degree of privacy concerns are likely to be high on risk beliefs and low on
trusting beliefs (Malhotra, Kim & Agarwal 2004). This suggestion is also consistent with the
TRA which proposes that individual characteristics impact on salient beliefs (Fishbein & Ajzen
1975).
IdMS users may doubt whether a provider has enough ability to prevent unauthorized access to
their identity information. In addition, they may suspect that providers promise privacy only to
collect desired information. Thus, users with high privacy concerns will doubt the
Chapter 4: Conceptual Model and Research Hypotheses
147
trustworthiness of providers and, hence, of the IdMS. Furthermore, users’ privacy concerns about
identity information could increase their perceived risk. Users may worry whether their identity
information is properly collected, accurately and securely stored, and appropriately used. This
raises users’ concerns about future potential loss associated with disclosing identity information.
The SCT implied that consumer trust and risk can play an important role in reducing consumers’
privacy concerns (Caudill & Murphy 2000). The effect of privacy concerns on trust and
perceived risk has been supported by previous research. Malhotra, Kim and Agarwal (2004)
showed that Internet users’ information privacy concerns (IUIPC) negatively influence trusting
belief and positively influence online consumers’ risk beliefs. Bansal et al. (2010) found that
privacy concerns influenced users’ trust in health websites, further affecting their intention to
disclose health information. Zhou (2011) found that privacy concerns have a positive effect on
perceived risk through the dimensions of collection and secondary use, whereas it negatively
affects trust through error, and both factors (trust and perceived risk) determine the intention to
use location-based services. Breward (2007) demonstrated that privacy is an antecedent to trust.
Therefore, we hypothesize that privacy concerns influence users’ trust beliefs negatively and risk
perceptions positively:
H8c: Privacy concerns have a positive effect on perceived risk.
H8d: Privacy concerns have a negative effect on trusting beliefs.
4.10 Task–Technology Fit Constructs 4.10.1 Identity Management System Task Characteristics
Tasks are defined as a set of actions carried out by individuals to turn inputs into outputs in order
to satisfy their needs (Goodhue & Thompson 1995). Task characteristics are those tasks in which
a user might employ IT in order to perform them. From the TTF perspective, task–fit is defined
as the user‘s perception of the suitability of IdMS to support a particular task (Dishaw & Strong
1999). Here, the tasks of IdMS are defined in terms of the capability to allow users to maintain
and access their online identities. IdMS tasks include various transactions (financial or non-
Chapter 4: Conceptual Model and Research Hypotheses
148
financial) that a user may wish to conduct with his/her online identity. Based on the IdMS
literature (previously discussed in Chapter 2, Section 2.5.2), IdMS tasks can be identified in five
activities: access, control, creation management and mobility (context-to- context).
4.10.2 The Technology Characteristics of Identity Management Systems
Technology characteristics describe the tools and whether the IT is a single system or a set of
systems, policies or services (Goodhue & Thompson 1995). Technology characteristics refer to
the technology used by individuals in carrying out their tasks. TTF research has frequently
characterized IT as based on functionality (Gebauer, Shaw & Gribbins 2010). Hence, we
interpret IdMS technology characteristics as the functions designed in IdMS that individuals use
in maintaining and accessing their online identity on the web. IdMS are designed to meet the
laws of identity, developed by Cameron (2005), which were previously discussed in Chapter 2
(see Section 2.5.1). These identity laws define how to successfully extend the Internet with an
identity management layer (Bertocci, Serack & Baker 2007). In this study, we focus on functions
that are significantly related to the design dimensions of IdMS. Thus, most of these laws
represent IdMS characteristics (Bertocci, Serack & Baker 2007; Poetzsch et al. 2009). In
addition, they have provided a foundation for the usability and adoption features of IdMS
(Poetzsch et al. 2009). Thus, this study has identified technology characteristics in eight
dimensions. Three are based on the laws of identity—minimal disclosure of information, human
interaction, and user experience. Five are identified by IdMS functions based on the literature—
authentication and authorization, anonymity, mobility (location-to-location and device-to-
device), identity provisioning and single-sign-on/single sign-off function (these functions were
previously discussed in Chapter 2, Section 2.5.2).
4.10.3 Fit
This study has adopted Goodhue and Thompson’s (1995) and Dishaw and Strong’s (1998)
definitions of TTF: operationalizing ‘fit’ as a statistically derived interaction relationship
between two variables that predicts the third (see Table 4.4 and Figure 4.3). This means that IT
will be used if, and only if, the functions available to the user support the fit of the activities of
Chapter 4: Conceptual Model and Research Hypotheses
149
the user (Dishaw & Strong 1999). This study has adapted Venkatraman’s (1989) perspective of
fit as moderation which assesses the moderation effect as a direct impact and an interaction
(discussed previously in Chapter 3, Section 3.6.3.2). In this approach, ‘fit’ is conceptualized as
the interaction between two variables (task and technology) which predicts the third variable
(behaviour intention). This approach is criterion-specific, and according to Venkatraman, the
underlying theoretical meaning of ‘fit’ in this case is “best understood when only two variables
are involved” (Venkatraman 1989, p. 425). Here, the operationalization of ‘fit’ is the interaction
of the task and technology characteristics of IdMS (see Figure 4.3).
Table 4.4: Operationalizing the fit construct
TTF Definition Fit Operationalization
Goodhue and Thompson (1995)
“the degree to which a technology assists an individual in performing his or her portfolio of tasks’’ (p. 216)
‘Fit’ as user evaluation, which is predicted by the interactions
Dishaw and Strong (1998)
“the matching of functional capability of available software with the activity demands of the task” (p. 109)
‘Fit’ as computed interaction, which predicts utilization
Legris, Ingham and Collerette (2003) studied the mediating role of PU and PEOU in the
relationship between system use and characteristics. Dishaw and Strong (1999) suggested that
the functionality available in the tool determined the perceived ease of use of an IT product.
Moreover, if the technology provides a good fit with the task, users must suppose that the
technology is easy to use. Correspondingly, the user’s intention to use the technology should also
derive from the fit between the technology and the task (Yen et al. 2010; Lee et al. 2012). A good
fit will promote the user’s adoption of IT, whereas a poor fit will decrease the user’s intention to
use IT (Strong, Dishaw & Bandy 2006). In addition, Davis, Bagozzi & Warshaw (1989)
suggested that when the technology (design characteristics) is equally easy to operate, it can have
a direct impact on perceived usefulness as well as an indirect influence on perceived ease of use.
At the individual level, a “system/work fit” construct has been found to be a good predictor of IT
use (Goodhue & Thompson 1995). Previous researchers suggested the importance of TTF or ‘fit’
for user adoption. Chang (2010) described the fit between the agent technology and an online
Chapter 4: Conceptual Model and Research Hypotheses
150
auction task. He explained how they impact on the user’s intention to use online auction by
applying a model that integrates the elements of a technology acceptance model and a task–
technology fit model. Dishaw and Strong (1999) found that TTF affected users’ utilization of
information technology. Shang, Chen and Chen (2007) found that the interaction between task
and technology characteristics affected the use of blogs. Yen et al. (2010) showed a significant
relationship between the TAM and TTF models and noted that the fit between task and
technology characteristics has a significant effect on determining users’ behavioural intention to
use the mobile device. Zhou, Lu and Wang (2010) also found that TTF had significant effects on
the user’s adoption of mobile banking.
Figure 4.3: Operationalizing the TTF model in this study (Fit as moderation)
IdMS are designed to meet the laws of identity formulated by Microsoft's Kim Cameron (2005)
(previously mentioned in Section 2.5.1). Thus, privacy considerations have been taken into
account in the design of these systems. Furthermore, one of the design motivations behind the
identity metasystem architecture is that users will need to be convinced that the solution
improves the privacy site (Cameron & Jones 2007). IdMS functions provide strong mechanisms
to minimize risk as well as to prevent identity fraud and theft (Todorov 2007; Seltsikas &
O’Keefe 2010; Birrell & Schneider 2012). This indicates the fact that users will have higher
intention to use IdMS if the IdMS were designed to support the tasks that the users were dealing
Chapter 4: Conceptual Model and Research Hypotheses
151
with using their online identities as users want many of the benefits that well-designed IdMS
provide, such as increased security or privacy (Acquisti & Grossklags 2005; Dhamija &
Dusseault 2008). Accordingly, we expect that fit would have a positive significant relationship
with privacy concerns.
It is not easy to attach theoretical meanings to all interaction terms (Venkatraman 1989).
Therefore, for the tasks and technology characteristics (see Figure 4.3), we propose the following
hypotheses:
H9a: The fit between IdMS task and technology characteristics has a positive effect on user’s
behavioural intention to use.
H9b: The fit between IdMS task and technology characteristics has a positive effect on users’
perceived ease of use.
H9c: The fit between IdMS task and technology characteristics has a positive effect on users’
perceived usefulness.
H9d: The fit between IdMS task and technology characteristics has a positive effect on users’
privacy concerns.
4.11 Situational Variables
Situational variables refer to personal characteristics particular to the context which influence the
behaviour of individuals over any manipulations of different variables (Alavi & Joachimsthaler
1992; Agarwal & Prasad 1999). Alavi and Joachimsthaler (1992) suggested that the most
relevant individual factors determining technology adoption are user-situational variables. In our
proposed model, situational variables include cost, facilitating conditions and subjective norms.
We discuss each of these variables in the following sub-sections.
4.11.1 Cost
The costs of a technology have always been a main consideration in its acceptance (Kim 2008;
Mallat 2007). The cost is a subset of the relative advantage construct which includes time and
place independence. (Rogers 1995). In this study, cost is different from relative advantage and
Chapter 4: Conceptual Model and Research Hypotheses
152
refers to an individual’s perception that using an identity management system provides possible
expenses for managing and maintaining identity information (Wu & Wang 2005). Consistent
with behavioural decision theory, the cost–benefit pattern is important to both usability and
individual intention towards a new technology (Wu & Wang 2005). Implementation costs, access
cost and transaction fees are three important components that make IdMS use cost saving or
costly (Dhamija & Dusseault 2008; Friedman, Crowley & West 2011). Cost is a crucial factor in
IdMS adoption (Dhamija & Dusseault 2008; Poetzsch et al. 2009; Jensen &Jaatun 2013). The
opposite of maximizing users’ benefits is to minimize the direct and indirect costs associated
with IdMS (Dhamija & Dusseault 2008). For example, IdMS are more likely to be adopted if
they are easy to download, install and configure (Dhamija & Dusseault 2008). Although most
IdMS software is open source and available, some require substantial costs (Friedman, Crowley
& West 2011). Also, some IdMS need to be purchased or downloaded separately (Dhamija &
Dusseault 2008). An Internet connection is necessary for using IdMS which entails additional
costs. The perceived cost of services has been shown as having a significant impact on the
adoption of emerging technologies, such as mobile commerce transactions (Wu & Wang 2005;
Chong, Chan & Ooi 2012). Hence, because costs are essential in IdMS adoption, we propose that
they have a significant impact on behavioural intention to use. We predict that:
H10a: Cost has a negative effect on behavioural intention to use IdMS.
4.11.2 Facilitating Conditions
Facilitating conditions are defined as “the degree to which an individual believes that an
organizational and technical infrastructure exists to support use of the system” (Venkatesh et al.
2003, p. 453). Facilitating conditions refer to the objective factors that make the behaviour easy
or difficult (Cho 2006). The effect on familiarization (knowledge) of technology and use-related
skills can be considered as a characteristic of the facilitating condition (a UTAUT core variable)
(Venkatesh, Thong & Xu 2012). It is possible that different levels of familiarity affect user
acceptance of a particular technology (Im, Kim & Han 2008). In addition, technology use-related
skills have been noted as impacting on the perceptions of individuals towards new technologies
Chapter 4: Conceptual Model and Research Hypotheses
153
and Internet-related services (Venkatesh et al. 2003; Cho 2006; Venkatesh, Thong & Xu 2012).
Based on social cognitive theory (SCT), previous studies have found that individuals with low
computer self-efficacy (CSE) (i.e. individuals’ belief in their ability to complete a particular task
and succeed in specific situations) perceived their capabilities as limited to using a particular
software or computer system, while those with high CSE are able to use different computer
applications (Compeau, Higgins & Huff 1999). In addition, the perceived behaviour control in
TPB suggests that the skills of users and the availability of resources directly influence the
intention of individuals to perform behaviour (Dishaw & Strong 1999; Cho 2006). In order to use
IdMS in the Internet environment, it is necessary for users to make judgments regarding the skills
and resources that they possess. Accordingly, in this research, the facilitating conditions are
considered to be accessibility to the Internet and the familiarity and availability of the resources
of users for online services and IdMS use. Empirical studies have shown that facilitating
conditions could also have a significant effect on attitude and intention to adopt new technology
(Venkatesh et al. 2003; Cho 2006; Lee 2009b; Saeed 2011). Therefore, we posit that facilitating
conditions (skill level and familiarity) are positively related to the users’ behavioural intention
towards IdMS.
H10b: Facilitating conditions have a positive effect on behavioural intention to use IdMS.
4.11.3 Subjective Norms
Subjective norms indicate how a person experiences the perceptions of others important to him
or her (for instance, whether or not they think that the individual should perform a particular
action) (Fishbein & Ajzen 1975; Ajzen 1991). Subjective norms are considered a direct
determinant of behavioural intention in the TRA (Fishbein & Ajzen 1975) and the subsequent
TPB (Ajzen 1991). The determinants of subjective norms are believed to be context-dependent
(Taylor & Todd 1995). Research on user adoption has shown subjective norms to be based on
two types of social influence: informational and normative (Karahanna, Straub & Chervany
1999). Informational influence occurs when individuals accept information as evidence of
reality, while normative influence occurs when individuals conform to the expectations of others
Chapter 4: Conceptual Model and Research Hypotheses
154
(Karahanna, Straub & Chervany 1999). In this study, subjective norm is hypothesized to be
related to the informational and normative beliefs about the expectations from other people.
Innovations create uncertainty about the expected consequences for potential adopters (Rogers
1983). An individual is uncomfortable with uncertainty and will be likely to increase
communication to interpret the innovation and its implications. This increased interaction with
the social network may impact on one’s adoption decision via normative and informational
influences (Karahanna, Straub & Chervany 1999). Normative pressure from peers to adopt the
innovation reduces the uncertainty and the risk of adoption as it provides strong evidence
indicating the appropriateness and the legitimacy of the adoption decision. In addition to
normative influence, informational influence arises when the potential adopter can observe near-
peers using the innovation or when peers of the potential adopter inform her/him of their own
personal experience and evaluation of the innovation (Karahanna, Straub & Chervany 1999). Use
by peers, termed vicarious trial or psychological, can be a very effective source of evaluative
information (Bandura 1986).
Previous studies have shown the importance of subjective norms in influencing individual
behaviour. Venkatesh and Davis (2000) proved that subjective norms have a direct effect on the
intention to use in empirical experiments with their proposed TAM2 pooling results across four
different studies and settings. Furthermore, Karahanna, Straub and Chervany (1999) found that
the relationship between behavioural intention and subjective norms is stronger for potential
adopters than for users of IT. In addition, previous empirical studies have shown that an
individual’s behavioural intention towards Web-based services and technologies’ adoption is
mainly affected by subjective norms (Lu, Yao & Yu 2005; Lee, Kang & Kim 2007; Liao, Chen
& Yen 2007; Cheng, Yen & Hwang 2012). Empirical evidence found that the subjective norm is
a significant predictor for technology use at the early stage of its implementation (Karahanna,
Straub & Chervany 1999; Lee 2009b; Yeng et al. 2012). With IdMS being new and at an early
stage of implementation, the subjective norm could play an important role in users’ adoption
decisions. Based on the TRA and the above arguments, we hypothesize that the more an
Chapter 4: Conceptual Model and Research Hypotheses
155
individual perceives that others who are important to him would recommend him to use IdMS;
the more chance she or he will actually adopt them.
H10c: Subjective norms have a positive effect on behavioural intention to use IdMS.
4.12 The Moderating Effect: Web Single Sign-On Besides the direct effect of IdMS adoption hypothesized above, we want to understand the
moderating effect of prior IdMS experience (usage of Web SSO). According to Path Dependency
in technology change (Cohen & Levinthal 1990), a user’s incentive and ability to adopt newer
technology are largely a function of their level of related experience with prior technologies
(Cohen & Levinthal 1990). We apply this notion to the migration to IdMS adoption. In line with
the notion of path dependency, prior experience with IdMS may result in a deeper understanding
of the issues of IdMS adoption. Thus, when making decisions about IdMS adoption, SSO users
and SSO non-users would consider IdMS adoption in a different way.
As we discussed in Chapter 2 (see Section 2.6.2) Web single sign-on (SSO) (i.e. centralized
IdMS) is the first initiative of IdMS that is currently deployed by many Web services providers,
and some Internet users have experience in using this technology (Wang, Chen & Wang 2012;
Armando et al. 2013). Therefore, users with SSO experience tend to have gained useful
experience with the benefits and risks associated with IdMS (Dhamija & Dusseault 2008;
Poetzsch et al. 2009). In contrast, SSO usage may result in different beliefs and concerns, making
SSO non-users more sensitive to the issues of adopting IdMS. Thus, we expect that the effects of
adoption factors will be different between users with and without SSO experience. This line of
reasoning leads us to consider SSO experience as a moderating variable.
4.12.1Intention to Disclose Identity Information and Intention to Use
IdMS
We expect that the predicted positive relationship between willingness to disclose identity
information and intention to use an IdMS will be different between SSO users and non-users. We
have drawn from the ideas in prospect theory in justifying this hypothesis (Kahneman & Tversky
Chapter 4: Conceptual Model and Research Hypotheses
156
1979). Prospect theory posits that the value function of gains is less steep than that of losses.
This basic idea has been applied in IT adoption research contexts (Venkatesh & Goyal 2010).
Thus, the likelihood of a negative outcome is likely to increase as the prospect of a loss increases
(Venkatesh & Goyal 2010). Following this logic, we expect that, as the strength of dissonance
increases, the negative effect on behavioural intention to use becomes stronger. In such a state,
SSO non-users do not experience any dissonance and, thus, they do not experience any
psychological discomfort with IdMS (Elliot & Devine 1994; Venkatesh & Goyal 2010). In such
a state, there will be no adverse influence on the behavioural intention to disclose identity
information using an IdMS. With the increase in the strength of dissonance, the psychological
discomfort perceived by SSO users is likely to become stronger because inconsistency among the
individual’s beliefs, attitudes and actions increases (Venkatesh & Goyal 2010). This would
further enhance the positive effect of being willing to disclose identity information with the
behavioural intention of using an IdMS. Consequently, we expect that:
H11a: The positive relationship between behavioural intention to disclose identity information
and the intention to use an IdMS will be stronger among SSO non-users than users.
4.12.2 Perceived Usefulness and Intention to Use
The usefulness along with the disconfirmation level also influences a user’s behavioural intention
to use a system (Bhattacherjee 2001). Based on expectation–disconfirmation theory (EDT)
(Oliver, Balakrishnan & Barry 1994), Bhattacherjee (2001) explained that when a user gains
experience with the system, his or her usefulness perceptions are modified over time. The
positive influence of prior experience weakened over time because the person started to
understand and evaluate the benefits and costs of the new technology (Kim 2008). Therefore,
prior beliefs towards IdMS would interact with usefulness perceptions to lower the evaluations.
Although prior experience should intuitively only increase individual evaluations, negative
disconfirmation would increase the negative influence and positive disconfirmation also
decreases this positive influence (Venkatesh & Goyal 2010). As SSO non-users should not
experience any psychological discomfort with IdMS, there will be no adverse influence on their
Chapter 4: Conceptual Model and Research Hypotheses
157
usefulness perceptions compared with SSO users. The effect of the behavioural intention to use
will decrease as experience increases (Venkatesh et al. 2010). Therefore, the positive effect of
the perceived usefulness of IdMS will be more significant for SSO non-users than for SSO users.
This leads to the following hypothesis:
H11b: The positive relationship between perceived usefulness and behavioural intention to use
an IdMS will be more significant for SSO non-users than users.
4.12.3 Trusting Beliefs and Behavioural Intention to Use
The effect of trust on behaviours changes with experience (Gefen, Karahanna & Straub 2003).
Empirical studies have found that trust is strong in determining behavioural intentions especially
before actual interactions take place (McKnight et al. 1998; Li et al. 2008). In addition, there is a
greater need to rely on trust in the absence of experience-based evidence about the e-vendor
(McKnight et al. 2002; Gefen, Karahanna & Straub 2003). It has been confirmed that trust is
especially needed when the parties involved have little acquaintance with each other and yet
expose themselves to possible opportunistic behaviour (Zucker 1986). This is also the case in
IdMS because of the greater uncertainty prior to actual experience with the IdMS providers and
IdMS artefact. SSO users might expose the trusting party to possible opportunistic behaviour by
the identity provider and Web SSO artefact. Therefore, the trusting belief would be stronger with
SSO non-users than with SSO users who have already learned that the identity provider and
IdMS artefact can be trusted. Hence, we expect that:
H11c: The positive relationship between trusting beliefs and behavioural intention to use an
IdMS will be stronger among SSO non-users than users.
4.12.4 Privacy Concerns and Intention to Disclose Identity Information
The predicted positive association between willingness to disclose identity information and
privacy concerns in using IdMS may be moderated by the prior experience of SSO. It has been
suggested in the literature that any innovation is related to uncertainty, greater risk and
imprecision (Junglas, Johnson & Spitzmuller 2008; Luo et al. 2010). Rogers (1995) argued that
Chapter 4: Conceptual Model and Research Hypotheses
158
innovators and early adopters are able to cope with a higher level of uncertainty. In the line with
these arguments, SSO users should be more likely to cope with the higher risks inherent in IdMS
and, therefore, should develop more positive attitudes toward the information disclosure in the
IdMS as compared to SSO non-users. Therefore, it is conjectured that SSO users’ privacy
concerns will be less significant than SSO non-users towards their willingness to disclose
identity information. This leads to the following hypothesis:
H11d: The negative relationship between privacy concerns and the behavioural intention to
disclose identity information will be stronger among SSO non-users than users.
4.12.5 Cost and Intention to Use
Based on the notion of path dependency (Cohen & Levinthal 1990), prior experience with SSO
may result in a deeper understanding of the costs of IdMS adoption. Therefore, when making
decisions about IdMS adoption, SSO users would consider the adoption cost less carefully than
SSO non-users. This expectation is strengthened by the switching costs effect which is another
dimension of path dependency (Beggs & Klemperer 1992). SSO users have already recognized
the costs associated with the use of IdMS as they have already experienced the established users,
SPs and IdPs linkages, and these linkages often involve specific costs such as transactions fees
(Dhamija & Dusseault 2008; Poetzsch et al. 2009). SSO non-users possibly have certain
expectations of more costs such as the implementation and access costs of IdMS. These
additional switching costs may make SSO non-users more sensitive to the costs than users.
Consequently, the negative effect of costs on IdMS adoption will be more obvious for SSO non-
users than for users. This leads to our final hypothesis:
H11e: The negative relationship between cost and the behavioural intention to use an IdMS
will be stronger among SSO non-users than users.
Chapter 4: Conceptual Model and Research Hypotheses
159
4.13 Control Variables Factors other than those mentioned previously may impact on user’s beliefs and perceptions with
regard to adoption of IdMS. Accordingly, the current study adds some control variables in order
to distinguish the impact of contextual factors on the research model (Carlson & Wu 2012).
These variables include individual differences in particular demographic variables, Internet and
Web services experience as well as previous experience of identity theft. These are discussed in
the following sub-sections.
4.13.1 Demographic Variables (Age, Gender and Education)
Demographic variables are defined as characteristics relating to individual users such as gender,
age and education (Alavi & Joachimsthaler 1992). Previous empirical research has provided
evidence that demographic variables contribute to individual user differences on behavioural
intentions about new technologies (Venkatesh et al. 2003; Morris, Venkatesh & Ackerman 2005;
Venkatesh, Thong & Xu 2012). Venkatesh et al. (2003) argued that demographic factors
moderate the relationship between perceived usefulness and behavioural intention; perceived
ease of use and behavioural intention; and subjective norms and intention. They noted that the
explanatory power of the TAM significantly increased to 52% after including gender as a
moderator. In addition, Yi, Wu and Tung (2005) confirmed that age may impact on technology
use in several ways, such as directly influencing technology use, indirectly affecting technology
use through perceptions and moderating the relationships between perceptions as well as
technology use. Im, Kim and Han (2008) investigated gender as a variable in the adoption of
technology. Their results found that gender was a significant moderating variable. Some
researchers have indicated that individuals with higher levels of education are generally more
aware of technology benefits, thus showing a better possibility of accepting technology (Jones &
Hubona 2005).
In addition, the extant research has found that individuals who are older, less educated or who
possess reduced computing skills would perceive higher inherent technology usage risks
(Featherman & Pavlou 2003), and trust relationship (Lewicki, McAllister & Bies 1998) and
Chapter 4: Conceptual Model and Research Hypotheses
160
privacy concerns (Sheng, Nah & Siau 2008). In addition, an empirical study observed gender
differences in behaviour under uncertainty and found that females were more likely to have
inherent risk attitudes (Booth & Nolen 2012). Therefore, researchers have suggested that these
issues are very important to consider in consumer surveys, recommending the criticality of
controlling them (Featherman & Pavlou 2003; Booth & Nolen 2012). In addition, previous
studies have suggested that risk perceptions should be controlled because of their potential effect
on trust, privacy and behavioural intention (Sitkin & Weingart 1995; Xu et al. 2005). As risk
management is a common concern in the IdMS context (Seltsikas & O‘Keefe, 2010), risk, trust
and privacy concerns should be controlled due to the existence of systematic individual
differences in risk attitudes (Dohmen et al. 2006). Therefore, we hypothesize that:
H12a: Demographic factors (age, gender and education) have an effect on users’ perceptions
of IdMS.
4.13.2 Internet and Web Services Experience
Experience has been regarded as important in specifying individual differences (Venkatesh et al.
2003; Kim 2008; Venkatesh, Thong & Xu 2012). In this study, the variables of experience
include prior Internet experience and Web services experience. We focus on the purpose of
experience frequency rather than the length of experience. Prior experience with computers or
similar technology was noted to be an important factor affecting an individual‘s attitude towards
technology adoption (Goodhue & Thompson 1995; Kim 2008). According to the theory of self-
perception (Ouellette & Wood 1998), the more an individual uses an IT, the more positive the
individual evaluates that IT and related aspects. Consistent with this theory, as IdMS is an
Internet–Web technology, the user‘s prior experience with Internet-based services and
technology could impact on their perception and behavioural intentions to use IdMS. Lee, Cheng
and Cheng (2007) found that prior computer experience is a predictor of the fit of PDA
technologies. Similarly, prior experience in using Internet or Web-based services influences the
cognitive fit of users of IdMS in their online identity tasks. Researchers have also argued that the
more experience users obtain on the Web, the less significant the functional barriers to online
Chapter 4: Conceptual Model and Research Hypotheses
161
services and the greater the concerns over security and privacy issues (Castaneda, Munoz-Leivaa
& Luquea 2007). Therefore, more Internet and Web services usage experience will likely
correlate to high levels of usability perceptions, risk perceptions, privacy concerns and trusting
beliefs related to the use of an IdMS, which could affect the user‘s behavioural intention to adopt
IdMS. This leads to the following hypotheses:
H12b: Internet experience has an effect on users’ perceptions of IdMS.
H12c: Web services’ experience has an effect on users’ perceptions of IdMS.
4.13.2 Previous Experience of Identity Theft
According to social contract theory (Caudill & Murphy 2000), a “social contract” is started when
there are expectations of social norms; that is, generally understood obligations that rule the
behaviour of those involved. In line with this, when online users provide their personal
information to online providers, one generally-understood social contract is that online providers
would carry out the responsibility to correctly manage consumers' personal information (Xu et al.
2011). In the context of the online environment, it has been found that an online consumer's
perceived contract breach by a single online provider could lead to the perception of contract
violation by the entire community of online providers (Pavlou & Gefen 2005). IdMS users could
consider such an involved contract breached if they think that their identity information would be
misused or if unauthorized access was provided by IdMS providers when using an IdMS.
Previous research shows that individuals who have been exposed to or who have been the victim
of personal information abuses may have stronger concerns regarding information privacy
(Smith, Milberg & Burke 1996) and their intentions to adopt a new technology (Xu et al. 2011;
Li, Sarathy & Xu 2010). In addition, it has been argued that as long as data breaches continue,
user acceptance of new business tools will remain slow (Sherman 2010). Thus, individuals who
have been the victim of identity theft could have stronger concerns, perceptions and beliefs
regarding behavioural intentions to adopt IdMS. Therefore, we argue that previous experiences
of identity theft would increase individuals' risk perceptions and privacy concerns and decrease
Chapter 4: Conceptual Model and Research Hypotheses
162
trust beliefs and information disclosure which may generally affect their behavioural intentions
to adopt IdMS. Therefore, we expect that:
H12d: Previous experience of identity theft has an effect on users’ perceptions of IdMS.
4.14 Summary The objective of this chapter was to develop the IdMS adoption model and its relationship to
users’ behavioural intentions, perceptions and beliefs toward IdMS use. Each construct and sub-
construct in the proposed conceptual model were defined (summarized in Table 4.5) and their
theoretical lens and hypothetical association were discussed in this chapter. With the support of
existing theories and relevant literature, the study proposed a total of 35 hypotheses to examine
IdMS adoption at the individual level. Of these, 26 hypotheses investigated the main effects and
the relationships between dependent, independent variables and outcome constructs in the base
model (H1-H10c). In addition, five hypotheses examined the role of previous related experience
with IdMS (SSO) as moderator (H11a-H11e), and finally, four hypotheses investigated control
variables (individual differences factors) (H12a-H12d) on the extended model (see Figure 4.1).
Overall, the proposed model of the study filled the gaps identified in Chapter 2 (Literature
Review [Identity Management Systems]) and Chapter 3 (Literature Review [IS/IT Adoption]) by
proposing a theoretical model for user adoption of IdMS.
The next chapter will discuss the research methodology employed in this study to validate the
proposed conceptual model and its supposed relationships.
Chapter 4: Conceptual Model and Research Hypotheses
163
Table 4.5: Main constructs in the research model Construct Definition Theoretical
Foundation Key References
Behavioural intention to use
A user intending to use an IdMS. TRA, TPB, TAM
(Fishbein & Ajzen 1975; Ajzen & Fishbein 1980; Davis 1989; Ajzen 1991; Venkatesh et al. 2003)
Behavioural intention to disclose
A user’s willingness to disclose (submit and store) her/his identity information on the Internet.
TRA, TPB (Ajzen 1991; Malhotra, Kim & Agarwal 2004; Bansal, Zahedi & Gefen 2010)
Perceived usefulness
The degree to which a user believes that using a particular IdMS would enhance managing and controlling his or her online identities.
TAM (Davis 1989; Davis Bagozzi & Warshaw 1989; Venkatesh & Davis 2000)
Perceived ease of use
The degree to which a user believes that using IdMS would be easy and free from effort.
TAM (Davis 1989; Davis Bagozzi & Warshaw 1989; Venkatesh & Davis 2000)
Fit The interaction between IdMS task and technology characteristics. TTF (Venkatraman 1989; Goodhue & Thompson 1995; Dishaw & Strong 1999; String et al. 2006)
Perceived risk The expectation that a high potential for loss is associated with the release of identity information to the IdMS providers and through the use of IdMS.
CDT, risk (Dowling & Staelin 1994;Featherman & Pavlou 2003; Malhotra, Kim & Agarwal 2004)
Trusting beliefs Comprising two dimensions: trust in the IdMS artefact (users’ perceptions regarding the integrity and ability of the IdMS as a technology providing management and maintenance of their online identities) and trust in IdMS providers (user’s perceptions regarding the integrity and ability of the IdMS providers providing the online identity service).
Trust, trust–risk model
(Mayer, Davis & Schoorman 1995; McKnight et al. 1998, Jarvenpaa & Tractinsky 1999; McKnight et al. 2002; Gefen, Karahanna & Straub 2003; McKnight 2005; Wang & Benbasat 2005; Li et al. 2008; Luo et al. 2010)
Trust in the Internet
Comprising two dimensions: situational normality (the user’s beliefs that the Internet environment is suitable, well ordered, and favourable for disclosing identity information and using IdMS), and structural assurance (the user’s beliefs that technological and legal Internet protections, such as data encryption, would safeguard him/her from loss of money, privacy or identity information).
Trust, trust–risk model
(McKnight et al. 2002; Pavlou 2003; Li et al. 2008)
Information disclosure
An exchange where users had disclosed their identity information for the purpose of using Web-based services for both financial and non-financial transactions.
SET information privacy
(Chelune 1987; Metzger et al. 2004; Norberg, Horne & David 2007; Lowry, Cao & Everard 2011; Xu et al. 2011)
Privacy concerns The subjective view and the sense of threat that individuals have about how IdMS providers are using or would use their identity information, comprising seven dimensions: awareness, notice, collection, choice control, error, improper access and unauthorized secondary usage.
SCT information privacy
(Smith, Milberg & Burke 1996; Malhotra, Kim & Agarwal 2004; Liu et al. 2005; Dinev & Hart 2006; Xu et al. 2011)
Chapter 4: Conceptual Model and Research Hypotheses
164
Cost An individual’s perception that using an IdMS provides possible expenses for managing and maintaining identity information.
Cost–benefit analysis
(Wu & Wang 2005; Mallat 2007; Chong, Chan & Ooi 2012)
Facilitating conditions
The degree to which an individual believes that an organizational and technical infrastructure (e.g. accessibility to the Internet, the familiarity and availability of resources of users) supports the use of the IdMS.
TPB ,UTAUT (Venkatesh et al. 2003; Cho 2006; Im, Kim & Han 2008)
Subjective norms The person's perception that most people who are important to him/her think he/she should perform the behaviour in question (using an IdMS).
TRA,TPB (Ajzen1991; Karahanna, Straub & Chervany 1999; Venkatesh & Davis 2000)
Notes: The theory of reasoned action (TRA), theory of planned behaviour (TPB), technology acceptance model(TAM), task–technology fit (TTF), cognitive dissonance theory (CDT), social contract theory (SCT), social exchange theory (SET), unified theory of acceptance and use of technology (UTAUT).
Chapter 5: Research Design and Methodology
5.1 Introduction The objective of this chapter is to outline the methodological considerations used to conduct the
study. The chapter begins by introducing the positivist research paradigm, the use of the
quantitative method and Web survey, followed by explaining the procedure for sampling and
collating the research data. The chapter then describes the statistical techniques that have been
used to validate and analyse the data as well as to estimate the parameters of the research model.
The instrument development is discussed in detail in Chapter 6.
5.2 Research Paradigm
Because paradigms vary in terms of the fundamental assumptions they carry to an
organizational investigation, researchers must commit to a single paradigm (Mingers 2001). A
paradigm can be defined as the “basic belief system or world view that guides the
investigation” (Guba & Lincoln 1994, p. 105). In that regard, this study proposes a positivist
research that involves “precise empirical observations of individual behaviour in order to
discover … probabilistic causal laws that can be used to predict general patterns of human
activity” (Neuman 2003, p. 71). Table 5.1 shows the components of the positivist paradigm in
addition to other paradigms. The purpose of the positivist approach is to determine the objective
and social reality. It is an attempt to increase the predictive understanding of phenomena by
measuring variables, testing theories and making assumptions about a phenomenon arising from
the sample in a fixed population (Orlikowski & Baroudi 1991). Accordingly, the aim of this
study is to understand the factors that influence user adoption of IdMS and their effects on
behavioural intention.
Chapter 5: Research Design and Methodology
166
Table 5.1: Characteristics of the positivist paradigm in social science (Source: Sarantakos 2005)
The present study has adopted explanatory research design. According to Hair et al. (2007),
explanatory research focuses on the cause-and-effect relationship, explaining what cause
produces what effect. The research model relies on concepts, constructs and relationships that
are drawn from different theories and previous studies. The aim of this study is to measure some
variables and explain the causal relationships among the constructs. Thus, the explanatory
research approach is utilized for this study.
5.3 Methodological Approach
A quantitative methodology has been selected as appropriate for the explanatory nature and the
positivist paradigm adopted by this study (Straub 1989; Straub, Gefen & Boudreau 2005).
Moreover, a quantitative approach provides statistical evidence from a large sample about
construct validity and reliability (Pinsonneault & Kraemer 1993; Straub, Gefen & Boudreau
2005; Hair et al. 2010). Quantitative research methods comprise surveys, and numerical
techniques such as mathematical modelling and laboratory experiments (Straub, Gefen &
Boudreau 2005).
The advantages of using the quantitative research approach are, firstly, that the quantitative
approach yields large amounts of data, presents statistical evidence in terms of validity and
reliability and generates results that are normally generalizable to the whole population
(Attewell & Rule 1991; Straub, Gefen & Boudreau 2005). Secondly, this approach requires few
resources per respondent comparing with most qualitative research methods (Mingers 2001).
Thirdly, it can enhance the predictive understanding of a phenomenon, and it provides a greater
Chapter 5: Research Design and Methodology
167
degree of reliability than most qualitative research methods (Pinsonneault & Kraemer 1993;
Mingers 2001). Fourthly, the quantitative research approach can generate replicable findings no
matter who conducts the research (Attewell & Rule 1991; Straub, Gefen & Boudreau 2005).
Conversely, the disadvantages of quantitative research methods include, firstly, that the
researchers are usually absent when the research instruments are completed and thus have no
opportunity for clarification of ambiguous aspects (Kaplan & Duchon 1988). Secondly, the
quantity of control that the researchers can exercise is limited in comparison to qualitative
research methods (Myers & Newman 2007). Thirdly, this approach often produces a relatively
low level of participation compared with most qualitative research methods (Mingers 2001).
Fourthly, little insight is usually gained about the causes, the procedure behind the phenomena
under study and the social context (Mingers 2001).
5.4 Research Method
5.4.1 Survey
This study used the survey as a data collection technique. The use of surveys is a traditional data
collection technique in IS research to test and validate theories (Pinsonneault & Kraemer 1993;
Straub, Gefen & Boudreau 2005). The survey is defined as a method of collecting specific
information about characteristics, actions or opinions of a large group of people referred to as
the population (Pinsonneault & Kraemer 1993). According to Pinsonneault and Kraemer (1993),
the use of surveys is suitable when the dependent variables and independent variables are
clearly defined, and when a specific model of the expected relationships, which is tested against
observations of the phenomenon, is identified. Moreover, the survey method enables the
examination of causal relationships between variables through substantial amounts of data to
test the theoretical model (Straub, Gefen & Boudreau 2005). In the case of this study, the
constructs are clearly defined and can be assessed by determining relationships. Furthermore,
survey research is especially well-suited for answering questions about what, how and why
Chapter 5: Research Design and Methodology
168
(Pinsonneault & Kraemer 1993; Yin 1994). Hence, the survey method is appropriate for
answering the research questions of this study.
5.4.2 Online Survey
The data collection process was carried out using an online survey method, and the
questionnaire was Web-based and accessed through an URL (Schmidt 1997; Zhang 1999;
Couper 2000; Gefen et al. 2005). The Web offers new opportunities to conduct survey research
more efficiently (Zhang 1999; Couper 2000; VanGelder, Bretveld & Roeleveld 2010). In
addition, it has many advantages compared with traditional survey methods. Firstly, the cost and
time of managing the questionnaires and coding data are comparatively low (Schmidt 1997;
Couper 2000; VanGelder, Bretveld & Roeleveld 2010). Secondly, it reaches potential
respondents in geographically remote areas (Couper 2000). This study aimed to find factors that
affected general Web users’ adoption of IdMS, thus this method was suitable because responses
could be received from different areas at any time (Schmidt, 1997; Couper 2000). Thirdly, the
procedure of selecting a sample from a population is highly dependent on the type of survey
being conducted (Couper 2000). Given that our sample was from a frame of active Web users, a
Web survey is appropriate as the participants have access to the Internet (Couper 2000; Gosling
et al. 2004). Finally, an online survey provides a greater response rate (Schmidt 1997; Zhang
1999). A large sample provides stronger external validity and allows the examination of the
relationships hypothesized (Pinsonneault & Kraemer 1993). Therefore, a Web-based survey is
more appropriate for this research.
On the other hand, online surveys provide some important challenges for researchers, such as a
low response rate, non-response bias, and the need to assure the quality of the sampling frame
(Schmidt 1997; Couper 2000; VanGelder, Bretveld & Roeleveld 2010). This study took these
issues into consideration and managed the survey by using techniques such as incentives to
increase the response rate (Goeritz 2006; VanGelder, Bretveld & Roeleveld 2010), options in
Chapter 5: Research Design and Methodology
169
the survey software to prevent missing values and errors (Comley 2002), and using a proxy
method for identifying repeated participants (Gosling et al. 2004).
4.5.3 Cross-sectional Survey Design
Under the survey method, the study adopted cross-sectional design. This approach consists of
the collection of data only once from any given frame of population (Cooper & Schindler 2008).
In other words, it refers to “surveys completed by a single respondent at a single point in time”
(Rindflesch et al. 2008, p. 262). The cross-sectional method differs from the longitudinal study
which involves the efficacy of collecting data over multiple periods of time (Rindflesch et al.
2008). A cross-sectional approach may be possible and less costly while a longitudinal study is
unviable, costly and time-consuming (Rindflesch et al. 2008). Therefore, researchers in most IT
and Web-based applications’ adoption have preferred cross-sectional study (e.g. Davies et al.
1989; Karahanna, Straub & Chervany 1999; Cheng, Lam & Yeung 2006; Lee 2009; Luo et al.
2010; Im, Hong & Kang 2011). Besides, a cross-sectional approach confirms representative
sampling and minimal response bias. In addition, it reduces common method variance (CMV),
that is, systematic method error because of the use of a single source or rater (Rindflesch et al.
2008). It also may enhance the causal inference which involves the ability to infer causation
from observed empirical correlations (Rindflesch et al. 2008). Based on the above motivations,
the cross-sectional study is suitable for this research.
5.5 Data Collection Procedure
The choice of the data collection process is an important point in the research method (Cooper
& Schindler 2008). Therefore, researchers should carefully explain and justify their selections of
population, sampling frame and sampling plan for any research involving collected data (Gefen,
Rigdon & Straub 2011).The aim of this section is to describe the data collection design process
used in this study. The data collection procedure includes the sampling technique; targeted
population and sampling frame, sampling setting, sample size adequacy and recruiting
Chapter 5: Research Design and Methodology
170
technique. Table 5.2 presents an overview of the data collection process which is discussed in
detail in the following sub-sections.
Table 5.2: Overview of data collection strategy
Target population Social media: social networkers E-commerce: online shoppers
Sampling frame Social networkers: Facebook and LinkedIn users
Sampling element Users above 18 years of age who have knowledge about IdMS
Target setting Australia, US, Canada, UK and India
Method of sampling Non-probabilistic: purposive sampling; self selection by the respondents through a banner advertisement
Sample size Pilot study: 150: Main study: 332
Method of data collection Online questionnaire with incentive
5.5.1 Sampling Technique
Researchers should decide which sampling technique to use derived from the subject
population, the ‘fit’ with their research considerations (time, cost, etc.) and the phase
(confirmatory or exploratory) at which their research is being conducted (Cooper & Schindler
2008). Sample elements can be selected using probability or non-probability techniques
(Schreuder, Gregoire & Weyer 2001; Cooper & Schindler 2008). A probability sampling
technique is based on random selection where each unit of a population has a positive
probability chance of selection (Cooper & Schindler 2008). Random selections reduce the
element of personal choice in the sample and then remove subjective selection bias (Sibona &
Walcazak 2012). Non-probability sampling is a set of techniques where an element of choice in
the method is made by the researcher (Cooper & Schindler 2008; Sibona & Walcazak 2012).
This study adopted the non-probability sampling technique, that is, purposive sampling.
Purposive sampling is an approach where target elements conform to certain criteria (Cooper &
Schindler 2008). In this technique, researchers survey those who meet a certain criteria who are
suitable for their study purpose (Schreuder, Gregoire & Weyer 2001; Cooper & Schindler 2008;
Sibona & Walcazak 2012). The reason for choosing purposive sampling is that this technique is
appropriate in the early stages of research when subjects had little or no experience with the
Chapter 5: Research Design and Methodology
171
particular event under investigation (Cooper & Schindler 2008; Sibona & Walcazak 2012).
IdMS are still new and visionary and, thus, very few users have experienced IdMS applications
(Aichholzer & Straub 2010; Adjei & Olesen, 2011; Friedman, Crowley & West 2011; Wang,
Chen & Wang 2012). This technique has been used in previous technology adoption studies
such as ubiquitous commerce adoption (Sheng, Nah & Siau 2008). Therefore; this technique is
suitable in the case of this study. In that regard, the sampling process was intended to locate
people who had certain criteria which were under investigation as discussed in the following
sub-sections (target population, sampling frame and sampling setting).
5.5.2 Target Population
Identifying the target population is the basic building block of sampling design process (Cooper
& Schindler 2008). The target population represents the sample elements that a researcher is
interested in and the group about which conclusions are drawn (Cooper & Schindler 2008).
Thus, it is essential to be as specific as possible to choose who should and who should not be in
the sample.
IdMS involve different online contexts, such as e-commerce, e-government, social media, etc.
(Mont, Bramhall & Pato 2003). As this study has focused on Web-IdMS used for different
transactions (financial and non-financial), the study focused on two different online contexts:
social media and e-commerce. The reasons for choosing these two contexts are as follows:
firstly, social media and e-commerce are recent, common online services by which users
conduct transactions on the Internet (Back et al. 2010; Nielson 2011; Duggan & Brenner 2013).
In addition, online services mostly use a digital identity system (Friedman, Crowley & West
2011). The second reason for considering these two contexts is that it was expected that the
constructs included in this study, such as task, perceived risk, privacy concerns and trusting
beliefs would have different meanings in different contexts. For example, online shopping or
online payment can be assumed to be services where consumers’ privacy and data security
concerns would emerge more than in the context of a social network. The final reason is that
Chapter 5: Research Design and Methodology
172
there was a lack of research focused on Web-based IdMS that investigated self-regulated IdMS,
such as e-commerce and social media contexts (Roussos, Peterson & Patel 2003; Adjei &
Olesen 2011) (see Chapter 2, Section 2.9). These contexts are reasonable as this study aims to
explore the factors that influence the adoption of IdMS from the general point of view of
Internet users.
The members of social media and specifically of social network sites (SNS) were the target
population. SNS are very popular, with millions of members (Nielson 2011; Pring 2012a,
Duggan & Brenner 2013). By the end of 2011, social networking was the fastest-growing active
social media behaviour online, rising from 36% of worldwide Internet users to 59%
administrating their profile on a monthly basis (Pring 2012). Furthermore, interest in Internet
social networking websites has recently emerged across online users, businesses and researchers
(Boyd & Ellison 2008). Moreover, SNS use is becoming much more dispersed across age
groups (Ping 2012a). Finally, SNS provide individuals with the space to create and nurture their
online identity (Tufekci 2008). Therefore, this sample is appropriate for the social media
context.
For e-commerce, online shoppers were considered as the target sample. As mentioned
previously, this study has focused on the adoption of IdMS that are utilized for financial or non-
financial transactions. Online shopping is an activity that enables users to perform financial
transactions. More than 85% of online users have used the Internet for making purchases
(Nielson 2007). Credit cards and PayPal are the most common methods for online payment.
According to Nielson (2007), 60% of global online consumers used their credit cards for online
shopping, and one in four online consumers choose PayPal. While not strictly IdMS, payment-
card networks, such as credit cards or PayPal, share some characteristics with these systems,
and have greatly contributed to the success of e-payment and e- commerce (Landau & Moore
2012).
Chapter 5: Research Design and Methodology
173
In addition, prior research has suggested that active Internet users are more likely to adopt new
Web-based services and applications (Corrocher 2011; Teng et al. 2012). Furthermore, previous
studies have suggested that young people are more willing to use new technologies while older
people (e.g. over 45) are more unwilling to embrace new information technologies (Sheng, Nah
& Siau 2008). In the early stages of using information technology, younger people tend to
reveal a greater tendency to seek innovativeness and novelty (Venkatesh, Thong & Xu 2012).
Because both online shoppers and social networkers are intensive online users (Nielson 2007;
Nielson 2011; Pring 2012a, 2012b) and are relatively young (Back 2010; Nielson 2011; Pring
2012a, Duggan & Brenner 2013), they are potential IdMS users, as they would be more likely to
adopt IdMS. Therefore, subjects either had to have experience in using social networks or
online shopping experience (see Table 5.2).
5.5.2.1 Sampling frame
The sampling frame is defined as the actual set of elements from the population of interest from
which a sample has been drawn (Cooper & Schindler 2008). Social networkers, specifically
Facebook and LinkedIn users, were the target sampling frame. Facebook and LinkedIn were
selected because they have both similarities and differences. Firstly, Facebook and LinkedIn are
very popular, with millions of active Web users (Nielson 2011; Pring 2012a, 2012b;
Socialbakers 2013a, 2013b). By 22 March 2013, there were more than 978 million active
Facebook users and more than 168 million LinkedIn members (Socialbakers 2013a, 2013b).
Secondly, these members have experience with online identity services where individuals create
online profiles, make connections with others and share identity information (Boyd & Ellison,
2008) which is commensurate with the purpose of our study. Thirdly, among the top 300 global
websites that are identity providers, they have the highest number of Internet users (Landau &
Moore 2012). Finally, it has been argued that recruitment through social network sites can be
helpful in understanding emerging technology, and they are appropriate to gain insight into the
behaviour of users (Sibona & Walcazak 2012). Among social network sites, Facebook and
LinkedIn have recently implemented IdMS and SSO solutions (Huhnlein, Robnagel &
Chapter 5: Research Design and Methodology
174
Zibuschka 2010). Thus, it was decided to collect data from the aforementioned target population
to ensure that there would be a sufficient number of potential IdMS adopters in the sample.
In contrast, Facebook and LinkedIn members have different characteristics: Facebook is
content-focused and the majority of its users are under the age of 35 (Boyd & Ellison 2008;
Back et al. 2010; Duggan & Brenner 2013), while LinkedIn users are older professionals or
employees (Boyd & Ellison 2008; LinkedIn 2012; Duggan & Brenner 2013). In addition,
technical functionalities and mechanisms triggering social interaction are conducted on both
sites to better understand key socio-technical differences that may explain changes in
perceptions among users (Dwyer, Hiltz & Passerini 2007). This enabled the collection of
demographic variations for constructing the sample.
This study has focused on the online shopping context as we previously mentioned. Statistical
reports show that 70% of social network users shop online (Nielson 2011, Pring 2012b). As
both Facebook and LinkedIn are the most popular social networking sites (Pring 2012a, 2012b;
Socialbakers 2013a, 2013b), their members are arguably intensive online shoppers. In addition,
our results show that only 3.3% said that they did not have experience with online shopping (see
Chapter 7, Section 7.2.1). Therefore, the target sample was actively engaged in e-commerce and
the social network sites under investigation thus representing sample units of the target
population (see Table 5.2).
Given our unique focus on “true online identity”, it is reasonable to gather data using the
selected population. It has been confirmed that online shoppers provide their fully identified
information (real identity) (Mercator Advisory Group, 2011). In addition, the vast majority of
social network users especially on Facebook and LinkedIn provide their real identity with only a
very small percentage of partial or obviously fake identities (Gross & Acquisti 2005; Greenfield
2011). Alessandro Acquisti argued that “about 90% of Facebook users use their real identities
on the network” (cited in Power [2011]). In addition, a study of 100 profile names from
Facebook found 89% of all names to be realistic and likely to be the true names of the users
Chapter 5: Research Design and Methodology
175
(Gross & Acquisti 2005). Although some Facebook users provide fake names, the vast majority
also use facial photos of themselves as their primary profile photos (Power 2011). This means
that although their names may not be true, their photos still provide a real identity (Greenfield
2011). Therefore, we argue that the target population has experience in revealing “true identity”
which is appropriate for the purpose of this study.
Based on the above discussed motivation, the target sample was appropriate for the purpose of
this study.
5.5.2.2 Sampling elements
A sampling element is defined as a single unit that is selected from a sample (Cooper &
Schindler 2008). In this research, the sampling elements were social networkers who were over
18 years of age and who had knowledge about IdMS. Many online services have introduced
some IdMS solutions. Adoption of IdMS at these sites constituted a "contingent" decision
(Rogers 1983, pp. 347-348). This implies that these online services had made the decision to
adopt IdMS, but that individuals have discretion as to when they would adopt. To ensure that
beliefs included in this study would be salient to the respondents, a belief elicitation procedure
was followed as suggested by Ajzen and Fishbein (1980) and Karahanna, Straub and Chervany
(1999). The full process is described as follows. Potential adopters are defined as individuals
who had knowledge about IdMS services and technologies but who (may) have not yet started
using IdMS. Therefore, people who had no knowledge about IdMS were excluded from the data
set.
5.5.2.3 Sampling setting
Facebook and LinkedIn operate their sites in almost every country in various languages.
Collecting data in various nations and cultures is a highly complex task since one can encounter
a diversity of languages and cultural contexts (Van de Vijver & Chasiotis 2010). For that
reason, this study was conducted in five English-speaking countries, that is, Australia, United
States, Canada, United Kingdom and India. Despite the variety of languages used in India,
Chapter 5: Research Design and Methodology
176
English is the main and the official language (Tropf 2004). For most of the Indian population,
English is a second language and therefore remains a common means of communication (Tropf
2004). In addition, reports show that India is the world's second largest English-speaking
country (Nickerson 2008). These countries were selected based on the following reasons.
Firstly, the survey was written in standard English form. Therefore, we could ensure that the
respondents understood the survey. Secondly, collecting data from different settings could help
to increase the generalizability of our research results (Van de Vijver & Chasiotis 2010). Thus;
cross-cultural comparisons can be performed in the future. Thirdly, Facebook and LinkedIn
have been reported as the most popular websites across the selected countries. According to
Social Bakers , a service which provides social media analytics and ratings for brands and media
companies, among 213 countries, these five countries selected are the top five ranked with
higher numbers of LinkedIn users and are in the top 21 rating among Facebook users
(Socialbakers 2013a, 2013b) (see Table 5.3).
Table 5.3 Number of Facebook and LinkedIn users across the selected countries
Facebook LinkedIn Country No of users Ranking Country No of users Ranking
United States 168642820 1 United States 78096960 1
India 60600520 3 India 2011924 2
United Kingdom 33785600 6 United Kingdom 11586573 3 Canada 18600020 13 Canada 6555954 4
Australia 11738040 21 Australia 4138435 5 Total 978 935 800 213 Total 168 745 717 213
Finally, given our focus on previous identity theft experience, people from these selected
countries are most often identity theft victims. While concerns about identity theft form a
universal language, more identity theft tends to occur in English-speaking countries (Business
Wire 2008). Online consumers in English-speaking countries are the most common victims of
identity theft, twice the rate of those in non-English speaking nations (Business Wire 2008). A
survey conducted by PayPal, found that 10% of online shoppers in the US, Canada and the UK
have had their identities stolen and 25% knew friends who had experienced identity theft. This
Chapter 5: Research Design and Methodology
177
compares with only 5% in the non-English-speaking countries, that is, France, Germany and
Spain (Business Wire 2008). In addition, our results show that 18% of the respondents from the
five selected countries had experienced identity theft (see Chapter 7, Section 7.2.1). Therefore,
our target population in the selected locations was reasonable for the purpose of this study.
5.5.3 Sample Adequacy
An adequate sample size has an important role in estimating the parameters of the model (Hair
et al. 2010). The analysis plan is a prerequisite for determining the adequacy of the sample size
(Gefen, Rigdon & Straub 2011). Therefore, the literature related to a particular choice of
estimation method regarding adequate sample size should be investigated (Gefen, Rigdon &
Straub 2011). It has been suggested that in order to carry out the exploratory and confirmatory
factor statistical analysis with rigour, the sample size should be above 300 (Stevens 1996).
Some researchers have found that in most cases, a sample size of 150 to 200 should be adequate
to get an accurate solution in a factor analysis providing strong inter-item correlations (Hoelter
1983; Guadagnoli & Velicer 1988; Hair et al. 2010). In addition, researchers have suggested
that item-to-response ratios in exploratory and confirmatory factor analysis should range from
1:4 to 1:10 (Hair et al. 1995; Hinkin 1998). However, the advantage of a large sample is that it
can create stable estimates of the standard errors to guarantee that factor loadings are accurate
reflections of the true population values (Hair et al. 2010). In the case of partial least squares
(PLS), researchers suggested the “10 times” rule with respect to sample size (Chin 1998b;
Gefen, Straub & Boudreau 2000; Marcoulides, Chin & Saunders 2009; Goodhue, Lewis &
Thompson 2012; Hair et al. 2012). The “10 times” rule states that the sample size should be at
least 10 times the number of structural paths leading into a construct (Barclay, Higgins &
Thompson 1995; Chin & Newsted 1998). In the case of this study, this would require a
minimum sample of 90 subjects. Therefore, with the above criteria and the statistical analysis
plan used in this study, the total sample size yielded for the pilot study (N = 150) and the main
study (N = 332) was large enough to estimate the parameters of our model.
Chapter 5: Research Design and Methodology
178
5.5.4 Incentive for Participation in the Survey
By providing an incentive for participation in a study, researchers can impact on the likelihood
of participants taking part, as well as on the quality of the participants’ responses (Goeritz &
Wolf 2008). Material incentives may increase the chances of a person completing a Web survey
by up to 19% and it can increase the total response rate on average by 2.8% over what it would
be if no incentives were offered (Goeritz 2006). In contrast, an incentive might encourage some
people to fill out a survey many times (Goeritz 2006). This issue was easily overcome by using
the “Prevent Ballot Box Stuffing” option in the online survey software provider which installs a
cookie on the machine that prevents that computer from accessing the survey a second time
(Comley 2002). Another risk is that people may fill in random data to get to the end of the
survey quickly in order to be eligible for the incentive (Goeritz 2006). In the same way, without
an incentive, they may be likely to give up when bored and are therefore easily identifiable
(Goeritz 2006). Therefore, this issue also can be overcome by controlling the time each
participant takes to complete the survey and excluding participants who completed it in a period
of time notably below average. Thus, participants were offered a $5 Amazon gift voucher and a
summary of the completed study (Goeritz 2006, Goeritz & Wolf 2008).
5.5.5 Recruiting Technique
In behavioural surveys, recruitment methods appear similar because little evidence exists about
which method produces subjects with more reliable survey responses (Alvarez, Sherman &
VanBeselaere 2003; Sibona & Walcazak 2012). Therefore, researchers should choose a
recruitment method that is available and which provides accessibility to the target population
(Cooper & Schindler 2008). In practice, it is not possible to contact a list of Facebook and
LinkedIn users as this information is confidential to these sites as well as due to time and
accessibility considerations. However, these sites enable the organizations and individuals to
target users via advertising. Hence, this study used a banner advertisement placed through
Facebook Adv and LinkedIn Adv as a method to recruit subjects (Alvarez, Sherman &
VanBeselaere 2003). Facebook Adv (https://www.Facebook.com/ads) and LinkedIn Adv
Chapter 5: Research Design and Methodology
179
(https://www.linkedin.com/ads ) are self-service advertising solutions that allow you to place
text advertisements on prominent pages across Facebook and LinkedIn. They let advertisers
reach different members and take advantage of powerful targeting options. The advertisers can
specify which members view the ads by selecting target viewers based on location,
demographics and interests. Facebook Adv and LinkedIn Ad enable the advertisers to control
their advertising costs by setting a budget and only paying for the clicks or impressions that they
receive.
A banner advertisement with a subscription campaign would be a more efficient Web survey
technique but they are not cost-effective (Alvarez, Sherman & VanBeselaere 2003). In addition,
this technique enabled us to access Facebook and LinkedIn users as they can see the banner and
then be redirected to the survey website. Furthermore, this technique lets us recruit respondents
based on the target population as both Facebook Adv and LinkedIn Adv provide targeting
options such as location and age. Finally, using online social network tools (e.g. Facebook Adv
and LinkedIn Adv) facilitates the recruitment process and helps in the understanding of
emerging Internet-based phenomena such IdMS. Sibona and Walcazak (2012) recently
examined survey recruitment methods through Twitter’s @reply mechanism and compared the
results to other recruitment techniques. Their results indicated that recruitment through online
social network sites like Twitter is a possible recruitment method and can be helpful in
understanding emerging technology and social norms (Sibona & Walcazak 2012).
We developed two banner advertisements (see Figure 5.1). Using a university logo, blue label
on top and black print, the part of the banners simply read “Researchers need your help!
Complete a quick survey for a $5 Amazon gift card” and “We invite you to complete a survey &
you will be offered a $5 Amazon Voucher”. Any individual who clicked on the banner
advertisement would be directed to the survey website.
Using these banner advertisements, we ran two banner campaigns, one through Facebook Adv
and the other via LinkedIn Adv for the pilot study in 2012: 5 June–19 June. We also ran two
Chapter 5: Research Design and Methodology
180
banner campaigns through each site for the main study in 2012: 17 August–14 September. The
advertisements were targeted at people in Australia, US, UK, Canada and India who over 18
years of age.
In total, the banner advertisements were run by 2,286,865 impressions, producing 1078 clicks,
and yielding a total of 521 completed responses. Clicks are the number of times individuals
actively clicked on the banner advertisement and were directed to the survey website (Alvares et
al. 2003). Impressions are the number of times the banner advertisement was displayed (Alvares
et al. 2003).The total percent yield of new subjects per impression was 0.22%, while the
percentage yield per click was 48.3%. More details about the response rates and the sample
profile of the pilot and main study are discussed further in Sections 6.5.1 and Chapter 7
(Section7.2).
Figure 5.1: Banner advertisement
5.6 Measurement Development To minimize measurement error, it is important to develop a rigorously reliable and valid
research instrument (Churchill 1979; Straub 1989; Moore & Benbasat 1991; MacKenzie,
Podsakoff & Podsakoff 2011). The following section outlines the development of the research
instrument which is discussed in detail in the next chapter (Chapter 6).
Chapter 5: Research Design and Methodology
181
5.7 Reliability and Validity
Researchers suggested that a survey instrument in new research should be validated using
statistical techniques to evaluate the possible accuracy and consistency of the research
questionnaire (Straub, Boudreau & Gefen 2004; Hair et al. 2010). Content validity, construct
validity and reliability are the most important evaluation criteria for instrument development
(Gefen, Straub & Boudreau 2000; Straub, Boudreau & Gefen 2004; MacKenzie, Podsakoff &
Podsakoff 2011). This study followed the above guidelines to validate the survey instruments
for both the pilot study and the main study. The measurement quality of these instruments was
assessed based on their content validity, reliability convergent validity and discriminant validity
as described in the following sub-sections:
5.7.1 Reliability
Reliability refers to the extent to which measurements are accurate and repeatable (Straub 1989;
Straub, Boudreau & Gefen 2004). In other words, reliability refers to “the extent to which the
respondent can answer the same questions or close approximations the same way each time”
(Straub, Boudreau & Gefen 2004, p.400). Reliability is commonly calculated by internal
consistency reliability using Cronbach‘s alpha coefficient (Cronbach 1971) and composite
reliability (CR) (Straub, Boudreau & Gefen 2004; Chin 2010). Nearly all IS researchers prefer
internal consistency statistics for reliability testing (Straub, Boudreau & Gefen 2004;
MacKenzie, Podsakoff & Podsakoff 2011).
The literature suggested different acceptable standards of reliability. It was generally agreed that
a scale was considered reliable if it had Cronbach‘s alpha and composite reliability equal to or
above 0.7 (Fornell & Larcker 1981; Bagozzi & Yi 1988; Straub 1989; Nunnally & Bernstein
1994; Hair et al. 2010; MacKenzie, Podsakoff & Podsakoff 2011). A reliability of lower than
0.6 suggested a multi-dimensional construct or poor construct definition while above 0.95 may
indicate the existence of common methods bias (Straub, Boudreau & Gefen 2004). Based on the
Chapter 5: Research Design and Methodology
182
above criteria, the reliability of the survey items measure was examined using Cronbach‘s alpha
coefficient and composite reliability in order to measure each scale.
5.7.2 Validity
Validity refers to whether an item of a construct behaves as one would suppose it would if it was
a valid measure of the construct and whether it fits the conceptual definition (Hair et al. 2010;
MacKenzie, Podsakoff & Podsakoff 2011). Researchers have suggested that content validity and
construct validity should be established in empirical research (Straub, Boudreau & Gefen 2004;
MacKenzie, Podsakoff & Podsakoff 2011). Content validity is established using qualitative
assessment, while construct validity is assessed using statistical techniques (Straub, Boudreau &
Gefen 2004). Construct validity involves convergent validity and discriminant validity
(MacKenzie, Podsakoff & Podsakoff 2011). The next sub-sections provide a description of
these validity evaluations and introduce the rules and criteria for assessing them.
5.7.2.1 Content validity Content validity is a subjective evaluation of the extent to which an item of a construct is able to
capture what it is assumed to measure (Hair et al. 2010). Content validity is defined as “the
degree to which items in an instrument reflect the content universe to which the instrument will
be generalized” (Straub, Boudreau & Gefen 2004, p. 424). Kerlinger (1973) similarly defined
content validity as “the ‘representativeness’ or ‘sampling adequacy’ of the content—the
substance, the matter, the topics—of a measuring instrument.”(p. 459). The content validly can
be established by: (1) sketching the questionnaire from measures available in the literature, and
(2) by pretesting the instrument with different groups of expert panels to pass judgment on the
appropriateness and comprehensiveness of the measures (Straub 1989). In this phase, empirical
assessment is not required (Straub, Boudreau & Gefen 2004).
Consequently, this study followed these criteria and assessed the content validity for its
constructs. Firstly, the measures were adopted from reliable and well-known sources available
in the literature (as explained further in Chapter 6, Section 6.2). Secondly, the expert panels and
Chapter 5: Research Design and Methodology
183
survey pre-test stages were conducted to investigate the suitability of the questionnaire (as
discussed further in Chapter 6, Sections 6.3.1 and 6.3.3).
5.7.2.2 Construct validity Construct validity seeks agreement between a theoretical concept and a specific measuring
procedure (Straub, Boudreau & Gefen 2004). It refers to the basic question of “whether the
measures chosen by the researcher ‘fit‘ together in such a way so as to capture the essence of the
construct” (Straub, Boudreau & Gefen 2004, p. 15). Construct validity consists of convergent
validity and discriminant validity. Convergent validity is the degree to which two or more
attempts to measure the same concept are in agreement. Gefen and Straub (2005) and Fornell
and Larcker (1981) suggested that convergent validity should be tested using the following
criteria:
(1) All indicator factor loadings should be significant at 0.05 alpha protection level and
exceed 0.70.
(2) Average variance extracted (AVE),which measures the overall amount of the
variance among a set of items representing a construct (Fornell & Larcker 1981),
should exceed the variance due to measurement error for that construct (i.e. AVE
should exceed 0.50).
In contrast, discriminant validity is the degree to which items theorized to reflect the construct
differ from those that are not believed to make up the construct (Straub 1989). Discriminant
validity is achieved when all measurement items load more strongly on their respective
construct than on other constructs (Gefen & Straub 2005; Fornell & Larcker 1981). Secondly,
the AVE for each construct should exceed the squared correlation between that and any other
construct considered in the factor correlation matrix (Fornell & Larcker 1981; Gefen & Straub
2005). Accordingly, this study employed these recommended rules to access convergent and
discriminant validity as discussed further in Chapter 6 (Section 6.5.3) and Chapter7 (Section
7.3).
Chapter 5: Research Design and Methodology
184
5.8 Data Analysis This section presents the data analysis technique employed in the study. Firstly, the statistical
technique used for accessing the model parameters, that is, structural equation modelling
(SEM)-partial least squares (PLS) is defined. This is followed by the justification for using PLS.
The section then describes the factor analyses procedures and the assessment of the
measurement model. Finally, the section concludes with the techniques applied to evaluate the
structural model.
5.8.1 Structural Equation Modelling
This study uses structural equation modelling (SEM) to examine the relationships between the
constructs of the conceptual model and to assess the overall fit of the structural model (Chin
1998; Gefen, Straub & Boudreau 2000; Wetzel et al. 2009; Hair et al. 2012). SEM usually
involves two processes: analysis of the measurement model and analysis of the structural model.
The measurement model describes the measurement properties, such as the reliabilities and the
validities of the observed variables, and identifies how the latent variables and the hypothetical
constructs are measured in terms of the observed variables. The structural model, in contrast,
identifies causal relationships amongst latent variables and explains causal effects and the level
of unexplained variance (Chin 1998a; Gefen, Straub & Boudreau 2000; Gefen, Rigdon & Straub
2011).
SEM provides several advantages compared with other techniques, such as multiple regression
and path analysis (Chin 1998b; Gefen, Rigdon & Straub 2011; Goodhue, Lewis & Thompson
2012; Hair et al. 2012). SEM assesses the reliabilities of each of the latent variables considered
in the analysis, while path analysis assumes that underlying constructs and the scales used to
measure them are equal. In addition, SEM allows for modelling of the unexplained variance,
taking into account the structural equations. Finally, SEM provides measures of the overall fit
that can offer a summary evaluation of complex models, which is the case in this research (Chin
1998b; Gefen, Rigdon & Straub 2011; Goodhue, Lewis & Thompson 2012; Hair et al. 2012).
Chapter 5: Research Design and Methodology
185
Therefore, it was suitable to use SEM in this study. SEM has two main approaches: the
component-based approach or partial least squares (PLS) and the covariance-based approach
(CBSEM), such as LISREL and AMOS (Tenenhaus et al. 2005; Wetzels, Odekerken-Schroder
& Oppen 2009; Chin 2010, Goodhue, Lewis & Thompson 2012). Both PLS and CBSEM have
been used widely in previous research.
5.8.2 Why this Study Chose PLS
This study uses component-based SEM (PLS) for the following reasons. Firstly, PLS has a
number of advantages over LISREL and AMOS (Chin 2010; Hair et al. 2012). PLS allows a
smaller sample size and requires no assumptions about the distributions of the variables (Chin &
Newsted 1999; Gefen, Rigdon & Straub 2011). Statistical identification with formative models
is not an issue for PLS but is difficult for covariance-based SEM techniques (Chin 1998b). In
the current study, reflective variables and one formative construct are included in the research
model. In addition, PLS is effective in situations where the theoretical underpinning of the study
is changed or at an early stage (Chin 1998b) of the study. Therefore, the PLS technique is well-
suited for this research context because the adoption of IdMS is still a largely unexplored or
under-explored research area. It also allows for the specification of relationships among the
conceptual factors of interest and the measures underlying each construct (MacKenzie,
Podsakoff & Podsakoff 2011). Secondly, researchers have broadly agreed that PLS is well
suited for theory development, which is the case in this study (Qureshi & Compeau 2009;
Gefen, Rigdon & Straub 2011; Goodhue, Lewis & Thompson 2012; Hair et al. 2012). Thirdly,
PLS fits well with reflective models with large mediating and moderating effects, and it
provides acceptable statistical power (Chin, Marcolin & Newsted 2003; Henseler & Fassott
2010). Finally, PLS is particularly able to test large, complex models with latent variables
(Wetzels, Odekerken-Schroder & Oppen2009; Chin 2010) and “is virtually without
competition” (Wold 1985, p. 590). According to Chin (2010), a complex model is a model with
10 or more constructs and 50 or more items .Thus, the research model of the study is a complex
model as it contains 33 latent constructs (i.e. 26 first-order, four second-order, two third-order
Chapter 5: Research Design and Methodology
186
constructs, one interaction construct) and more than 50 items. Therefore, PLS is considered
more suitable for the current study than CBSEM techniques.
5.8.3 Factor Analysis
Factor analysis is a collection of methods for examining how underlying constructs influence
the responses on a number of measured variables (DeCoster 1998). Factor analyses are carried
out by investigating the pattern of correlations between the observed measures. Measures that
are either highly positively correlated or negatively correlated are likely to be impacted by the
same factors, whereas those that are relatively uncorrelated are likely to be affected by different
factors (DeCoster 1998; Gefen & Straub 2005). Exploratory factor analysis (EFA) and
confirmatory factor analysis (CFA) are basically two types of factor analysis. EFA is performed
to determine the number of constructs and the underlying factor structure, while the purpose of
CFA is to determine the ability of a predefined factor model to fit an observed set of data
(DeCoster 1998; Costello & Osborne 2005; Gefen & Straub 2005).
The literature indicates that it is not clear whether researchers should or should not combine
exploratory and confirmatory factor analyses (Conway & Huffcutt 2003; Gefen & Straub 2005;
Marsh et al. 2009). Conway and Huffcutt (2003) suggested that the researcher should carefully
consider whether EFA is appropriate in the first place (e.g. whether there is a clear expectation
about the factor pattern). They argued that CFA probably provides a better approach for existing
instruments since it takes sampling error into account more effectively than EFA does.
DeCoster (1998) recommended that if there is a significant lack of fit when CFA was
performed, it is perfectly acceptable to follow up with an EFA. Gefen, Straub and Boudreau
(2000) compared an EFA with a CFA in PLS with the same data and showed that loadings of
the EFA were below the 0.40 threshold when the same loadings in PLS could be as high as 0.50.
In PLS, the establishment of factorial validity uses the CFA approach (Chin 1998b; Gefen,
Straub & Boudreau 2000). Accordingly, this study uses CFA to assess the model measurement
Chapter 5: Research Design and Methodology
187
as it has applied PLS. In this study, CFA was conducted using a structural equation modelling
tool, specifically SmartPLS 2.0 (Ringle, Wende & Will 2005).
5.8.4 Structural Model Evaluation
Explained Variance (R2)
To test the structural part of the research model, this study established the significance of all
paths estimated (Gefen, Straub & Boudreau 2000; Chin 2010). The study also relied on the
coefficient of determination, or the explained variance (R2), in order to check if the model
achieved acceptable goodness of fit as there was no other overall parametric criterion in PLS
(Gefen, Straub & Boudreau 2000; Chin 2010). R2 estimates the proportion of the explained
variance of the dependent variable about its mean that is depicted by the independent variable(s)
(Gefen, Straub & Boudreau 2000).
Predictive Relevance (Q2)
In addition, although PLS has established its prominence for approximating a complex model,
this study applied the predictive relevance (Q2) to establish further rigour in empirical results
(Chin 2010). The study argues that predictive relevance (Q2) is critical for assessing the
predictive validity of a complex model (Stone 1974; Geisser 1975; Chin 1998a; Chin 2010).
Chin (1995, p. 317) suggested that “the focus should be shifted from only assessing the
significance of parameter estimates (i.e., loadings and structural paths) to that of predictive
validity.” The Stone (1974) and Geisser (1975) sample re-use technique ensures predictive
relevance and represents a synthesis of function fitting and cross validation with the view “that
the prediction of observables is of much greater relevance than the estimation of what are often
artificial constructs – parameters” (Geisser 1975, p. 320).
Q2 assesses the predictive validity of a model using PLS based on the blindfolding procedure
(Tenenhaus et al. 2005; Chin 2010). This procedure omits data for a given block of measures
and then predicts the omitted element based on the following parameters (Chin 2010, p. 680):
Chapter 5: Research Design and Methodology
188
DD
D D
O
EQ
−= 12
where, E = the sum of squares of prediction error, O = the sum of squares error using the mean
for prediction, D = omission distance.
Q2 is performed through two forms of prediction techniques, that is, cross-validated
communality and cross-validated redundancy. The cross-validated communality is performed
using predicting data points by an underlying latent variable score, whereas the cross-validated
redundancy is performed using the latent variables employed for predicting the blocks in
question (Chin 2010). Q2 is generally approximated using an omission distance of 5-10 under
existing PLS software packages. This study approximates the cross-validated redundancy to
estimate the predictive relevance of the research model. Cross-validated redundancy Q2
exceeding zero indicates that the model has predictive relevance (Chin 2010).
5.9 Statistical Considerations Statistical rigour is critical in SEM and it therefore must be considered when using SEM
(Gefen, Rigdon & Straub 2011). This study considered some issues of statistical rigour as
recommended by Gefen, Rigdon & Straub (2011). Some important issues included the number
of observed variables, common method bias, sample size and power, missing data, distribution
assumptions, non-response bias and appropriate population (for more details, see Gefen, Rigdon
& Straub 2011). The following sub-sections outline the most critical issues of statistical rigour
that have been suggested in previous research: non-response bias, distributions assumptions and
common method bias, whereas, for structural and brevity purposes, other aspects are also
considered and discussed elsewhere in this thesis. For the number of observed variables, see
Section 6.2.1; for sample size and power, see Section 5.5.3; for missing data, see Sections 6.5.2
and 7.2.2; and for appropriate population, see Section 5.5.2.
Chapter 5: Research Design and Methodology
189
5.9.1 Non–responsive Bias
Non-responsive bias is a significant issue that should be taken into account to verify that there is
a selection bias among responders and the non-responders (Gefen, Rigdon & Straub 2011).This
issue occurs when more than a relatively small proportion of the respondents do not complete
the experimental treatment or fail to return the survey (Gefen, Rigdon & Straub 2011). In
addition, there is a variety bias among those who do complete the treatment or survey
(Armstrong & Overton 1977; Sivo et al. 2006; Gefen, Rigdon & Straub 2011). Non-response
bias can be tested by comparing the demographics of respondents and non-respondents and by
comparing the answers of waves of responders (Armstrong & Overton 1977; Sivo et al. 2006).
This assumes that if there are no significant differences among these groupings, then there is
less reason for concern (Armstrong & Overton 1977).
The comparison of the demographics of respondents and non-respondents to test non-response
bias is suitable with probability sampling while comparing among responders is appropriate
with non-probability sampling because, in this case, the issue of non-response has little meaning
(Couper 2000). As this study employed non-probability sampling, we considered non-response
bias among the respondents. To test for non-response bias, we compared the demographic
characteristics of the respondents in the two waves (early and late respondents) of data
collection during both the pilot and main study (Armstrong & Overton 1977; Churchill 1979;
Sivo et al. 2006) and this will be discussed further in Chapter 6 (Section 6.5.2) and Chapter 7
(Section 7.2.2) .
5.9.2 Distribution Assumptions
Normality is an important factor to be examined during data analysis as it assumes normal data
distributions (Field 2009; Gefen, Rigdon & Straub 2011). Multivariate normality of the data is
usually validated using the Kolmogorov-Smirnov and Shapiro-Wilk tests as well as by standard
skewness and kurtosis measures for the observed variables (Hair et al. 2010; Gefen, Rigdon &
Straub 2011). Researchers indicate that if the skewness and kurtosis measures are within the +2
Chapter 5: Research Design and Methodology
190
to -2 range, a data set is normally distributed; whereas others show that +3 to -3 ratings for
kurtosis is acceptable (Field 2009; Hair et al. 2010).
However, this study does not take the normality issue into consideration for the following
reasons. Firstly, data distribution is an important issue in selecting the estimation method with
CBSEM, while with PLS, it is not constrained by the need for normally-distributed variables
(Chin 1998b; Gefen & Straub 2005; Gefen, Rigdon & Straub 2011; Goodhue, Lewis &
Thompson 2012). Secondly, through confirmatory factor analysis, non-parametric Spearman
correlations are used instead of Pearson correlations (Chin 1998b; Gefen & Straub 2005; Field
2009). As the present study conducted a confirmatory factor analysis using PLS, there was no
need to test the normality of the data.
5.9.3 Common Method Variance
Common method variance (CMV) or common method bias (CMB) is “systematic error variance
shared among variables measured with and introduced as a function of the same method and/or
source” (Richardson, Simmering & Sturman 2009, p. 763). CMV may cause systematic
measurement error and further bias the estimations of the observed relationship among different
theoretical constructs (Podsakoff, MacKenzie & Lee 2003). Researchers have highlighted the
importance of evaluating the effect of CMV on the results of statistical analysis (Gefen, Rigdon
& Straub 2011). The issue of CMV has been identified as a major methodological concern
associated with survey-based studies (Lindell & Whitney 2001; Malhotra, Kim & Patil 2006)
and technology adoption-based research (Straub & Burton-Jones 2007; Sharma, Yetton &
Crawford 2009; Venkatesh, Thong & Xu 2012). Researchers generally agree that CMV has the
potential to affect the results of behavioural research results and a self-reported research method
(Lindell & Whitney 2001; Podsakoff, MacKenzie & Lee 2003; Malhotra, Kim & Patil 2006;
Chin, Thatcher & Wright 2012). Some researchers have also emphasized the importance of
assessing the impact of CMV on higher-order multi-dimensional constructs (Johnson, Rosen &
Djurdjevic 2011). As the survey is self-reported and collected through the same questionnaire
Chapter 5: Research Design and Methodology
191
during the same period of time with cross-sectional research design as well as the model
including higher-order constructs, the effect of CMV was taken into consideration in this study
(Podsakoff, MacKenzie & Lee 2003; Malhotra, Kim & Patil 2006; Richardson, Simmering &
Sturman 2009; Johnson, Rosen & Djurdjevic 2011; Chin, Thatcher & Wright 2012).
Researchers have developed a number of statistical techniques to control for the influence of
CMV in method research designs (see Appendix 5 for a detailed review of common CMV
techniques). Few differences exist between these well-established techniques in terms of their
ability to detect CMV (Malhotra, Kim & Patil 2006). However, there is a lack of empirical
evidence regarding their efficacy (Richardson, Simmering & Sturman 2009). In addition, some
researchers have identified a number of conceptual and empirical problems associated with
some of these techniques (Straub & Burton-Jones 2007; Richardson, Simmering & Sturman
2009; Chin, Thatcher & Wright 2012). For example, recently Chin Thatcher and Wright (2012)
found that the unmeasured latent method construct (ULMC) approach in PLS as proposed by
Liang et al. (2007) is not able to detect and control for CMV in PLS. Straub and Burton-Jones
(2007) argued that the marker variable technique is not able to control for CMV problems,
particularly those including the consistency motif and implicit theories. Therefore, researchers
have agreed that there are no potential benefits and there are likely to be risks in using a
particular or different technique (Richardson, Simmering & Sturman 2009; Chin, Thatcher &
Wright 2012). Richardson, Simmering and Sturman (2009) argued that “reviewers must
understand there are multiple perspectives regarding CMV and, to some extent, accept there is
no definitive evidence to date suggesting that one perspective is universally appropriate”(p.
796).
Accordingly, this study used Harman single-factor test technique to access the effect of CMV
(Podsakoff, MacKenzie & Lee 2003). It is also called the ‘single-factor’ test. Harman single-
factor test is the most widely-used technique that has been frequently employed in IS research to
address the issue of CVM (Malhotra, Kim & Patil 2006; Richardson, Simmering & Sturman
2009; Sharma, Yetton & Crawford 2009; Chin, Thatcher & Wright 2012). It is also the most
Chapter 5: Research Design and Methodology
192
widely recommended technique to address CMB (Podsakoff, MacKenzie & Lee 2003;
Richardson, Simmering & Sturman 2009; Gefen, Rigdon & Straub 2011). This technique
requires loading all the variables in a study into an exploratory factor analysis and examining
the unrotated principal components factor analysis solution to determine the number of factors
that are necessary to account for the variance in the variables (Podsakoff, MacKenzie & Lee
2003; Gefen, Rigdon & Straub 2011). The basic assumption of this test is that the presence of
CMV is indicated by either (a) a single factor will emerge from the factor analysis or (b) one
general factor will account for the majority of the covariance among the measures (Podsakoff,
MacKenzie & Lee 2003, p. 889).
5.10 Estimating the Higher-order Constructs The research model involved both unidimensional and hierarchical constructs. The
unidimensional construct (also referred to as a first-order construct) is defined as a construct
involving a single underlying dimension (Netemeyer, Bearden & Sharma 2003) while the
hierarchical construct, or the multi-dimensional construct, is defined as a construct involving
more than one dimension (Edwards 2001; MacKenzie, Podsakoff & Jarvis 2005; Petter, Straub
& Rai 2007; Wetzels 2009).
The important advantage of hierarchical modelling is that it appropriates for less model
complexity and more theoretical parsimony (Edwards 2001; MacKenzie, Podsakoff & Jarvis
2005). Furthermore, hierarchical modelling can be used to capture specific facets of a factor
which can better capture the complexity of human perceptions (Edwards 2001). However;
hierarchical modelling has a number of disadvantages. According to Edwards (2001, p. 152)
“[a]dvocates of multi-dimensional constructs endorse generality, breadth, and simplicity,
whereas critics promote specificity, precision, and accuracy. Given that both sets of objectives
are laudable, researchers would be better served by an integrative approach than by admonitions
to adopt one side of the debate.” Researchers agree with this view and recommend that they
Chapter 5: Research Design and Methodology
193
have to incorporate the unidimensional and multi-dimensional constructs in one theoretical
model (MacKenzie, Podsakoff & Podsakoff 2011).
SEM links a measurement model (also called an outer model) with a structural model (also
called an inner model) (Chin 1998b; MacKenzie, Podsakoff & Podsakoff 2011). The structural
model involves the relationships among independent, dependent and latent constructs, whereas
the measurement model matches the distribution of measures to latent constructs (Petter, Straub
& Rai 2007; MacKenzie, Podsakoff & Podsakoff 2011). The structural research model involves
10 unidimensional constructs (i.e. intention to use, intention to disclose identity information,
information disclosure, perceived usefulness, perceived ease of use, perceived risk, cost,
facilitating conditions, subjective norms and prior use of SSO), one interaction construct
between task characteristics and technology characteristics (i.e. fit) and three hierarchical
constructs (i.e. trusting beliefs, trust in the Internet and privacy concerns).
Previous studies on trust and privacy have specified these variables as an hierarchical construct
consisting of some dimensions and sub-dimensions in most cases (e.g. Smith 1996; McKnight et
al. 2002; Malhotra, Kim & Agarwal 2004; Junglas, Johnson & Spitzmuller 2008; Li et al. 2008;
Luo et al. 2010). For instance, McKnight et al. (2002) developed four high-level trust constructs
in e-commerce, namely, disposition to trust, institution-based trust, trusting beliefs and trusting
intentions that were then delineated into 16 first-order constructs. Li et al. (2008) developed a
multilevel multi-dimensional conceptual model for initial trust formation which consisted of
four second-order constructs and 12 first order-dimensions. Malhotra, Kim and Agarwal (2004)
operationalized Internet users' information privacy concerns as a second-order construct which
comprised three first-order constructs, that is, awareness, collection and error. Junglas, Johnson
and Spitzmuller (2008) identified privacy concerns in the location-based services context as a
second-order construct which consisted of four first-order dimensions, namely, collection,
unauthorized secondary use, improper access and error.
Chapter 5: Research Design and Methodology
194
Aligned with these studies, this research has specified trusting beliefs as a third-order,
hierarchical construct which consists of two second-order dimensions (i.e., trust in IdMS
providers and trust in the IdMS artefact) and six first-order dimensions (i.e., benevolence,
competence and integrity of IdMS providers and benevolence, competence and integrity of
IdMS artefact). Trust in the Internet is also specified as a third-order, hierarchical construct
which consists of one second-order dimension (i.e. structural normality) and four first-order
dimensions (i.e. structural assurance, benevolence, competence and integrity). Privacy concern
is modelled as a second-order, hierarchical construct which consists of seven first-order
dimensions (awareness, collection, control, choice, unauthorized secondary usage, improper
access and error).
5.10.1 Testing for Higher–order Constructs
Hierarchical constructs or higher-order factors can be estimated using multiple approaches
(Chin, Marcolin & Newsted 2003). This study used the most commonly used approach – the
repeated indicator approach (also known as the hierarchical component model) (Lohmoller
1989) to assess the higher-order constructs. In PLS, this procedure is implemented by measuring
a higher-order construct using the scores of its lower-order constructs (Lohmoller 1989;
Tenenhaus et al. 2005; Wetzels, Odekerken-Schroder & Oppen 2009). This approach applies the
repeated use of manifest variables (or indicators) which allows the study to capture in some way
the effect of the lower-order constructs on the outcomes of the higher-order constructs (Wetzels,
Odekerken-Schroder & Oppen 2009). Under this technique, the manifest variables are used
repeatedly, initially for first-order latent constructs to create primary loadings and then extended
for the second-order latent constructs (e.g. privacy concerns, trust in the IdMS artefact) and
third-order latent constructs (e.g. trusting beliefs) to create secondary loadings (Tenenhaus et al.
2005; Wetzels, Odekerken-Schroder & Oppen 2009).
Chapter 5: Research Design and Methodology
195
5.11 Control Variables Control variables (CVs) are commonly used to capture factors that are generally described as
extraneous to the desired effect (Carlson & Wu 2012). CVs include variables that influence our
understanding of the relationships between independent variables and dependent variables
(Atinc, Simmering & Kroll 2012; Carlson & Wu 2012). Control variables may be pursued
through experimental design or statistical means (Atinc, Simmering & Kroll 2012). With
experimental design, the researchers constrain experimental conditions to hold constant those
variables that might independently influence outcomes with manipulation, elimination or
inclusion, and randomization (Atinc, Simmering & Kroll 2012). Statistical control, on the other
hand, involves identifying potential factors that influence the relationship of an independent
variable on the dependent variable – sometimes referred to as “covariate” ,” confounding” and
‘‘nuisance’’ variable (Atinc, Simmering & Kroll 2012). Carlson and Wu (2012, p. 425)
identified the purposes of the statistical control as being to:
(a) estimate a ‘‘purified’’ relationship between variables
(b) estimate a ‘‘controlled’’ relationship between two variables that accounts for the
effects of other meaningful variables
(c) determine the incremental contribution that a variable makes to the prediction of a
dependent variable after the effects of other variables have been considered.
Accordingly, this study considered only the statistical inclusion control method; that is, we
examined variables that were entered as extraneous variables with a supposed relationship with
the dependent variables.
Researchers should distinguish between theoretically meaningful CVs and artefact CVs (Atinc,
Simmering & Kroll 2012; Carlson & Wu 2012). Theoretically meaningful CVs are variables
drawn from theory that provide an explanation for why the relationships in dependent variables
occur (Spector & Brannick 2011; Atinc, Simmering & Kroll 2012). Artefact CVs reflect
characteristics of samples (e.g. age, education, experience) that are associated with a dependent
Chapter 5: Research Design and Methodology
196
variable but provide no explanation for why relationships occur because they are often
empirically derived (Carlson & Wu 2012). In this study, artefact CVs are identified as gender,
age, education, Internet experience, Web services’ experience and previous experience with
identity theft (these control variables were previously discussed in Chapter 4, Section 4.13)
There is little, if any, evidence in support of when to include control variables in an analysis
(before or after the analysis and test hypothesis) (Spector & Brannick 2011; Atinc, Simmering
& Kroll 2012). Researchers have recently suggested adding contextual control variables
specifically to the artefact CVs in the last step after testing the research hypothesis and
conducting the data analysis (Spector & Brannick 2011; Atinc, Simmering & Kroll 2012;
Carlson & Wu 2012). Carlson and Wu (2012, p. 432) recommended that “researchers are
encouraged to add context CVs in the last step in hierarchical analyses” and theoretically
meaningful dependent variables “should be given the first opportunity to account for variance in
outcomes because they are associated with explanations.” Therefore, this study has entered and
examined the impact of the control variables in the research model after conducting the analysis
and testing the research hypothesis to eliminate the influences of sample characteristics and
estimate the relationships between meaningful dependent variables (as discussed further in
Chapter 7, Section 7.6).
Chapter 5: Research Design and Methodology
197
5.12 Summary The previous chapter discussed the development of the conceptual model and the establishment
of the research hypotheses. This chapter has described the methodological considerations that
support the current study. This chapter also presents the selected research paradigm and the
philosophical approach which was implemented. This was followed by the research outline and
a discussion of key methodological considerations undertaken in this study. The main sections
of this chapter were the research paradigm (Section 5.2); research approach (Section 5.3);
research method (Section 5.4); data collection and sampling process (Section 5.5); instrument
development (Section 5.6); reliability and validity (Section 5.7); data analysis technique
(Section 5.8); statistical considerations (Section 5.9); the higher-order construct estimation
(Section 5.10) and control variables (Section 5.11).
The next chapter will outline and discuss in detail the instrument development for this study.
Chapter 6: Instrument Development
6.1 Introduction This chapter outlines the development of the research instrument. To minimize measurement
error, it is important to develop a rigorously reliable and valid research instrument (Churchill
1979; Straub 1989; Moore & Benbasat 1991; MacKenzie, Podsakoff & Podsakoff 2011). Content
validity, construct validity and reliability, which are important evaluation criteria for instrument
development, will be established in this chapter (Gefen, Straub & Boudreau 2000). The
instrument development process was based on guidelines suggested in the literature (Churchill
1979; Moore & Benbasat 1991; Hinkin 1998; Recker & Rosemann 2010; Gefen, Rigdon &
Straub 2011; MacKenzie, Podsakoff & Podsakoff 2011). Figure 6.1 represents the steps which
were followed for the development of the research instrument and scale validation. The first step
in the instrument development process was to identify the domains of the constructs. The
researcher must clarify the definition of the construct, indicating what is included and what is
excluded in that given domain (Churchill 1979; Moore & Benbasat 1991, MacKenzie, Podsakoff
& Podsakoff 2011). This stage was discussed previously in the development of the conceptual
model in Chapter 4.
The remaining steps will be explained in the following sections.
Chapter 6: Instrument Development
199
Figure 6.1: Overview of instrument development procedure (Source: MacKenzie, Podsakoff & Podsakoff 2011, p. 296)
6.2 Item Creation and Identification
The objective of the item creation stage is to ensure content validity of the measurement items
(Moore & Benbasat 1991; Gefen, Rigdon & Straub 2011). Items must fit the content domains of
the construct definitions to show content validity (Gefen, Rigdon & Straub 2011). Consequently,
the first stage should be a conceptual definition of each construct of interest and should include a
list of initial items that closely match the dimensions of these construct definitions (MacKenzie,
Podsakoff & Podsakoff 2011). The original and adopted construct definitions used in this study
were described previously in Chapter 4.
This study follows Moore and Benbasat‘s (1991) procedure for creation of the list of items with
the following steps:
Chapter 6: Instrument Development
200
(1) Examine the literature for existing scales.
(2) Analyse the reliability of all measurements.
(3) Analyse and categorize all items, verifying their applicability to the research.
(4) Add items for constructs where all dimensions were not covered.
(5) Revise items—clarity of wording, adapt to agreement scale.
(6) Re-evaluate items, revise wording, and eliminate redundant or ambiguous items.
Adopting items from existing, already validated scales is one way of realizing a low
measurement error when generating candidates for items (Churchill 1979). Therefore, the initial
items created were based on two domains of the IS/IT research literature. The first domain was in
previous studies on IS/IT adoption from which sets of items were identified that previous studies
had shown to obtain the highest levels of validity and reliability. The second domain was in the
identity management literature which was searched in order to derive items from relevant
concept definitions in the IdMS domain. The next sub-section illustrates the construct
operationalization and initial item creation.
6.2.1 Construct Operationalization
Construct operationalization refers to the selection of a set of measurements (also called items or
indicators) that represents a theoretical construct in the best possible way (Swanborn 1987). It is
possible to adopt measures that have already been developed in previous studies or to develop
new measures from scratch (Churchill 1979; Neuman 2003). Hence, we adopted most of the
measures from the well-established literature with minor modifications to fit the context of this
study and designed some new items especially for this study. It is worth noting that, for these
items, it is the first time that they have been measured in the context of IdMS. Therefore, they
have been tested for reliability and validity in this study as is described in more detail in Sections
6.6.3 and 7.3. Table 6.1 to Table 6.5 present and describe the initial items created for this study
and their source.
Chapter 6: Instrument Development
201
How many items or indicators there should be for each latent construct is still an open debate in
the literature (Gefen, Rigdon & Straub 2011). Davis (1989) and Moore and Benbasat (1991)
suggested that at least 10 items per construct are needed to realize reliability levels of at least
0.80. Gefen, Rigdon & Straub (2011) implied that three indicators loading totally on one
common factor would statistically identify the individual factor measurement models. They also
argue that including multiple associated constructs within a single confirmatory factor model will
allow a model to achieve identification with fewer observed measures per construct (Gefen,
Rigdon & Straub 2011). However; Hinkin (1998) argued that there is no fixed rule guiding how
many items each construct should have. Regardless of the actual number of items in each
construct, it is very important to guarantee that the domain of each construct is sufficiently
sampled (Straub, Boudreau & Gefen 2004). Initially, the total number of items for each construct
ranged from two to 11 items per construct (see Tables 6.1 to 6.5).
Chapter 6: Instrument Development
202
Table 6.1: Initial items for first-order constructs Construct Item
Code Item Source
Intention To Use (INTU)
INTU1 INTU2 INTU3
I will definitely consider using IdMS. I predict I would use IdMS to manage my online identity. I am willing to use IdMS in the future.
(Davis 1989; Venkatesh et al. 2003)
Intention To Disclose Identity Information (INTD)
INTD1 INTD2× INTD3× INTD4® INTD5®
I would not hesitate to provide my identity information to an online service provider. It is important to me to protect my online identity. I am concerned with the consequences of sharing my identity information. I am likely to share my identity information online in the future. I believe my identity information is well-protected online.
(Bansal, Zahedi & Gefen 2010; Belanger & Carter 2008; Fogel & Nehmad 2009; Malhotra, Kim & Agarwal 2004)
Perceived Usefulness (PU)
PU1 PU2 PU3 PU4× PU5®
If I were to adopt an IdMS, it would enable me to improve the ability of managing my online identity in online transactions. If I were to adopt an IdMS, it would enhance my efficiency managing my online identity. If I were to adopt an IdMS, the effect of managing and controlling my online identity would improve. If I were to adopt an IdMS, it would make managing of my online identity easier. Overall, it will be useful using an IdMS.
(Davis 1989; Yu et al. 2005)
Perceived Ease of Use (PEOU)
PEOU1 PEOU2 PEOU3 PEOU4 PEOU5×
Learning how to use IdMS would be easy for me. I will find using an IdMS easy for me. It will be easy to manage and control my online identity using an IdMS. I will be skilful in using an IdMS. Overall, it will be easy to use an IdMS.
(Davis 1989 )
Perceived Risk (RISK)
RISK1 RISK2 RISK3 RISK4
Using an IdMS to manage and control my online identity would be risky. Using an IdMS subjects my online identity to potential fraud. Using an IdMS would add great uncertainty to my online transactions. Using an IdMS exposes me to an overall risk.
(Featherman & Pavlou 2003; Dinev & Hart 2006)
Cost (COST) COST1 COST2 COST3
I think the implementation cost of using an IdMS is high. I think the access cost of using an IdMS is high. I think the transaction fee for using an IdMS is high.
(Wu & Wang 2005; Chong , Chan & Ooi 2012)
Chapter 6: Instrument Development
203
Facilitating Conditions (FC)
FC1 FC2 FC3 FC4
I can easily access the Internet. I am confident about using the Internet. I have the resources necessary to use an IdMS. I have the knowledge necessary to use an IdMS.
(Venkatesh et al. 2003; Cho 2006)
Task Characteristics (TASK)
TASK1* TASK2* TASK3* TASK4* TASK5*
By using IdMS, I can create my online identity. By using IdMS, I can update my online identity. By using IdMS, I can delete my online identity. By using IdMS, I can control my online identity. By using IdMS, I have complete choice over what a particular online identity I release to a particular online service provider.
New Items
Technology Characteristics (TECH)
TECH1 TECH2* TECH3* TECH4* TECH5* TECH6* TECH7 TECH8 TECH9* TECH10* TECH11*
By using an IdMS, I would avoid going to an agency (such as bank) to update my identity information. By using an IdMS, I would control and manage my online identity anytime and anywhere. By using an IdMS, I can identify myself online. By using an IdMS, getting authorization to access my online identity would be easy. By using an IdMS, getting authentication to access my online identity would be easy. By using an IdMS, I would gain access to multiple resources. By using an IdMS, I would register and enrol myself to multiple service providers By using an IdMS, I would disclose the least amount and type of identity information. IdMS would enable my online identity to be used within systems based on different technologies. I can use IdMS in different operating systems with multiple Internet browsers. IdMS would provide me a consistent user experience for the management of identity information.
(D'Ambra & Wilson 2004a) (Goodhue & Thompson 1995)
Note*: New items created for this study Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1and Appendix 6.2); therefore, they were not included in the analysis. Note®: Items INTD4, INTD5, PU5 were reverse coded during data analysis. INTD4 reversed to INTD2; INTD5 to IND3; PU5 to PU4.
Chapter 6: Instrument Development
204
Table 6.2: Initial items for third-order trusting beliefs
Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1 and Appendix 6.2); therefore, they were not included in the analysis.
Third-order construct
Second-order construct
First-order construct
Item Code
Item Source T
rust
ing
Bel
iefs
(T
B)
Tru
st in
IdM
S A
rtef
act (
TIA
) Benevolence (TAB)
TAB1 TAB2 TAB3
I believe that an IdMS would act in my best interest. If I required help, an IdMS would do its best to help me. An IdMS would be interested in my well-being, not just its own.
(McKnight et al. 2002; Li et al. 2008)
Competence (TAC)
TAC1 TAC2 TAC3 TAC4
An IdMS would be competent and effective in managing my online identity. An IdMS would perform its role of managing my online identity very well. Overall, an IdMS would be a capable and proficient Internet online identity provider. In general, an IdMS would be very knowledgeable about online identities.
(McKnight et al. 2002; Li et al. 2008)
Integrity (TAI)
TAI1 TAI2 TAI3 TAI4×
An IdMS would be truthful in its dealings with me. I would characterize an IdMS as honest. An IdMS would keep its commitments. An IdMS would be sincere and genuine.
(McKnight et al. 2002; Li et al. 2008)
Tru
st in
IdM
S P
rovi
ders
(T
IP)
Benevolence (TPB)
TPB1 TPB2 TPB3
I believe that IdMS providers act in my best interest. If I required help, IdMS providers would do their best to help me. IdMS providers are in my well-being, not just their own.
(McKnight et al. 2002; Li et al. 2008)
Competence (TPC)
TPC1 TPC2 TPC3 TPC4
IdMS providers are competent and effective in managing my online identity. IdMS providers would perform its role of managing my online identity very well. Overall, IdMS providers are to be a capable and proficient Internet online identity provider. In general, IdMS providers are very knowledgeable about online identities.
(McKnight et al. 2002; Li et al. 2008)
Integrity (TPI)
TPI1 TPI2 TPI3 TPI4×
IdMS providers are truthful in their dealings with me. I would characterize IdMS providers as honest. IdMS providers keep their commitments. IdMS providers are e sincere and genuine.
(McKnight et al. 2002; Li et al. 2008)
Chapter 6: Instrument Development
205
Table 6.3: Initial items for third-order trust in the Internet Third-order construct
Second-order construct
First-order construct
Item Code
Item Source
Inst
itutio
nal–
base
d tr
ust :
Tru
st in
the
Inte
rnet
(T
I)
Situ
atio
nal N
orm
ality
(T
SN
)
Benevolence (TSNB)
TSNC 1 TSNC 2 TSNC 3
I feel that most Internet providers would act in a customer’s best interest. If a customer required help, most Internet providers would do their best to help. Most Internet providers are interested in customer well-being, not just their own wellbeing.
(McKnight et al. 2002)
Competence (TSNC)
TSNC 1 TSNC 2 TSNC 3
In general, most Internet providers are competent at serving their customers. Most Internet providers do a capable job at meeting customer needs. I feel that most Internet providers are good at what they do.
(McKnight et al. 2002)
Integrity (TSNI)
TSNI 1 TSNI 2 TSNI 3
I am comfortable relying on Internet providers to meet their obligations. I feel fine doing different transactions including business on the Internet since Internet providers generally fulfil their agreements. I always feel confident that I can rely on Internet providers to do their part when I interact with them.
(McKnight et al. 2002)
Structural Assurance (TSA)
TSA1 TSA2 TSA3 TSA4
The Internet has enough safeguards to make me feel comfortable using it to perform different transactions. I feel assured that legal and technological structures adequately protect me from problems on the Internet. I feel confident that encryption and other technological advances on the Internet make it safe for me to do transactions there. In general, the Internet is now a robust and safe environment in which to perform online transactions.
(McKnight et al. 2002)
Chapter 6: Instrument Development
206
Table 6.4: Initial items for second-order privacy concerns Second-order construct
First-order construct
Item Code Item Source
Pri
vacy
Con
cern
s Awareness (PAWN)
PAWN1× PAWN2® PAWN3® PAWN4®
IdMS providers should disclose the way the data are collected, processed, and used. It is very important to me that Iam aware and knowledgeable about how my identity information will be used. IdMS providers should explain why they would collect identity information. IdMS providers should explain how they would use the information collected about me.
(Malhotra, Kim & Agarwal 2004; Liu et al. 2005)
Collection (PCOL)
PCOL1 PCOL2 PCOL3 PCOL4×
It bothers me when an online service provider asks me for identity information. When an online service provider asks me for identity information, I sometimes think twice before providing it. It bothers me to give my identity information to so many online service providers. I'm concerned that online service providers are collecting too much identity information about me.
(Smith, Milberg & Burke 1996)
Control (PCON)
PCON1 PCON2
Consumer online privacy is really a matter of consumers’ right to exercise control and autonomy over decisions about how their information is collected, used and shared. I believe that online privacy is invaded when control is lost or unwillingly reduced as a result of an online transaction.
(Malhotra, Kim & Agarwal 2004)
Choice (PCH)
PCH1 PCH2 PCH3×
IdMS providers should give me a clear choice before disclosing identity information about me to third parties. IdMS providers have a mechanism to review and change incorrect identity information. IdMS providers should give me a choice to alter and delete my online identity.
(Liu et al. 2005)
Unauthorized Secondary Usage (PSU)
PSU1 PSU2 PSU3
When people give identity information to IdMS providers, they should never use the information for any other reason. IdMS providers should never sell the identity information in their databases to other companies. IdMS providers should never share identity information with other companies unless it has been authorized by the individuals who provided the information.
(Smith, Milberg & Burke 1996)
Improper Access (PIA)
PIA1 PIA2
IdMS providers should devote more time and effort to preventing unauthorized access to identity information. IdMS should take more steps to make sure that unauthorized people cannot access identity information in their computers’ databases.
(Smith, Milberg & Burke 1996)
Error (PERR)
PERR1 PERR2 PERR3
IdMS providers should take more steps to make sure that the identity information in their files is accurate. IdMS providers should have better procedures to correct errors in identity information. IdMS providers should devote more time and effort to verifying the accuracy of the identity information in their databases.
(Smith, Milberg & Burke 1996)
Note ×: Items marked with × were deleted after the expert panel phase (see Section 6.3.1 and Appendix 6.2); therefore, they were not included in the analysis. Note®: Items PAWN2, 3 and 4 were reverse coded during data analysis. PAWN2 reversed to PAWN1; PAWN3 to PAWN2; PAWN4 to PAWN3.
Chapter 6: Instrument Development
207
Table 6.5: Initial questions related to usage, control and demographic variables
Note: Constructs marked with * were modified after the expert panel phase (see Section 6.3.1 and Appendix 6.2).
Following the detailed descriptions for all the initial measurement items as presented in
Tables 6.1 to 6.5, we briefly highlight their operationalization below.
Construct Question Options for answers
Internet Experience
How long have you been using the Internet? o less than 1 year o between 1 and 3 years o between 4 and 7 years o between 8 and 10 years o 10 years or more
Internet and Web Services Usage Frequency
Approximately, how many hours per week you use each of the following online services and applications:
• Internet • Facebook • LinkedIn • Online Shopping • Internet Banking
o Do not use o <1 h o 1-4 h o 4-10 h o 10 -30 h o 30-60 h o < 60 h
Information Disclosure*
I often disclose my personal information and access my online data for:
O Non-financial transactions O Financial transactions
IdMS Knowledge* How would you rate your knowledge of identity management systems?
o know nothing o little knowledgeable o somewhat knowledgeable o knowledgeable o very knowledgeable
Prior use of IdMS *
Have you used any identity management system service or technology (e.g. single sign- on system)?
O Yes O No
Subjective Norms* Do you know anyone who is using an identity management system? If Yes , What percentage of the people you know are using an identity management system?
O Yes O No ____ %
Demographic Variables
Age : Gender : Education:
O 18-30 O 31 -40 O 41-50 O 51-60 O >60 O Female O Male O High school O Certificate or Diploma O Bachelor’s Degree O Master’s Degree or higher.
Chapter 6: Instrument Development
208
Consistent with our earlier conceptualization, the intention to use (INTU) was measured by the
extent to which a user had the predilection, willingness and gave consideration to using an IdMS
in the future (Davis 1989; Venkatesh et al. 2003). We measured the intention to disclose identity
information (INTDU) by the extent to which a user intended to engage their future intentions in
three specific risky behaviours—provide the online provider identity information (one item),
share identity information online (two items), and the protection of identity information (two
items) (Malhotra, Kim & Agarwal 2004; Belanger & Carter 2008; Fogel & Nehmad 2009).
Perceived usefulness (PU) was measured by five items that indicated the extent to which a user
believed that using a particular IdMS would enhance the control and management of his/her
online identities across the Web (Davis 1989). Perceived ease of use (PEOU) was also measured
by five items that specified the extent to which a user believed that using a particular IdMS to
manage his/her online identities would be free from effort (Davis 1989). We specified four
reflective indicators to measure perceived risk (RISK): the likelihood of identity theft (one item),
uncertainty (one item) and overall risk (two items) (Featherman & Pavlou 2003; Dinev & Hart
2006).
Cost was measured by three items in considering whether the costs of Internet access, transaction
fees and costs of implementing an IdMS were high (Wu & Wang 2005; Chong, Chan & Ooi).
Facilitating conditions (FC) were measured by four indicators that reflected use-related skills
including knowledge of IdMS and availability of resources for using the Internet and IdMS
(Venkatesh et al. 2003; Cho 2006).
The measurements for task and most technology characteristics were designed especially for this
study. Task characteristics were measured by four items that reflected aspects of user task
requirements: creation, deletion, update, control of online identities, and a fifth item which asked
whether the extant IdMS would provide a user with the mobility and a complete choice about his
or her identities. Technology characteristics were measured by 11 items that specified minimal
disclosure of information, human interaction, user experience, authentication and authorization,
anonymity, mobility (locability), identity provisioning and single sign-on. The measurements for
Chapter 6: Instrument Development
209
these two constructs were assessed for reliability, face validity, content validity, convergent
validity and discriminant validity, and were refined accordingly during the pre-test and the pilot
study phases (Churchill 1979; MacKenzie, Podsakoff & Podsakoff 2011). The fit construct is an
interaction of task and technology characteristics and thus it was not measured via the
questionnaire.
Trusting beliefs (TB) were modelled as a third-order construct formed by the following second-
order constructs. Firstly, trust in IdMS providers (TIP) was measured by its three sub-
dimensions’ constructs: the benevolence (3 items), competence (4 items) and integrity (4 items)
of Web service providers and online identity providers as suggested by McKnight et al. (2002)
and Li et al. (2008). Secondly, trust in the IdMS artefact (TIA) was also measured by 12 items
that represented its three sub-dimensions’ constructs: benevolence, competence and integrity of
IdMS services and applications that reflected users’ perceptions regarding the ability of the IdMS
to manage and control identities across the Web (McKnight et al. 2002; Li et al. 2008).
Trust in the Internet (TI) was also specified as a third-order construct which consisted of the
following second-order and first-order constructs. Situational normality (TSN) was modelled as a
second-order factor which was measured by its first-order factors: the benevolence (3 items),
competence (3 items) and integrity (3 items) of the Internet services and applications which
measured the extent to which a user believed that the Internet environment was a suitable, well-
ordered and favourable environment in which to disclose identity information and thus to use
IdMS (McKnight et al. 2002). Structural assurance (SA) was measured by four items that
indicated the guarantees, regulations, promises and legal recourse of the Internet (McKnight et al.
2002).
Privacy concerns were modelled as a second-order variable formed by seven first-order
dimensions: awareness, collection, control, choice, unauthorized secondary usage, improper
access and error. We specified four items for measuring awareness (PAWAN), that is, whether a
user was sufficiently informed about the use of data (Malhotra, Kim & Agarwal 2004; Liu et al.
2005). Collection (PCOL) was measured by four items that indicated whether the exchange of
Chapter 6: Instrument Development
210
users’ identity information was equitable and properly collected (Malhotra, Kim & Agarwal
2004; Poetzsch et al. 2009). Choice (PCH) was measured by three items which were whether
users could choose, alter or delete their identity information (Liu et al. 2005; Poetzsch et al.
2009). Three items developed to measure unauthorized secondary usage (PSU) reflected users’
concerns about the possibility of their identity information being shared with third parties
without their permission (Smith, Milberg & Burke 1996). Error (PERR) was measured by the
extent to which IdMS providers had ensured information accuracy in their databases (two items)
(Smith, Milberg & Burke 1996; Friedman, Crowley & West 2011). We measured control
(PCON) with two items related to whether users could control their identity information
(Malhotra, Kim & Agarwal 2004). Finally, improper access (PIA) was measured by two items
that reflected users’ concerns about IdMS providers ensuring that only authorized users could
access the databases containing identity information (Smith, Milberg & Burke 1996; Poetzsch et
al. 2009).
All items for the underlying constructs were altered to produce a statement with which the
respondent was asked to specify a degree of agreement in multiple-item scales on a seven-point
Likert scale which ranged from “strongly disagree” to “strongly agree”, with ‘1’ being strong
disagreement and ‘7’ being strong agreement (Hinkin 1998).
Information disclosure was measured by two items that specified users’ past personal
information-releasing frequency on the Web for financial and non-financial transactions.
Subjective norms were measured by two items that reflected whether people who were important
to online users would affect their decisions regarding using IdMS services and technologies
(Taylor & Todd 1995; Venkatesh & Davis 2000). Prior IdMS experience (prior use of SSO) was
measured as a dummy variable, using the options of answering ‘yes’ or ‘no’ to the question about
whether respondents had used “Web single sign-on systems” (accessing a site by using their
existing account (online identity) from an online service provider). Age and education were
measured by single items which represented years and education level respectively (Venkatesh et
al. 2003; Venkatesh, Thong & Xu 2012). Gender was measured by single item using a dummy
Chapter 6: Instrument Development
211
variable (male or female) (Venkatesh, Thong & Xu 2012). Internet usage and Web services’
usage experience were measured as the frequency of use (hours per week) using the anchors of a
seven-point scale ranging from “Do not use” to “more than 60 hours”.
6.3 Pre-Testing Survey Instruments
The pre-test stage was conducted to refine and validate the research instrument (Moore &
Benbasat 1991; Mackenzie 2011). The pre-test stage is beneficial for improving content validity,
fine-tuning the questionnaire layout, and testing the quality and reliability of the research
instrument (Hinkin 1998). In addition, questionnaire pre-testing is the only way to assess in
advance whether a questionnaire will causes any problems for respondents (Presser et al. 2004).
Accordingly, this stage specified measurement items that were most likely to be appropriate and
well understood in the final test (Gefen, Straub & Boudreau 2000; Recker & Rosemann 2010).
This study used expert panel review and survey pre-test techniques to assess the content validity
as discussed in the following sub-sections.
6.3.1 Expert Review
Straub (1989) highly recommended that researchers should conduct several rounds of instrument
pretesting with diverse groups of expert judges or panels in order to establish content validity.
This study conducted an individually-based expert review technique (Presser & Blair 1994;
Cazaja 1998). This phase aimed to identify potential respondent comprehension and data analysis
problems, and to obtain suggestions for revising the questionnaire (Straub 1989; Cazaja 1998).
The expert review technique can identify problems not detected by other techniques and is
relatively inexpensive (Presser & Blair 1994; Cazaja 1998). Presser and Blair (1994) compared
four pretesting techniques including cognitive interview, behaviour coding, conventional
interview (telephone interview) and expert review. They found that expert panels identified the
largest number of different problem types and was the least expensive method: the expert panels
and cognitive interview were the only techniques to identify a number of problems that would
affect data analysis.
Chapter 6: Instrument Development
212
Panel experts independently conduct an expert review on an assigned questionnaire determining
whether each item was problematic. Firstly, we determined the composition of the expert panel.
Expert panels are usually a small group of people (3-8) that includes subject matter experts and
professionals experienced in survey design, data collection and data analysis (Czaja & Blair
1996; Ramirez 2002). Therefore, the panel members were selected based on their individual
expertise in IdMS, questionnaire design and survey deployment. The expert panel was composed
of two identity and access management specialists who were an identity fraud consultant and an
IdMS architect, one Web service designer and developer, one e-research analyst and three IS
professors. We then asked each expert if she/her can help us in this phase. Each expert received
via email a file containing a copy of the research instrument and a questionnaire review form.
(For the initial draft questionnaire and review form from this phase, see Appendix 6.1). The draft
questionnaire and review form were designed so that each item had a ’problem indicator box’
which the panel member marked if he/she perceived a potential problem. Space was provided at
each question for notes about suspected problems and for giving feedback and suggestions. This
procedure was suggested by Ramirez (2002) as the vehicle for prompting commentary of the
reviewer, either written or spoken.
According to MacKenzie, Podsakoff and Podsakoff (2011, p. 304), two related judgments must
be made when assessing content validity: (1) is the individual item representative of an aspect of
the content domain of the construct? (2) are the items as a set collectively representative of the
entire content domain of the construct? Therefore, the panel members were asked to judge these
two issues. They were also asked to complete the questionnaire, comment on matters such as
wording, clarity and logical order, and suggest improvements (Straub 1989). Each expert was
asked to complete the form and to email it to the researcher. Feedback was received on average
five days after sending the review form.
Consistent with the panel’s feedback, several changes were made to the questionnaire (see
Appendix 6.2). In general, the expert panel was a useful and valuable phase in the development
of the questionnaire. The insightful and rich suggestions provided by the panel allowed the
Chapter 6: Instrument Development
213
researcher to further develop the content validity of the constructs as well as to fine tune some of
the items.
6.3.2 Questionnaire Design
The data collection process in this study was conducted using Web-based surveys (as discussed
in Chapter 5, Section 5.4.2). Thus, once the scale items were revised and pretested, the next stage
was the instrument design and the online questionnaire evaluation (Presser et al. 2004). Web
questionnaires should focus on their visual aspects and the survey should be designed in such a
way as to reduce the non-response rate (Crawford, Couper & Lamias 2001; Presser et al. 2004;
Hair et al. 2010; VanGelder, Bretveld & Roeleveld 2010). Some factors such as targeted
respondents’ interest, time constraints, questionnaire complexity, as well as lack of visual appeal
should be considered as they have an impact on response rates to surveys (Crawford, Couper &
Lamias 2001; Goeritz 2006). Questionnaire length does not influence the amount of missing data
or response rates (Rothman et al. 2009; VanGelder, Bretveld & Roeleveld 2010). In that regard,
the survey response procedure was organized and streamlined as much as possible in order to
potentially increase participation in the survey. Thorough attention was paid to the survey design,
layout, flow and wording as well as to offering a small incentive (Presser et al. 2004; Goeritz
2006; VanGelder, Bretveld & Roeleveld 2010). The survey questionnaire was organized as
follows (for the final questionnaire design used in this study, see Appendix 6.3):
A) Pre-survey 1. Consent
B) Survey Questionnaire 1. Introduction 2. Part 1: Questions related to Usage and Experience 3. Part 2: Questions related to Behavioural Intentions 4. Part 3: Questions related to Technology Perceptions 5. Part 4: Questions related to Risk Perceptions 6. Part 5 :Questions elated to Trust 7. Part 6: Questions related to Privacy Concerns 8. Part 7:Questions related to Attitude towards IdMS 9. Part 8:Questions related to Facilitating Conditions, Cost and Subjective Norms 10. Part 9: Demographics
C) Post-survey
1. Thank you note 2. Link to receive a gift.
Chapter 6: Instrument Development
214
The pre-survey stage included the drafting of the Participant Information Statement and Consent
Form in accordance with the requirements of the Human Research Ethics Advisory (HREA)
Panel of the University of New South Wales. This section highlighted information regarding the
objective and focus of the study, participation criteria, confidentiality, voluntariness and
anonymity. In addition, it emphasized information regarding the incentives offered for taking
part in the survey which were a summary of the study findings and a $5 Amazon voucher.
The survey question sections contained introductions and questions related to the construct
variables developed in this study. The introduction was designed to emphasize the aim and focus
of research and to provide a clear definition, background and some examples of IdMS.
This was followed by questions related to usage and experience of online services and
applications as well as IdMS. Although most of these questions were not required for the analysis
of this study, they would further notify the researcher concerning key characteristics of the
sample and add insights into aspects related to IdMS usage thus enriching the interpretation of
the data. The questions in Part 1 related to behavioural intentions: intention to use and intention
to disclose identity information. The questions in Part 3 contained questions related to
technology perceptions and contained the items from PU and PEOU. Part 4 focused on the
perceived risk construct. Part 5 contained questions related to trust in IdMS providers, trust in the
IdMS artefact and trust in the Internet. Part 6 included items related to privacy concerns. Part 7
contained questions related to individuals’ attitude towards IdMS including the task and
technology characteristics of IdMS. Part 8 focused on questions related to situational variables
contained items from facilitating conditions, cost and subjective norms. Finally, Part 9 collected
demographic information (age, gender, education and country).
The post-survey section included a thank you note and provided a link so respondents could
provide an email address to receive a $5 Amazon gift voucher. Respondents had the option to
accept the inducement or not. Including the link in the thank you note ensured that only
Chapter 6: Instrument Development
215
individuals who had completed the survey were able to get the gift. Also, using a separate
database to store email addresses ensured the protection of respondents’ anonymity.
6.3.3 Survey Pre-tests
Pre-tests were conducted to evaluate whether the mechanics for collecting the questionnaire were
adequate (Moore & Benbasat 1991; Hinkin 1998; Presser et al. 2004; MacKenzie, Podsakoff &
Podsakoff 2011). Testing methods must take in consideration the delivery mode as answers to
survey questions may be influenced by the mode in which the questions are asked (Presser et al.
2004). In that regard, many researchers emphasized that Web surveys require testing of aspects
unique to that mode (Crawford, Couper & Lamias 2001; Presser et al. 2004).
The next step was to upload the instrument to the online survey software provider
(https://asb.qualtrics.com). Several issues were addressed regarding the respondents’ monitor
display properties; the presence of browser plug-ins and features of the survey system needed to
be designed and enabled (Presser et al. 2004). Therefore, some interactions with the vendor were
necessary to ensure that the survey system met the necessary performance requirements. A few
issues were addressed related to the implementation of the screening questions. For example,
display logic feature was adapted to ensure that a participant answered the right question for
his/her experience with IdMS (e.g. users or non-users of an IdMS). In addition, ‘make answer
exclusive’ was created to prevent the respondent from having this answer choice selected at the
same time as other choices. A missing question alert was enabled in each question to avoid the
issue of missing data. In addition, a new ‘back button’ was created to allow participants to
navigate between sections. Moreover, some valuable features were enabled such as ‘save and
continue’ feature to allow respondents who did not complete the survey to go back and continue
from the point they left (this feature were enabled in the limited time of one week); and the ballot
box stuffing prevention was included which limited each person to taking the survey only once.
Once the survey system was up and running, two pre-test phases were conducted.
Chapter 6: Instrument Development
216
The first pre-test was conducted using five participants. They comprised two professors, one
IdMS specialist and two users of social networks and were asked to pre-test the questionnaire.
Participants were asked to complete the survey instrument and then to comment on matters such
as clarity, length, wording, flow, timing, layout and design as well as the technical aspects of the
survey software (Presser et al. 2004). On average, each participant took between 15 and 20
minutes to complete the survey. Their feedback provided a small number of recommendations on
how to improve the wording of the instructions and the sequence in which some parameters and
questions were shown. These suggestions were taken into consideration and several changes
were made to the questionnaire.
Several issues were reported in relation to the usage questions and construct items. The trust in
IdMS artefact construct item (TAC4: In general, an IdMS would be very knowledgeable about
online identities.) was reworded to improve clarity “In general, an IdMS would be an intelligent
solution for managing online identities.” Other feedback related to the layout of the question
regarding the frequency of use of online shopping and online payment services. Some
participants suggested that it would be better to ask about the number of times these services
were used. The question was then split into new questions asking about the number of times
instead of the number of hours. In addition, a frequency-of-use question related to Internet
banking was added.
The second pre-test was conducted using a sample of 30 participants from among PhD students
and academics from the School of Information Systems, Technology and Management,
University of New South Wales. Participants were also asked to report on content clarity, the
time required to complete the survey as well as on any issues they may have encountered with
the survey system when completing the survey. A few spelling errors were corrected based on
their feedback. In addition, it was suggested that the survey should define the IdMS providers to
whom it was referring. Therefore, a clear definition of IdMS providers was added in the
introduction of the survey. A test of the data collection and conversion to the SPSS, Smart PLS
2.0 procedure was conducted in this phase.
Chapter 6: Instrument Development
217
In general, doing the two pre-test phases using a sample representative of the actual
population of interest was very useful for improving content validity, fine-tuning the
questionnaire layout and design as well as testing the usability and reliability of the online
instrument (Hinkin 1998; Presser et al. 2004; MacKenzie, Podsakoff & Podsakoff 2011). The
finalized questionnaire used in the pilot and main study is presented in Appendix 6.3.
6.4 Measurement Model Specification
Once a pre test has been conducted and the content validity of items has been generated, the next
step is to specify a measurement model that captures the expected relationships between the
construct and/or sub-construct and the indicators they are intended to represent (MacKenzie,
Podsakoff & Podsakoff 2011). Construct specification or the use of reflective or formative
modelling is an important issue that should be considered in instrument development as
misspecification of the research model causes measurement errors and then leads to inappropriate
results (Chin 1998a; MacKenzie, Podsakoff & Jarvis 2005; Petter, Straub & Rai 2007, Wetzels,
Odekerken-Schroder & Oppen 2009; MacKenzie, Podsakoff & Podsakoff 2011). Hence,
researchers should pay careful attention to the theoretical meaning of the constructs and the
directional correlation between the construct and measures in order to ensure conceptual,
methodological and empirical rigour (Straub, Boudreau & Gefen 2004; Freeze & Raschke 2007;
Petter, Straub & Rai 2007; MacKenzie, Podsakoff & Podsakoff 2011).
This study modelled all underlying constructs as reflective variables based on the literature, the
expert views as well as the decision criteria of MacKenzie, Podsakoff and Jarvis (2005), Petter,
Straub and Rai (2007), Freeze and Raschke (2007) and MacKenzie, Podsakoff and Podsakoff
(2011) which are discussed as follows. Firstly, the indicators are reflective if they are
interchangeable. This means that indicators have a common theme and the same content. It also
implies that dropping one of the items would not change the conceptual meaning of the construct
as measurements are manifestations of constructs. Secondly, the indicators are reflective if the
direction of causality is from constructs to items. This indicates that changes in the underlying
constructs cause changes in the items. Therefore, based on the logic of model specification and
Chapter 6: Instrument Development
218
nature of causality in the conceptual model, all underlying constructs in this study were carefully
specified as reflective variables, ensuring that each construct presented a common latent variable
with reflective items and showing that changes in a construct were reflected by changes in the
measurements (Freeze & Raschke 2007; Petter, Straub & Rai 2007). However, it is important to
note that one control construct (Web services’ usage) was modelled as a formative variable (see
Chapter 7, Section 7.6). Table 6.6 shows the measurement model specification.
Table 6.6: The measurement model specification Constructs Type References Third-Order Constructs Trusting Beliefs Reflective McKnight et al. (2002); Li et al. (2008)
Trust in the Internet Reflective McKnight et al. (2002); Li et al. (2008)
Second-Order Constructs Trust in IdMS providers Reflective McKnight et al. (2002); Li et al. (2008) Trust in IdMS artefact Reflective McKnight et al. (2002); Wang and Benbasat
(2005); Li et al. (2008) Privacy Concerns Reflective Smith, Milberg and Burke (1996); Malhotra, Kim
and Agarwal (2004); Junglas, Johnson and Spitzmuller (2008)
Unidimensional (First-Order) Constructs Intention to use Reflective Davis (1989 ) Venkatesh et al. (2003)
Intention to disclose identity information
Reflective Belanger and Carter (2008); Fogel and Nehmad (2009); Bansal, Zahedi and Gefen (2010)
Information disclosure Reflective Malhotra, Kim and Agarwal (2004); Metzger (2004); Xu et al. (2011)
Perceived usefulness Reflective Davis (1989); Davis Bagozzi and Warshaw (1989)
Perceived ease of use Reflective Davis (1989); Davis Bagozzi and Warshaw (1989)
Perceived risk Reflective Featherman and Pavlou (2003); Dinev and Hart (2006)
Benevolence, competence and integrity of IdMS providers
Reflective McKnight et al. (2002); Gefen, Karahanna and Straub (2003)
Benevolence, competence and integrity of IdMS artefact
Reflective McKnight et al. (2002); Gefen, Karahanna and Straub (2003); Wang and Benbasat (2005)
Awareness, collection, control, choice, secondary usage, improper access and error
Reflective Smith, Milberg and Burke (1996); Malhotra, Kim and Agarwal (2004); Liu et al. (2005)
Task characteristics; technology characteristics; fit
Reflective Goodhue and Thompson (1995); D'Ambra and Wilson (2004a); Strong, Dishaw and Bandy (2006)
Cost Reflective Wu and Wang (2005)
Facilitating conditions Reflective Venkatesh et al. (2003); Cho (2006)
Subjective norms Reflective Taylor and Todd (1995); Venkatesh and Davis (2000)
Prior SSO use Single Item N/A Internet usage frequency Single Item Castaneda, Munoz-Leivaa and Luquea (2007);
Kim (2008) Web service usage frequency Formative N/A
Age, gender and education Single item Venkatesh et al. (2003); Venkatesh, Thong and Xu (2012)
Chapter 6: Instrument Development
219
6.5 Pilot Study The next stage of the instrument development process was a "full-scale" pilot study (Moore &
Benbasat 1991; Straub, Boudreau & Gefen 2004; MacKenzie, Podsakoff & Podsakoff 2011).
After the research instrument was pretested and refined, a pilot test was conducted to assess the
likely response rates and to confirm the scales’ reliability (Straub 1989; Straub, Boudreau &
Gefen 2004; MacKenzie, Podsakoff & Podsakoff 2011). In this stage, the questionnaires were
presented to a small sample (smaller than the respondents of the main study) of participants
whose backgrounds were similar to the target population of the final study (Hinkin 1998). Before
the pilot study was started, an application including the survey instrument was submitted and
approved by the Human Research Ethics Advisory (HREA) Panel of the Australian School of
Business, the University of New South Wales (see Appendix 6.4).
This section shows the data analysis and results of the pilot study. Firstly, the sampling
procedure is presented. This is followed by an analysis of the characteristics of the data set. It
then explains the confirmatory factor analyses processes and the assessment of the measurement
model.
6.5.1 Sampling Procedure
The pilot study was carried out among Facebook and LinkedIn users. The survey was made
available online and a note with a link to the questionnaire was advertised in a banner available
in Facebook and LinkedIn (as discussed previously in Chapter 5, Sections 5.5.2 and 5.5.5).
Therefore, only Facebook and LinkedIn users were able to see the note and access the survey.
The banner advertisement for the survey was placed on the Facebook and LinkedIn portal for
two weeks during June 2012. Respondents were offered a $5 Amazon gift voucher as an
incentive (see Section 5.5.4).
In total, 238 people clicked on the advertisement and were redirected to the survey website. A
total of 44 individuals (19% of the total clicks) stopped at the introduction and did not access the
questionnaire. Among the 194 who accessed the questionnaire, a group of 28 (14%) individuals
Chapter 6: Instrument Development
220
did not complete the questionnaire as they abandoned the survey at some stage. Moreover, 16
sets were excluded because they were identified as invalid responses. Therefore, the survey in
total yielded 150 useable responses (77% response rate). As a result, the sample of 150
respondents was considered sufficient for the purposes of the pilot study based on the criteria
discussed in a previous chapter (see Section 5.5.3).
6.5.2 Verifying Data Characteristics
The survey system automatically verified whether the data sets were completed or if any
questions were left unanswered. Respondents were required to complete a section before going to
the next section (Gosling et al., 2004). Thus, there was no need to carry out a missing data
analysis as the 150 data sets were all complete (Hair et al. 2010; Gefen, Rigdon & Straub 2011).
In addition, there was no need to test the normality of the data as discussed previously in Chapter
5, Section 5.9.2.
To test non-response bias, we formed two sub-samples according to the order in which
respondents had completed the survey (as discussed in Section 5.9.1). The first group included
the first 75 early respondents, while the second consisted of the last 75 late respondents
(Churchill 1979, Savio et al. 2006). These two groups were compared using a two-tailed t-test at
5% significance level (Field 2009). This test revealed that there were no significant differences
among the respondents. Therefore, non-response bias was not a concern in this study (Armstrong
& Overton 1977).
Finally, we conducted the Harman one-factor test to assess the influence of common method
variance (CMV) (as previously discussed in Section 5.9.3). All the variables were entered into an
exploratory factor analysis, using un-rotated principal components factor analysis to determine
the number of factors that were necessary to account for the variance in the variables (Podsakoff,
MacKenzie & Lee 2003; Sharma, Yetton & Crawford 2009). The results of the Harman one-
factor test showed that 14 factors were present and that 33.5% was the most covariance explained
by one factor. Thus, this test showed that CMV was less of a concern in this study (Podsakoff,
MacKenzie & Lee 2003; Johnson, Rosen & Djurdjevic 2011; Chin, Thatcher & Wright 2012).
Chapter 6: Instrument Development
221
6.5.3 Measurement Assessment
6.5.3.1 First–order constructs
The study conducted confirmatory factor analysis (CFA) to assess the measurement quality of
first-order constructs based on their reliability, convergent validity and discriminant validity
(Straub 1989; MacKenzie, Podsakoff & Podsakoff 2011). The first step in conducting the CFA
was to load the measurement model into Smart PLS 2.0 software. The first model was based on
the original research model which contained 92 items: the second model was a refined version
developed following the results of the original model which are presented below.
Reliability determines the degree to which measures are free from random error. According to
Moore and Benbasat (1991), reliability can be used as a criterion for excluding weak measures.
They suggested that an item be removed from the analysis if its loading was less than 0.7. The
first reliability test showed that all the indicators of the original model had loadings equal to or
above 0.7 except for six items; that is, FC1, PCOL1, TECH4, TECH5, TECH7 and TECH11 (see
Table 6.7). Therefore, these items were dropped and not included in the subsequent analysis.
Removing these items resulted in the improvement of the reliability of the relevant constructs.
The CFA was repeated and a refined measurement model was generated which contained the rest
of the 86 items which demonstrated the second reliability and construct validity test.
We examined the reliability of all latent constructs using Cronbach’s alpha and composite
reliability (CR) (as discussed in Chapter 5, Section 5.7.1). Table 6.8 showed that all the scales
were reliable, as Cronbach's alpha and the CR of all constructs exceeded the 0.70 cut-off value
(Fornell & Larcker 1981). However, Cronbach's alpha (α) of some first-order dimensions of the
second-order privacy concerns factor, that is, choice (α = 0.553) and collection (α = 0.622)
factors were below 0.70 which was acceptable as suggested by Straub, Boudreau and Gefen
(2004). All were constructs with a composite reliability over 0.80 which exceeded the cut-off of
0.70 (Fornell & Larcker 1981; Chin 1998a; Gefen, Rigdon & Straub 2011).
Convergent validity estimates the consistency across the indicators. To examine the convergent
validity, we used the rules suggested by Gefen and Straub (2005) and Fornell and Larcker (1981)
Chapter 6: Instrument Development
222
(as discussed previously in Section 5.7.2.2). In PLS, the statistical significance of indicators can
be determined by the t-value which is estimated using a bootstrap standard error procedure (Chin
1998a, 1998b, 2010; MacKenzie, Podsakoff & Podsakoff 2011). A t-value is significant if it is
above 1.95, 2.68 and 3.29 at alpha protection levels of 0.05, 0.01 and 0.001 respectively. In this
phase, the t-value was calculated through a bootstrap resampling procedure using 150 cases and
1,000 samples (Gefen & Straub 2005; Chin 2010). As shown in Table 6.8, all estimated standard
loadings were significant (t-value > 1.96; p < 0.001) and of acceptable magnitude (Nunnally &
Bernstein 1994). The average variance extracted (AVE) was greater than 0.60 in all cases which
exceeded the 0.50 cut-off value, thus suggesting good convergent validity. It is worth noting that
this study follows Chin et al.’s (2010) and Gefen, Rigdon and Straub ’s (2011) suggestions in
terms of what to report in PLS and presents the reporting of statistics necessary for the reader to
be able to assess the conclusions drawn from data as shown in table 6.8.
To test discriminant validity, the extent to which different constructs differed from one another,
we used Fornell and Larcker’s (1981) criteria (discussed previously in Section 5.7.2.2). In Table
6.9, we calculated the square root of the AVEs in the diagonals of the correlation matrix. These
values were greater than the correlations of the construct with the other constructs (Fornell &
Larcker 1981; Chin 2010; MacKenzie, Podsakoff & Podsakoff 2011). We also examined both a
loading and cross-loading matrix (see Appendix 6.5). This examination indicated that each item
loaded more on its respective construct than on other constructs. These results suggested that the
items shared more common variance with their own constructs than with other constructs, thus
confirming the discriminant validity of the first-order constructs (Fornell & Larcker 1981; Chin
2010; MacKenzie, Podsakoff & Podsakoff 2011).
In general, the measurement assessment for all first-order factors was considered adequate with
the confirmation of satisfactory reliability (α and CR > 0.70) and convergent validity
(AVE > 0.50, significant loadings > 0.70, p < 0.001) (see Table 6.8) and discriminant validity
AVE > correlations (see Table 6.9). All constructs were thus confirmed as satisfactory and the
Chapter 6: Instrument Development
223
first-order constructs were used to test the interaction construct and higher-order constructs in the
next sub-sections.
6.5.3.2 Interaction construct
As we mentioned previously, this study adopted fit construct as the interaction variable between
task and technology characteristics factors. As PLS requires measures for every latent variable,
this study formed 35 items of fit from the interaction of the five task and seven technology
indicators. This method has been recommended for modelling latent variables in PLS (Chin,
Marcolin & Newsted 2003), and has been applied in previous research (Strong, Dishaw & Bandy
2006).
All fit scales was reliable as Cronbach’s alpha and composite reliability (α = 0.988; CR = 0.989)
were above 0.7 (Fornell & Larcker 1981; Chin 1998a; Gefen, Rigdon & Straub 2011). The AVE
for fit construct was greater than 0.5 (AVE = 0.718), confirming construct reliability and
convergent validity (Fornell & Larcker 1981; Chin 1998a; Gefen & Straub 2005). The factor
loadings of the fit construct were above 0.7 and ranged from 0.80 to 0.89, and all these loadings
were significant at p < 0.001 (Fornell & Larcker 1981; Chin 1998a). These results thus
confirmed the reliability and the validity of the fit construct.
Chapter 6: Instrument Development
224
Table 6.7: First reliability evaluation Item Original
Model Analysis Refined
Model Final Item Original
Model Analysis Refined
Model Final
COST1 COST2 COST3
0.905 0.907 0.870
Keep Keep Keep
0.905 0.907 0.870
Keep Keep Keep
PU1 PU2 PU3 PU4
0.782 0.786 0.818 0.771
Keep Keep Keep Keep
0.782 0.786 0.818 0.771
Keep Keep Keep Keep
FC1 FC2 FC3 FC4
0.671 0.696 0.809 0.841
Drop Keep Keep Keep
NA 0.706 0.909 0.927
Drop Keep Keep Keep
PEOU1 PEOU2 PEOU3 PEOU4
0.804 0.840 0.830 0.817
Keep Keep Keep Keep
0.804 0.840 0.830 0.817
Keep Keep Keep Keep
InfoD1 InfoD2
0.901 0.932
Keep Keep
0.901 0.932
Keep Keep
SN1 SN2
0.932 0.926
Keep Keep
0.932 0.926
Keep Keep
INTD1 INTD2 INTD3
0.875 0.864 0.856
Keep Keep Keep
0.875 0.864 0.857
Keep Keep Keep
TAB1 TAB2 TAB3
0.879 0.895 0.871
Keep Keep Keep
0.879 0.895 0.871
Keep Keep Keep
INTU1 INTU2 INTU3
0.856 0.863 0.848
Keep Keep Keep
0.857 0.863 0.848
Keep Keep Keep
TAC1 TAC2 TAC3 TAC4
0.761 0.779 0.860 0.720
Keep Keep Keep Keep
0.761 0.779 0.860 0.720
Keep Keep Keep Keep
RISK1 RISK2 RISK3 RISK4
0.849 0.862 0.916 0.847
Keep Keep Keep Keep
0.849 0.862 0.916 0.847
Keep Keep Keep Keep
TAI1 TAI2 TAI3
0.850 0.922 0.905
Keep Keep Keep
0.850 0.922 0.905
Keep Keep Keep
PAWN1 PAWN2 PAWN3
0.736 0.829 0.754
Keep Keep Keep
0.732 0.830 0.757
Keep Keep Keep
TPB1 TPB2 TPB3
0.862 0.890 0.860
Keep Keep Keep
0.862 0.890 0.860
Keep Keep Keep
PCH1 PCH2
0.860 0.793
Keep Keep
0.861 0.793
Keep Keep
TPC1 TPC2 TPC3 TPC4
0.821 0.812 0.848 0.730
Keep Keep Keep Keep
0.821 0.812 0.848 0.730
Keep Keep Keep Keep
PCOL1 PCOL2 PCOL3
0.672 0.864 0.783
Drop Keep Keep
NA 0.848 0.855
Drop Keep Keep
TPI1 TPI2 TPI3
0.833 0.887 0.884
Keep Keep Keep
0.833 0.887 0.884
Keep Keep Keep
PCON1 PCON2
0.908 0.879
Keep Keep
0.909 0.878
Keep Keep
TSNB1 TSNB2 TSNB3
0.775 0.868 0.848
Keep Keep Keep
0.775 0.868 0.848
Keep Keep Keep
PERR1 PERR2 PERR3
0.783 0.876 0.832
Keep Keep Keep
0.782 0.876 0.832
Keep Keep Keep
TSNC1 TSNC2 TSNC3
0.848 0.927 0.703
Keep Keep Keep
0.848 0.927 0.703
Keep Keep Keep
PIA1 PIA2
0.910 0.901
Keep Keep
0.911 0.900
Keep Keep
TSNI1 TSNI2 TSNI3
0.895 0.900 0.903
Keep Keep Keep
0.895 0.900 0.903
Keep Keep Keep
PSU1 PSU2 PSU3
0.892 0.916 0.883
Keep Keep Keep
0.892 0.917 0.883
Keep Keep Keep
TSA1 TSA2 TSA3 TSA4
0.797 0.858 0.858 0.844
Keep Keep Keep Keep
0.797 0.858 0.858 0.844
Keep Keep Keep Keep
TASK1 TASK2 TASK3 TASK4 TASK5
0.754 0.784 0.832 0.831 0.741
Keep Keep Keep Keep Keep
0.754 0.784 0.832 0.831 0.741
Keep Keep Keep Keep Keep
TECH1 TECH2 TECH3 TECH4 TECH5 TECH6 TECH7 TECH8 TECH9 TECH10 TECH11
0.776 0.740 0.757 0.539 0.630 0.688 0.755 0.823 0.782 0.756 0.409
Keep Keep Keep Drop Drop Drop Keep Keep Keep Keep Drop
0.810 0.808 0.761 NA NA NA 0.739 0.814 0.811 0.810 NA
Keep Keep Keep Drop Drop Drop Keep Keep Keep Keep Drop
Chapter 6: Instrument Development
225
Table 6.8: Results of confirmatory factor analysis and descriptive statistics of first-order measurements (pilot study)
Construct Mean Std. Dev
AVE CR α Item Mean Std. Dev
Loading Std. Err
t-value
Cost
5.260 1.257 0.799
0.923
0.875
COST1 COST2 COST3
5.19 5.34 5.25
1.494 1.442 1.275
0.905 0.907 0.87
0.012 0.014 0.015
76.588 62.243 57.044
Facilitating Conditions
5.624 .797 0.638
0.838
0.707
FC2 FC3 FC4
5.79 5.43 5.49
1.034 1.038 1.197
0.706 0.909 0.927
0.056 0.020 0.013
11.151 41.968 67.995
Information Disclosure
3.300 1.203 0.842
0.914
0.814
InfoD1 InfoD2
3.23 3.37
1.291 1.329
0.901 0.932
0.010 0.015
91.017 60.153
Intention to Disclose Identity Information
5.213 1.169 0.749
0.899
0.832
INTD1 INTD2 INTD3
5.69 5.71 5.69
1.003 1.222 1.042
0.875 0.864 0.857
0.012 0.020 0.011
71.050 43.447 78.422
Intention to Use
5.7 0.933 0.732
0.891
0.818
INTU1 INTU2 INTU3
5.02 5.21 5.41
1.407 1.348 1.296
0.857 0.863 0.848
0.024 0.017 0.016
35.811 51.399 53.532
Awareness
5.818 .777 0.599
0.817
0.664
PAWN1 PAWN2 PAWN3
5.92 5.78 5.75
987 1.022 1.003
0.732 0.83 0.757
0.034 0.022 0.029
21.600 37.356 26.214
Choice 5.627 .963 0.685
0.813
0.553
PCH1 PCH2
5.63 5.62
1.058 1.262
0.861 0.793
0.014 0.037
61.017 21.355
Collection 5.647 .881 0.726
0.841
0.622
PCOL2 PCOL3
5.71 5.58
1.051 1.018
0.848 0.855
0.024 0.019
35.443 44.338
Control 5.690 .893 0.799
0.888
0.750
PCON1 PCON2
5.75 5.63
1.005 .993
0.909 0.878
0.015 0.022
60.802 40.413
Perceived Ease of Use
5.840 .868 0.677
0.894
0.841
PEOU1 PEOU2 PEOU3 PEOU4
5.78 5.87 5.77 5.85
1.048 1.082 1.120 .992
0.804 0.84 0.83 0.817
0.022 0.026 0.027 0.032
36.657 32.908 30.501 25.195
Error
5.584 .840 0.690
0.870
0.775
PERR1 PERR2 PERR3
5.62 5.51 5.62
924 .974
1.133
0.782 0.876 0.832
0.026 0.016 0.019
30.339 55.421 44.592
Improper Access
5.823 .873 0.820
0.901
0.780
PIA1 PIA2
5.83 5.82
1.015 .913
0.911 0.9
0.011 0.013
83.637 69.481
Perceived Risk
4.923 1.389 0.756
0.925
0.893
RISK1 RISK2 RISK3 RISK4
5.13 4.52 4.79 5.26
1.328 1.955 1.740 1.313
0.849 0.862 0.916 0.847
0.021 0.010 0.008 0.012
40.734 84.448 122.577 68.532
Secondary Use
5.782 1.146 0.805
0.925
0.879
PSU1 PSU2 PSU3
5.68 5.81 5.86
1.328 1.278 1.226
0.892 0.917 0.883
0.018 0.012 0.019
50.653 75.133 47.192
Perceived Usefulness
5.807 .836 0.625
0.869
0.799
PU1 PU2 PU3 PU4
5.89 5.84 5.61 5.75
1.044 1.112 1.074 .984
0.782 0.786 0.818 0.771
0.034 0.030 0.024 0.030
23.529 26.535 34.046 24.894
Subjective Norms
5.487 1.047 0.863
0.927
0.842
SN1 SN2
5.51 5.46
1.116 1.139
0.932 0.926
0.013 0.011
68.939 83.329
Trust in IdMS Artefact - Benevolence
5.500 .915 0.777
0.913
0.857
TAB1 TAB2 TAB3
5.45 5.45 5.60
1.108 1.007 .997
0.879 0.895 0.871
0.014 0.012 0.014
61.984 72.689 63.851
Chapter 6: Instrument Development
226
Trust in IdMS Artefact - Competence
5.590 .800 0.611
0.862
0.787
TAC1 TAC2 TAC3 TAC4
5.64 5.61 5.58 5.53
.957
1.111 1.070 .946
0.761 0.779 0.86 0.72
0.048 0.031 0.015 0.038
15.939 25.305 58.532 19.209
Trust in IdMS Artefact - Integrity
5.469 1.051 0.797
0.922
0.872
TAI1 TAI2 TAI3
5.40 5.51 5.49
1.049 1.219 1.257
0.85 0.922 0.905
0.020 0.010 0.012
42.038 93.175 76.575
Task Characteristi-cs
5.501 .874 0.623
0.892
0.849
TASK1 TASK2 TASK3 TASK4 TASK5
5.66 5.49 5.46 5.44 5.46
1.140 1.122 1.091 1.084 1.103
0.754 0.784 0.832 0.831 0.741
0.032 0.027 0.028 0.025 0.040
24.434 29.361 30.256 33.137 17.810
Technology Characteristi-cs
5.600 .922 0.631
0.923
0.903
TECH1 TECH2 TECH3 TECH7 TECH8 TECH9 TECH10
5.56 5.73 5.71 5.75 5.61 5.50 5.73
1.272 1.191 1.211 1.074 .982 .981
1.274
0.81 0.808 0.761 0.739 0.814 0.811 0.81
0.025 0.032 0.035 0.029 0.023 0.026 0.026
32.189 25.586 22.210 25.736 36.246 31.015 31.738
Trust in IdMS Providers - Benevolence
5.378 .938 0.759
0.904
0.841
TPB1 TPB2 TPB3
5.35 5.40 5.39
.997
1.159 1.073
0.862 0.89 0.86
0.016 0.013 0.013
52.813 66.687 66.667
Trust in IdMS Providers - Competence
5.468 .811 0.647
0.880
0.818
TPC1 TPC2 TPC3 TPC4
5.53 5.55 5.37 5.43
.995
1.121 .965 .944
0.821 0.812 0.848 0.73
0.035 0.026 0.016 0.024
23.759 31.646 52.670 30.103
Trust in IdMS Providers - Integrity
5.502 .989 0.754
0.902
0.836
TPI1 TPI2 TPI3
5.49 5.58 5.44
1.015 1.177 1.218
0.833 0.887 0.884
0.020 0.016 0.014
42.177 54.678 63.386
Structural Assurance
5.338 .932 0.711
0.908
0.864
TSA1 TSA2 TSA3 TSA4
5.36 5.33 5.51 5.33
1.260 1.180 1.241 1.065
0.797 0.859 0.871 0.844
0.029 0.019 0.016 0.016
27.099 45.827 56.198 51.593
Situational Normality –Benevolence
5.473 .959 0.691
0.870
0.777
TSNB1 TSNB2 TSNB3
5.44 5.33 5.25
1.039 1.150 1.170
0.775 0.868 0.848
0.036 0.021 0.018
21.459 41.177 46.769
Situational Normality – Competence
5.416 1.130 0.707
0.877
0.790
TSNC1 TSNC2 TSNC3
5.45 5.47 5.49
1.207 1.103 1.122
0.848 0.927 0.703
0.015 0.012 0.064
60.288 79.327 11.062
Situational Normality – Integrity
5.400 1.063 0.809
0.927
0.882
TSNI1 TSNI2 TSNI3
5.39 5.43 5.43
1.258 1.271 1.239
0.895 0.9
0.903
0.013 0.020 0.014
70.459 46.112 65.236
Chapter 6: Instrument Development
227
Table 6.9: Correlations of the first-order measurement model (pilot study)
Note: The square root of AVE is shown in the diagonal.
Chapter 6: Instrument Development
228
6.5.3.3 Higher-order constructs
Higher-order constructs were estimated using the repeated indicator approach (Lohmoller 1989)
as discussed previously in Section 5.10.1. In this case, a third- and second-order factor were
directly measured by using the items of all of its first-order factors. We estimated measurement
properties of higher-order constructs, that is, the third-order trusting beliefs and trust in the
Internet constructs and second-order privacy concerns constructs. As shown in Table 6.10, the
third-order trusting beliefs construct consisted of 20 items of which 10 items (TAC, 4 items;
TAB, 3 items; and TAI, 3 items) reflected second-order trust in IdMS and 10 items reflected
second-order trust in IdMS providers (i.e. TPC, 4 items; TPB, 3 items; and TBI, 3 items). The
third-order trust in the Internet comprised 13 items of which nine items reflected second-order
situational normality (TSNB, 3 items; TSNC, 3 items; and TSNI, 3 items) and four items
specified first-order structural assurance. Finally, the second-order privacy concerns construct
included 17 items that reflected its first sub-dimensions, that is, PAWAN, 3 items; PCH, 2
items; PCOL, 2 items; PCON, 2 items; PERR, 3 items; PIA, 2 items; and PSU, 3 items.
The measurement quality of the reflective higher-order factors was tested following the
suggestions of Chin (1998b) and MacKenzie, Podsakoff and Podsakoff (2011). We assessed the
strength of the relationship between the third- and second-order constructs and their first-order
dimensions. All first-order dimensions and second-order factors were found to have significant
path coefficients. The result confirmed that the standardized loadings of the first-order latent
variables on the second-order constructs (trust in IdMS, trust in IdMS providers, situational
normality and privacy concerns) were either equal to or above 0.70 (Chin 1998a; MacKenzie,
Podsakoff & Podsakoff 2011) (see Table 6.10). Similarly, the loadings of the second-order
latent variables on the third-order trusting beliefs and trust in the Internet variables were equal
to or above 0.70 (Chin 1998b; MacKenzie, Podsakoff & Podsakoff 2011) (see Table 6.10). The
results also showed that all of these loadings were significant at p < 0.001. Furthermore,
Cronbach's alpha, CRs and AVEs of the second-order and third-order factors were greater than
0.80 and 0.50 respectively as shown in Table 6.10 (Fornell & Larcker 1981; Chin 1998a; Gefen,
Chapter 6: Instrument Development
229
Rigdon & Straub 2011). These results thus provided evidence of the reliability and the validity
of higher-order constructs in the pilot study phase.
Table 6.10: Results of confirmatory factor analysis and descriptive statistics of higher-order measurements (pilot study)
Construct Mean Std. Dev
AVE CR α No of items
Item Loadi-ng
Std. Err
t - value
Trusting Beliefs
5.489 .759 0.508
0.953
0.947
20 TIA TIP
0.960 0.964
0.007 0.006
144.907 156.437
Trust in Internet
5.401 .868 0.547
0.940
0.930
13 TSA TSN
0.916 0.976
0.013 0.004
73.241
225.763 Trust in IdMS Artefact (TIA)
5.527 .791 0.545
0.922
0.905
10 TAB TAC TAI
0.919 0.815 0.887
0.012 0.030 0.012
76.724 27.488 72.297
Trust in IdMS Providers (TIP)
5.451 .789 0.551
0.924
0.907
10 TPB TPC TAI
0.933 0.827 0.891
0.009 0.025 0.013
106.221 33.766 69.738
Situational Normality (TSN)
5.409 .869 0.552
0.916
0.895
9 TSNB TSNC TSNI
0.823 0.882 0.893
0.018 0.020 0.012
45.275 43.637 75.685
Privacy Concerns
5.713 .711 0.502
0.931
0.920
17 PAWAN PCH PCOL PCON PERR PIA PSU
0.828 0.765 0.651 0.650 0.836 0.847 0.815
0.022 0.030 0.044 0.060 0.022 0.019 0.022
38.66 25.345 14.889 10.824 37.669 44.434 37.259
6.6 Scale Refinement After individual discussions with three IS researchers, it was decided to add and modify a
couple of the items in order to better represent these new aspects (Hinkin 1998; MacKenzie,
Podsakoff & Podsakoff 2011). The new items received face validation from two academics and
later were subjected to the main study pre-test phase (MacKenzie, Podsakoff & Podsakoff
2011). Some responses suggested adding previous identity theft as an individual variable to
control some concerns such as risk and privacy. In that regard, one question was added
regarding previous experience of identity theft: “Have you been the victim of identity theft?”
Regarding the risk construct, one new item was added: RISK5”Using an IdMS increases the risk
of my online identity being stolen in the future” which aimed to measure the likelihood of
Chapter 6: Instrument Development
230
identity theft in the future and to improve risk reliability. Two items regarding the structural
assurance construct were modified: SA3”I feel confident that encryption and other technological
advances on the Internet make it safe for me to do transactions there” was changed to “I feel
confident that encryption and other technological advances on the Internet make it safe for me
to use an IdMS”. In addition, SA4: ”In general, the Internet is now a robust and safe
environment in which to perform online transactions” was modified to “I feel confident that
encryption and other technological advances on the Internet make it safe for me to use an
IdMS.” The purpose of this change was to make the question suitable for the context’s setting.
6.7 Summary This chapter has outlined the procedure undertaken to develop the research instrument.
Section 6.2 explained the development of the initial pool of items used in this research.
Section 6.3 illustrated the initial measurement refining procedures with the expert panel and
described the survey design and pre-test phase. This was followed by Section 6.4 that discussed
the measurement model specifications (the use of reflective or formative modelling). Section 6.5
presented the pilot study and refinement of the items via confirmatory factor analyses. Finally,
Section 6.6 presented the revised scales and research model.
The measurement refinement process provided some insight regarding the research model and
reduced the number of underlying constructs items used in the questionnaire from 103 to 87 (by
approximately 15%). Overall, the measurement model for the pilot study was considered
satisfactory with the evidence of adequate reliability (α and CR > 0.70) and convergent validity
(AVE > 0.50 and significant loadings > 0.70, p < 0.001) for all the constructs (see Tables 6.8
and 6.10) and discriminant validity ( AVE > correlations) for the first-order constructs (see
Table 6.9). As a result, all constructs were confirmed to be satisfactory and were used for the
main study to assess the model parameters and to test the research hypotheses in the next
chapter.
Chapter 7: Data Analysis and Results (Main Study)
7.1 Introduction
Once the pilot study was concluded and the research instrument was fully developed, the next
stage was to test the theoretical model using a large sample survey. Consequently, the purpose of
this chapter is to explain the results of the main study, as well as to test the research model and
related hypotheses. Firstly, the details enclosing the main survey are described. This is followed
by in-depth data analyses of the findings and the assessment of the research model.
7.2 Sampling Procedure As discussed in Chapter 5, the target population of interest in this study encompassed people
using social networking, specifically Facebook and LinkedIn users, and the data collection
method used was a Web-based survey questionnaire. The main study applied the same ethics
application as was used in the pilot study, approved by the Human Research Ethics Advisory
(HREA) Panel of the Australian School of Business, The University of New South Wales (See
Appendix 6.4). The aim of this stage was to gather more responses than those yielded from the
pilot study (>150). As discussed in Chapter 5 (Section 5.5.5) and applied in the pilot study, the
survey link was advertised in a banner through Facebook and LinkedIn sites using Facebook Adv
and LinkedIn Adv. The advertisements ran for four weeks in 2012 from August 17 to September
14. The advertisements were targeted at people who were over 18 years age and located in
Australia, USA, UK, Canada and India as explained previously in Sections 5.5.5 and 5.5.2.3.
Thus, only Facebook and LinkedIn users who fulfilled our criteria were able to gain access to the
survey and participate in the study. In addition, respondents were offered a $5 Amazon gift as
incentive (see Section 5.5.4).
In total, 840 people clicked on the advertisement and were directed to the survey website. It was
interesting to note that of these 840 individuals, 296 (35%) stopped at the introduction part and
Chapter 7: Data Analysis and Results
232
did not access the questionnaire. The initial analysis of the data set found that 544 (65% of the
individuals directed to the survey website) did not complete the questionnaire and exited the
survey at some point prior to completion. Among 361 completed responses, 29 surveys were
excluded. Nine responses were ruled out due to the fact, as was discussed in Chapter 5 (Section
5.5.2.2), that participants did not have knowledge about IdMS. A total of 20 data sets were
removed because they were invalid, either having the same answer to most questions or having
completed the survey in less than the average time (10 minutes). Therefore, 332 usable data sets
(39.5% of total clicks on the survey; 61% of questionnaires accessed) were used for further
analysis. The response rate exceeds the minimum threshold level (> 60%) for a Web survey
(Cook, Heath & Thompson 2000; Gosling et al. 2004). The sample size yielded was considered
adequate as it fulfilled the criteria for conducting confirmatory factor analysis using PLS as
previously discussed in Section 5.5.3 (Chin 1998a; Marcoulides, Chin & Saunders 2009; Hair et
al. 2012). Further considerations about the sample are presented in the next sub-section.
7.2.1 Profile of Respondents
Tables 7.1 and 7.2 show the demographics of the subjects and sample characteristics. The
subjects were mostly comprised of males (69.3%). An explanation of this disproportionate
number of females and males is because most of respondents are LinkedIn users (11.1% are not
LinkedIn users). LinkedIn has more male users than female users comparing with other social
networking sites, such as Facebook, that have significantly more female users than male users
(Hampton et al. 2011; Duggan & Brenner 2013). Our result is consistent with a survey conducted
by the Pew Research Center’s Internet and American Life Project that found that twice as many
men (63%) as women use LinkedIn (Hampton et al. 2011).
The ages ranged from 18-40 (85.2%) and 14.7% were older than 40 years. The sample was
relatively highly educated (87% had a Bachelor’s Degree or higher). These findings are in line
with recent survey reports that show that most social networking users are under 40 years of age
and well-educated (Hampton et al. 2011; Pring 2012a; Duggan & Brenner 2013). Most of the
subjects were from Australia and the United States, which represented 34.9% and 37% of
Chapter 7: Data Analysis and Results
233
participants respectively. The demographics analysis showed that 18.1% of the respondents had
been a victim of identity theft. This result corresponds to a previous report which argued that
English-speaking countries have the most identity fraud victims (Business Wire 2008; Finklea
2012).
Table 7.1: Demographics of Respondents Category Frequency Percent
Gender
Male 230 69.3
Female 102 30.7
Age (years)
18 - 30 101 30.4
31 - 40 182 54.8
41 - 50 37 11.1
51 - 60 9 2.7
> 60 3 0.9
Education High school 4 1.2
Certificate or Diploma 38 11.4
Bachelor’s Degree 214 64.5
Master’s Degree or higher 76 22.9 Country Australia 116 34.9
USA 123 37
UK 28 8.4
Canada 21 6.3
India 44 13.3
Of the total number of respondents, 15.7% did not use Facebook, whereas 11.1% did not have a
LinkedIn account. The majority of the respondents were highly active Internet users, as 84.4%
spent more than 10 hours online every week. It was also interesting to observe that only 3.3% of
the respondents did not use online shopping and 1.8% were not users of Internet banking. Our
findings indicated that social networkers, particularly Facebook and LinkedIn users, were active
online users and relatively intensive e-commerce users. These results are consistent with
previous research that reported that social networkers are the largest users of Internet services
(Nielson 2011; Pring 2012a, 2012b). Thus, the sample was appropriate for our study.
With respect to past online personal information disclosure, 4.5% of the sample indicated that
they had never provided identity information on the Web for non-financial transactions and 6.6%
Chapter 7: Data Analysis and Results
234
indicated a similar abstention from Web-based financial transactions. Respondents often
provided their personal information more than once a week for both financial (79, 23.8%) and
non-financial transactions (119, 35.8%).
Of the respondents, 217 (65.3%) indicated that they had used a type of IdMS particularly SSO
solutions (accessing a site by using their existing account from an online service provider). This
finding is consistent with a previous research study conducted by Blue Research
(http://www.blue-research.com/) , a market and management research firm used by technology
companies like Microsoft and Intel, which found that the majority of Web users (66%) saw SSO
as an alternative and attractive solution for accessing a website, and preferred to be offered this
service by websites, compared with 34% who preferred traditional sign-in methods (e.g.
passwords) (Olsen 2011).
Table 7.2: Sample Characteristics
Category Frequency Percent
Category Frequency Percent
Internet Usage Online Shopping Usage < 1 h 1 0.3 Do not use 11 3.3 1 - 4 h 10 3.0 Once a week 47 14.2 4 - 10 h 41 12.3 Twice a week 35 10.5 10 - 30 h 146 44.0 Three times a week 84 25.3 30 - 60 h 90 27.1 More than three times 91 27.4 > 60 h 44 13.3 Once a day 30 9.0
Facebook Usage More than once a day 34 10.2
Do not use 52 15.7 Internet Banking Usage
< 1 h 47 14.2 Do not use 6 1.8
1 - 4 h 47 14.2 Once a week 26 7.8
4 - 10 h 118 35.5 Twice a week 68 20.5
10 - 30 h 43 13.0 Three times a week 106 31.9
30 - 60 h 23 6.9 More than three times 66 19.9
> 60 h 2 0.5 Once a day 25 7.5
LinkedIn Usage More than once a day 35 10.5
Do not use 37 11.1 Prior Use of SSO
< 1 h 97 29.2 Yes 217 65.3
1 - 4 h 84 25.3 No 115 34.7
4 - 10 h 68 20.5 Identity Theft Victim
10 - 30 h 35 10.5 Yes 60 18.1
30 - 60 h 11 3.4 No 272 81.9
> 60 h 0 0
Chapter 7: Data Analysis and Results
235
Among the SSO solutions and IdMS technologies listed on the survey, Windows Live ID (92%)
and Google ID (88%) were the most known applications by this sample. These front-runners
were followed by Web single sign-on (75%), PayPal Access (69%) and Facebook Connect
(62%). Information Cards technology (28%) was the least well-known application. Table 7.3
presents the awareness of respondents regarding IdMS services and technologies.
Table 7.3: Knowledge of sample about IdMS applications
Application Knowledge
Microsoft Passport(Windows Live ID) 92%
Facebook Connect 62%
OpenID 45%
Card Space(Information Cards) 28%
Web single sign -on 75%
Password-management tools and software 46%
Google ID 88%
PayPal Access 69%
Cloud identity management software 32%
Others 1%
None of the above 2%
7.2.2 Verifying data characteristics
During the data collection procedure, the survey system was designed to verify whether the data
sets were complete, and alerted respondents to errors if any questions were left unanswered
(Gosling et al. 2004). As a result, all 332 data sets were complete and there was no need to
perform a missing data analysis (Hair et al. 2010; Gefen, Rigdon & Straub 2011). Another issue
to be considered during data analysis is to test normal data distribution assumptions (Gefen,
Rigdon & Straub 2011). As we discussed previously in Chapter 5 (Section 5.9.2), due to this
study having used PLS, there was no need to examine the normality of the data sets (Chin 1998a;
Gefen & Straub 2005; Gefen, Rigdon & Straub 2011).
Chapter 7: Data Analysis and Results
236
To test for non-response bias, we followed the procedure used in the pilot study that is described
in Chapter 5 (Section 5.9.1). We compared the demographic characteristics of the respondents in
the two waves of data collection based on the order of questionnaire completion (early and late
respondents) and we found no significant differences. Therefore, there were no concerns
regarding non-response bias in the study (Armstrong & Overton 1977; Savio et al. 2006; Gefen,
Rigdon & Straub 2011).
The issue of common method bias was also considered (Podsakoff, MacKenzie & Lee 2003;
Gefen, Rigdon & Straub 2011; Johnson, Rosen & Djurdjevic 2011; Chin, Thatcher & Wright
2012). We followed the procedure used in the pilot study as discussed previously in Section
5.9.3. The results from Harman one-factor test explained that 17 factors were present and the
most covariance showed by one factor was 37.8%. This indicated that common method bias is
not likely a concern in our results (Podsakoff, MacKenzie & Lee 2003; Johnson, Rosen &
Djurdjevic 2011; Chin, Thatcher & Wright 2012).
Respondents in our sample included both Facebook and LinkedIn users. One may suppose that
respondents from one site would tend to estimate Web technology usage and benefits or could be
subject to coverage errors (Groves et al. 2004; Dillman, Smyth & Christian 2008). Coverage
error is a bias in statistics that occurs when all members of the target population do not have an
equal (or known) probability of being comprised in the sample (Dillman, Smyth & Christian
2008). Hence, we investigated whether there was response bias in our data set due to
respondents’ recruiting being screened from each site. We divided the 332 full responses into
two groups: surveys screened from Facebook recruiting (148) and others obtained through the
recruitment screening from LinkedIn (184). We used ANOVA to test whether the mean variable
scores significantly differed between the two groups. The descriptive statistics and ANOVA
results are presented in Appendix 7.1. The p-value of the ANOVA and t-test at 5% significance
level for each factor is insignificant (Hair et al. 2010). In addition, the non-observational gap
between the target population and the sampling frame with recruiting from Facebook and
LinkedIn sites could investigate the coverage errors (Groves et al. 2004; Dillman, Smyth &
Chapter 7: Data Analysis and Results
237
Christian 2008). The analysis found that 132 (71.7%) of the people from LinkedIn had a
Facebook account, whereas 111 (75%) of the respondents from Facebook were LinkedIn users.
The estimates about coverage were therefore ascertained (Groves et al. 2004; Dillman, Smyth &
Christian 2008). These results indicated that data collection from two sites did not result in
serious biases in our data set.
7.3 Measurement Model
7.3.1 First-order Measurement Model
The study carried out confirmatory factor analysis (CFA) using Smart PLS 2.0 software to
confirm the properties of the first-order measurement model. To test the adequacy of the first-
order-construct measures, reliability, convergent validity and discriminant validity were
examined based on the criteria discussed in Chapter 5 (see Section 5.7).
As we discussed previously in Chapter 6 (see Section 6.4), this study modelled all underlying
constructs as reflective variables. As shown in Table 7.4, all the item loadings exceeded the cut-
off values of 0.7. Cronbach’s alphas were above 0.7 for all constructs except information
disclosure (α = 0.6), choice (α = 0.6) and collection (α = 0.67) that were greater than 0.6, which
was acceptable (Straub, Boudreau & Gefen 2004). Composite reliability (CR) was above 0.8
which exceeded the cut-off value of 0.7 for all of the constructs (Fornell & Larcker 1981; Chin
1998a; Gefen, Rigdon & Straub 2011). The highest CR was 0.939 for perceived risk, whereas the
lowest CR was 0.832 for choice. Therefore, the reliability was satisfactory.
To examine the convergent validity, we calculated the t-value for the indicators using a bootstrap
resampling procedure using 332 cases and 1,000 samples (Gefen & Straub 2005; Chin 2010).
The results showed that the t-value for all the indicators was above 3.29 and significant at p <
0.001 (Nunnally & Bernstein 1994) (see Table 7.4). In addition, we calculated the average
variance extracted (AVE) to confirm the convergent validity (Chin 1998a; Fornell & Larcker
1981). As shown in Table 7.4, the AVE for each construct was greater than the cut-off values of
0.50, thus suggesting good convergent validity (Fornell & Larcker 1981).
Chapter 7: Data Analysis and Results
238
As shown in Table 7.5, we calculated the square root of the AVEs in the diagonals of the
correlation matrix. These values were greater than the relationship of the construct with the other
variables in the first-order model. We also examined both a loading and cross-loading matrix
(see Appendix 7.2) .This examination showed that each item loaded more on its relevant
construct than other constructs. Therefore, these examinations confirmed the discriminant
validity (Chin 1998b, 2010; Fornell & Larcker 1981; MacKenzie, Podsakoff & Podsakoff 2011).
Accordingly, the study confirmed that all the item loadings, Cronbach alphas, CRs and AVEs
exceeded their respective cut-off values and ensured adequate construct reliability and validity
(Fornell & Larcker 1981; Chin 1998b; Gefen, Rigdon & Straub 2011). The first-order
measurement model was thus confirmed to be satisfactory and was used for testing the higher-
order measurement model as well as the structural model in the next sections.
Chapter 7: Data Analysis and Results
239
Table 7.4: The first-order measurement model (main study) Construct Mean Std.
Dev AVE CR α Item Mean Std.
Dev Loading Std.
Err t-value
Cost
5.01 1.07 0.736 0.893 0.819 COST1 COST2 COST3
5.04 5.02 4.95
1.300 1.239 1.204
0.802 0.923 0.844
0.028 0.011 0.022
28.689 84.515 38.067
Facilitating Conditions
5.25 .95 0.740 0.895 0.822 FC2 FC3 FC4
5.24 5.33 5.29
1.208 1.136 1.171
0.789 0.929 0.858
0.023 0.009 0.019
33.761 103.072 44.613
Information Disclosure
3.44 1.07 0.720 0.837 0.617 InfoD1 InfoD2
3.20 3.68
1.113 1.404
0.890 0.806
0.024 0.048
37.936 16.803
Intention to Disclose Identity Information
5.08 1.01 0.674 0.861 0.758 INTD1 INTD2 INTD3
5.04 5.01 5.18
1.255 1.163 1.271
0.848 0.807 0.806
0.019 0.031 0.021
45.805 25.849 38.448
Intention to Use
5.17 .96 0.750 0.900 0.832 INTU1 INTU2 INTU3
5.19 5.09 5.22
1.093 1.116 1.103
0.899 0.877 0.820
0.011 0.014 0.019
79.646 61.853 42.927
Awareness
5.22 1.03 0.749 0.900 0.832 PAWN1 PAWN2 PAWN3
5.26 5.14 5.27
1.240 1.165 1.182
0.825 0.910 0.860
0.018 0.009 0.012
46.036 99.044 71.655
Choice 5.40 .96 0.713 0.832 0.597
PCH1 PCH2
5.37 5.42
1.168 1.112
0.845 0.843
0.016 0.023
52.418 36.382
Collection 4.86 .99 0.749 0.856 0.666
PCOL2 PCOL3
4.80 4.92
1.188 1.106
0.847 0.883
0.017 0.013
48.933 67.201
Control 5.35 1.09 0.853 0.920 0.828
PCON1 PCON2
5.43 5.27
1.101 1.260
0.915 0.932
0.011 0.009
80.918 109.075
Perceived Ease of Use
5.41 .86 0.586 0.849 0.764 PEOU1 PEOU2 PEOU3 PEOU4
5.59 5.33 5.35 5.38
1.119 1.064 1.123 1.174
0.742 0.801 0.793 0.723
0.027 0.027 0.021 0.029
27.582 30.169 38.361 25.072
Error
5.20 1.01 0.746 0.898 0.830 PERR1 PERR2 PERR3
5.24 5.14 5.22
1.177 1.170 1.156
0.868 0.872 0.852
0.011 0.017 0.016
78.400 52.856 52.515
Improper Access
5.28 1.13 0.861 0.925 0.838 PIA1 PIA2
5.14 5.42
1.238 1.190
0.928 0.920
0.007 0.007
127.598 128.764
Perceived Risk
4.38 1.38 0.756 0.939 0.923 RISK1 RISK2 RISK3 RISK4 RISK5
4.24 4.22 4.36 4.53 4.57
1.504 1.569 1.555 1.526 1.767
0.857 0.851 0.923 0.878 0.835
0.043 0.040 0.031 0.034 0.037
19.923 21.070 30.093 25.589 22.608
Secondary Use
5.31 1.10 0.778 0.913 0.856 PSU1 PSU2 PSU3
5.39 5.35 5.19
1.230 1.270 1.252
0.866 0.931 0.847
0.017 0.009 0.015
51.039 108.788 56.497
Perceived Usefulness
5.23 1.00 0.711 0.908 0.864 PU1 PU2 PU3 PU4
5.27 5.04 5.26 5.35
1.206 1.192 1.194 1.131
0.814 0.881 0.849 0.827
0.019 0.013 0.016 0.019
43.822 69.713 54.379 42.847
Subjective Norms
4.72 1.37 0.831 0.907 0.796 SN1 SN2
4.70 4.75
1.524 1.492
0.915 0.908
0.018 0.025
50.164 36.767
Trust in IdMS Artefact - Benevolence
5.27 .97 0.680 0.864 0.763 TAB1 TAB2 TAB3
5.24 5.25 5.30
1.231 1.148 1.171
0.790 0.883 0.798
0.021 0.014 0.024
36.969 62.344 33.334
Trust in IdMS Artefact - Competence
5.15 .95 0.681 0.895 0.844 TAC1 TAC2 TAC3 TAC4
5.23 5.02 5.16 5.18
1.245 1.096 1.183 1.101
0.852 0.801 0.829 0.818
0.016 0.022 0.016 0.018
54.929 36.457 53.550 44.806
Chapter 7: Data Analysis and Results
240
Trust in IdMS Artefact - Integrity
5.28 1.00 0.740 0.895 0.823 TAI1 TAI2 TAI3
5.23 5.36 5.25
1.213 1.169 1.118
0.797 0.912 0.868
0.025 0.013 0.014
31.498 71.954 64.234
Task Characteristi-cs
5.15 .97 0.650 0.903 0.865 TASK1 TASK2 TASK3 TASK4 TASK5
5.24 5.01 5.16 5.20 5.21
1.257 1.036 1.210 1.163 1.206
0.832 0.809 0.800 0.814 0.774
0.015 0.022 0.021 0.019 0.024
55.648 37.431 38.555 43.943 32.971
Technology Characteristi-cs
5.21 .92 0.603 0.914 0.890 TECH1 TECH2 TECH3 TECH7 TECH8 TECH9 TECH10
5.04 5.30 5.26 5.16 5.03 5.21 5.48
1.217 1.269 1.211 1.295 1.172 1.053 1.095
0.741 0.816 0.803 0.822 0.765 0.717 0.766
0.029 0.019 0.023 0.018 0.027 0.026 0.022
25.876 43.134 34.959 46.017 28.432 27.913 35.038
Trust in IdMS Providers - Benevolence
5.09 .92 0.653 0.849 0.731 TPB1 TPB2 TPB3
5.01 5.08 5.17
1.134 1.093 1.182
0.791 0.878 0.750
0.023 0.017 0.026
34.588 53.338 28.413
Trust in IdMS Providers - Competence
5.06 .94 0.676 0.893 0.839 TPC1 TPC2 TPC3 TPC4
5.13 4.98 5.03 5.12
1.136 1.226 1.149 1.066
0.858 0.780 0.863 0.783
0.015 0.023 0.014 0.023
56.034 34.218 61.986 33.906
Trust in IdMS Providers - Integrity
5.29 .96 0.735 0.892 0.818 TPI1 TPI2 TPI3
5.27 5.48 5.11
1.057 1.218 1.074
0.811 0.904 0.854
0.021 0.011 0.015
38.181 82.414 57.760
Structural Assurance
5.13 .97 0.654 0.882 0.820 TSA1 TSA2 TSA3 TSA4
5.15 5.02 5.14 5.24
1.202 1.229 1.193 1.223
0.780 0.891 0.842 0.710
0.025 0.012 0.018 0.030
31.294 77.466 47.682 23.368
Situational Normality –Benevolence
4.87 1.06 0.755 0.902 0.837 TSNB1 TSNB2 TSNB3
4.95 4.85 4.81
1.261 1.218 1.195
0.884 0.885 0.836
0.017 0.013 0.014
52.998 68.371 59.179
Situational Normality – Competence
5.07 1.04 0.723 0.886 0.806 TSNC1 TSNC2 TSNC3
5.06 5.13 5.22
1.241 1.143 1.323
0.820 0.914 0.813
0.018 0.010 0.022
45.666 95.670 36.664
Situational Normality – Integrity
5.13 1.04 0.700 0.875 0.788 TSNI1 TSNI2 TSNI3
5.13 5.09 4.98
1.249 1.259 1.162
0.831 0.796 0.882
0.017 0.030 0.012
49.773 27.002 71.886
Chapter 7: Data Analysis and Results
241
Table 7.5: Correlations of the first-order measurement model (main study)
Note: The square root of AVE is shown in the diagonal.
Chapter 7: Data Analysis and Results
242
7.3.2 Interaction Measurement Model
As we mentioned previously, fit construct is an interaction variable between task and technology
characteristics factors. To employ this construct in the pilot study (see Section 6.5.3.2), we
formed 35 items of ‘fit’ from the interaction of the five task and seven technological measures as
suggested by Chin Marcolin and Newsted (2003) for modelling latent variables in PLS. All
loadings of the fit construct that were greater than 0.7 ranged from 0.794 to 0.902, and were
significant at p < 0.001 (see Appendix 7.3) (Fornell & Larcker 1981; Chin 1998a). The
Cronbach’s alpha and composite reliability (α = 0.90; CR = 0.98) for the fit constructs exceeded
the cut-off values of 0.7 (Fornell & Larcker 1981; Chin 1998a; Gefen, Rigdon & Straub 2011).
The AVE (= 0.741) for the fit construct was greater than 0.5, confirming construct reliability and
convergent validity (Fornell & Larcker 1981; Chin 1998a; Gefen & Straub 2005). Therefore, the
reliability and the validity of the fit construct were satisfactory.
7.3.3 Higher-order Measurement Model
At this stage, the study estimated the measurement of higher-order constructs, that is, the third-
order trusting beliefs and trust in the Internet constructs, and the second-order trust in IdMS, trust
in IdMS providers, situational normality and privacy concerns constructs. To test the
measurement proprieties of higher-order constructs, we followed the repeated approach
procedures described in Section 5.10.1 which were used in the pilot study (see Section 6.5.3.3).
The third-order trusting beliefs variable consisted of 20 items of which 10 items reflected
second-order trust in IdMS (TAC 4 items, TAB 3 items and TAI 3 items) and 10 items reflected
second-order trust in IdMS providers (i.e. TPC 4 items, TPB 3 items and TBI 3 items). The third-
order trust in the Internet comprised 13 items, of which nine items reflected second-order
situational normality (TSNB 3 items, TSNC 3 items, and TSNI 3 items) and four items specified
first-order structural assurance. Finally, the second-order privacy concerns construct included 17
items that reflected its first-order constructs, that is, PAWAN (3 items), PCH (2 items), PCOL (2
items), PCON (2 items), PERR (3 items), PIA (2 items) and PSU (3 items) (see Table 7.6). We
assessed correlations between the third and second-order latent variables and their first-order
Chapter 7: Data Analysis and Results
243
constructs (Chin 1998b; MacKenzie, Podsakoff & Podsakoff 2011). The result showed that all
path coefficients from the third-order factors to the second and first-order constructs were
significant at p < 0.001(see Table 7.6).
The study confirmed all loadings of the first-order latent variables on the second-order constructs
(trust in IdMS, trust in IdMS providers, situational normality and privacy concerns) were above
0.70 (see Table 7.6, Figures 7.1, 7.2 and 7.3). It also confirmed that the loadings of the second-
order trust in IdMS and trust in IdMS providers factors on the third-order trusting beliefs
variables exceeded 0.70 (see Table 7.6 and Figure 7.1). Similarly, the loadings of the structural
assurance and second-order situational normality latent variables on the third-order trust in the
Internet variable were greater than 0.70 (see Table 7.6 and Figure 7.2) (Chin 1998b; MacKenzie,
Podsakoff & Podsakoff 2011). Furthermore, the study confirmed that the Cronbach's alpha, CRs
and AVEs of the second-order and third-order variables were greater than 0.80 and 0.50
respectively as shown in Table 7.6 (Fornell & Larcker 1981; Chin 1998a; Gefen, Rigdon &
Straub 2011). These results presented evidence of the reliability and validity of the higher-order
constructs in the research model.
In Figure 7.1, the degree of explained variance of the third-order trusting beliefs construct was
reflected in its second-order dimensions; that is, trust in IdMS artefact (96%) and trust in IdMS
providers (95%). Consequently, variance of the second-order constructs was reflected in its
related first-order dimensions. For instance, the degree of explained variance of trust in IdMS
artefact was reflected in benevolence (77%), competence (83%) and integrity (75%). Similarly,
trust in IdMS providers was reflected in benevolence (73%), competence (82%), and integrity
(72%). In Figure 7.2, the degree of explained variance of the trust in the Internet construct was
reflected in the first-order structural assurance (82%) and second-order situational normality
variable (95%) that was reflected in benevolence (77%), competence (79%), and integrity (76%).
Finally, the privacy concerns construct was reflected in awareness (76%), choice (59%),
collection (59%), control (61%), error (68%), improper access (60%) and secondary use (72%)
Chapter 7: Data Analysis and Results
244
(see Figure 7.3). All these finding support our conceptualization of the trusting beliefs, trust in
the Internet and privacy concerns constructs as a higher-order structure.
Table 7.6: The higher-order measurement model (main study)
Construct Mean Std. Dev
AVE CR α No of items
Item Loadi-ng
Std. Err
t - value
Trusting Beliefs
5.18 .83 0.515 0.955 0.950 20 TIA TIP
0.979 0.977
0.003 0.003
304.872 291.672
Trust in Internet
5.06 .90 0.537 0.937 0.927 13 TSA TSN
0.907 0.977
0.012 0.003
78.066
361.604 Trust in IdMS Artefact (TIA)
5.22 .87 0.551 0.925 0.909 10 TAB TAC TAI
0.881 0.912 0.866
0.014 0.011 0.015
65.097 79.704 59.464
Trust in IdMS Providers (TIP)
5.14 .82 0.526 0.917 0.900 10 TPB TPC TAI
0.857 0.910 0.850
0.016 0.012 0.015
54.690 76.455 56.794
Situational Normality (TSN)
5.02 1.05 0.562 0.920 0.901 9 TSNB TSNC TSNI
0.879 0.888 0.877
0.013 0.014 0.012
68.866 64.382 71.372
Privacy Concerns
5.22 .84 0.511 0.947 0.940 17 PAWAN PCH PCOL PCON PERR PIA PSU
0.875 0.771 0.748 0.787 0.823 0.778 0.851
0.014 0.022 0.025 0.023 0.028 0.018 0.014
64.428 34.952 30.340 34.822 29.068 42.595 62.490
Figure 7.1: Third–order reflective trusting beliefs model
Chapter 7: Data Analysis and Results
245
Figure 7.2: Third-order reflective trust in the Internet model
Figure 7.3: Second-order reflective privacy concerns model
Chapter 7: Data Analysis and Results
246
7.4 Structural Model and Hypotheses Testing
7.4.1 Main Effect
To assess the structural relationships of the research model, this study employed partial least
squares (PLS) using SmartPLS 2.0 software (see Chapter 5, Section 5.8.2). The study calculated
the path coefficient (beta coefficients) between latent constructs, t-value and the variance
explained (R2) for all endogenous variables (Chin 2010). An endogenous variable (or construct)
is a dependent variable which has at least one causal relationship. In terms of a path diagram, the
endogenous variable is based on the inputs of one or more other variables (i.e. a construct which
has one or more arrows leading into it) (Straub, Boudreau & Gefen 2004). Furthermore, non-
parametric bootstrapping was carried out using 332 cases and 1,000 samples to obtain the
significance of each structural path (i.e. the t-value) between the constructs (Gefen, Straub &
Boudreau 2000; Gefen & Straub 2005; Chin 2010).The results of the path analysis and
hypothesis testing are shown in Table 7.7 and Figure 7.4.
The results indicate that of the 26 directly hypothesised relationships in the research model, eight
were non-significant. Our findings indicate that the intention to disclose identity information was
positively related to intention to use an IdMS (H1 was supported).The proposed impact of
perceived usefulness on the intention to use was significant but insignificant on the intention to
disclose identity information (H2a was supported; H2b was not supported). Perceived ease of use
was positively related to the intention to disclose identity information and trusting beliefs (H3
and H5d were supported). Both of the hypothesized relationships which related to the effect of
perceived risk on intention to use (H4a) and intention to disclose identity information (H4b) were
not supported. H5a, H5b, H5c and H5e were all supported with the positive relationships found
to be significant between trusting beliefs and intention to use, intention to disclose identity
information and perceived usefulness, as well as the negative relationship between trusting
beliefs and perceived risk.
Chapter 7: Data Analysis and Results
247
Trust in the internet was not related to an intention to use (H6a was not supported), but was
positively related to intention to disclose and trusting beliefs, thus H6b and H6c were confirmed.
Information disclosure was found to be positively related to an intention to disclose identity
information (H7 was supported). The negative associations between privacy concerns and the
intention to use, and information disclosure were significant, whereas the relationships between
privacy concerns, perceived risk and trusting beliefs were not significant. Thus H8a and H8b
were supported, whereas H8c and H8d were not accepted. The interaction between task and
technology characteristics (fit) was positively associated with the intention to use, perceived
usefulness, perceived ease of use and privacy concerns, thus H9a, H9b, H9c and H9d were
confirmed. Finally, the predicted negative influence of cost on intention to use was significant
supporting H10a. However, H10a and H10b were not confirmed as the positive impact of
facilitating conditions and subjective norms on intention to use was not significant. The
implications and interpretations of the findings for both significant and non-significant
relationships are discussed further in Chapter 8.
Chapter 7: Data Analysis and Results
248
Notes: 1. n.s. = not significant *p < 0.05; **p < 0.01; ***p < 0.001 2. Significant effect; ----> Insignificant effect
Figure 7.4: Results of the structural model
Chapter 7: Data Analysis and Results
249
Table 7.7: Results of the structural model and hypotheses testing Hypotheses Associations
Path Coefficient
Std. Error
t- value Supported
H1 Intention to disclose Intention to use 0.185* 0.073 2.522 Yes
H2b H2a
Perceived usefulness Intention to use Perceived usefulness Intention to disclose
0.312*** -0.043
0.067 0.056
4.691 0.765
Yes No
H3 Perceived ease of use Intention to disclose
0.205**
0.079
2.595
Yes
H4a H4b
Perceived risk Intention to use Perceived risk Intention to disclose
0.059 0.054
0.031 0.037
1.918 1.462
No No
H5a H5b H5c H5d H5e
Trusting beliefs Intention to use Trusting beliefs Intention to disclose Trusting beliefs Perceived usefulness Perceived ease of use Trusting beliefs Trusting beliefs Perceived risk
0.245* 0.228* 0.418*** 0.151*** -0.290*
0.110 0.098 0.091 0.044 0.129
2.219 2.322 4.588 3.464 2.248
Yes Yes Yes Yes Yes
H6a H6b H6c
Trust in Internet Intention to use Trust in Internet Intention to disclose Trust in Internet Trusting beliefs
-0.026 0.417*** 0.683***
0.054 0.098 0.072
0.470 4.249 9.440
No Yes Yes
H7 Information disclosure Intention to
disclose 0.236*** 0.054 4.347 Yes
H8a H8b H8c H8d
Privacy concerns Intention to disclose Privacy concerns Information disclosure Privacy concerns Perceived risk Privacy concerns Trusting beliefs
-0.223** -0.109* -0.012 0.139
0.086 0.051
0.049 0.072
2.607 2.106
0.239 1.918
Yes Yes
No No
H9a H9b H9c H9d
Fit Intention to use Fit Perceived ease of use Fit Perceived usefulness Fit Privacy concerns
0.279* 0.683*** 0.424*** 0.766***
0.109 0.029 0.085 0.043
2.552 23.434 5.015 17.783
Yes Yes Yes Yes
H10a H10b H10c
Cost Intention to use Facilitating conditions Intention to use Subjective norms Intention to use
-0.104* -0.016 0.008
0.049 0.033 0.023
1.971 0.4821 0.3644
Yes No No
Note: *p < 0.05; **p < 0.01; ***p < 0.001.
7.4.2 Moderate Effect
The study assumed that some predicted relationships in the research model would be different for
SSO experience and SSO inexperience. Hypotheses related to the moderating effects of previous
use of SSO were tested with the multi-group analysis suggested by Chin (1998b, 2010) and
Henseler and Fassott (2010). The sample was divided into SSO users and SSO non-users, and the
whole model was re-estimated for both sub-groups. The multi-group analysis was carried out by
Chapter 7: Data Analysis and Results
250
testing the effects of the previous SSO experience with the PLS-generated path coefficients and
their standard errors. The results of these tests are shown in Table 7.8.
The results demonstrate a difference between SSO users and non-users. The positive influence of
intention to disclose identity information on intention to use was significant for SSO non-users
(β = 0.306; p < 0.001), but not significant for users. This supports H11a, which predicted the
positive relationship between the behavioural intention to disclose identity information and
intention to use an IdMS was stronger among SSO non-users than users. In support of H11b, the
positive relationship between perceived usefulness and intention to use were stronger among
SSO non-users (β = 0.34; p < 0.001) than users (β = 0. 19; p < 0.1). The positive relationship
between trusting beliefs and intention to use was also significant and stronger for the SSO non-
users (β = 0.251; p < 0.1). H11d, on the negative relationship between privacy concerns and
intention to disclose identity information (β = 0.189; p < 0.1), and H11e, on the negative
association between cost and intention to use (β = -0.174; p < 0.001), were all shown to be
significant and stronger than for the SSO non-users.
Table 7.8: Results of moderating hypotheses Hypo-theses
Associations (SSO non-users > SSO users)
SSO non-users M = 115
SSO users N = 217
Supported
β Std. Error
β Std. Error
H11a Intention to disclose Intention to use
0.306*** 0.074 0.052 n.s. 0.044 Yes
H11b Perceived usefulness Intention to use
0.340*** 0.062 0.190* 0.079 Yes
H11c Trusting beliefs Intention to use
0.251* 0.099 0.143n.s. 0.091 Yes
H11d Privacy concerns Intention to disclose
0.189* 0.077 -0.14n.s. 0.095 Yes
H11e Cost Intention to use -0.174*** 0.036 -0.030n.s. 0.035 Yes
Note: n.s. = not significant *p < 0.05; **p < 0.01; ***p < 0.001.
Chapter 7: Data Analysis and Results
251
7.5 Structural Model Evaluation As was discussed previously in Section 5.8.4, this study relied on the ratio of explained variance
(R2) in order to confirm if the model achieved acceptable goodness of fit because there was no
other overall parametric criterion in PLS (Gefen, Straub & Boudreau 2000; Chin 2010). The
overall variance explained by the research model in terms of R2 was 0.652 for intention to use,
0.490 for intention to disclose identity information, 0.666 for perceived usefulness, 0.446 for
perceived ease of use, 0.787 for trusting beliefs and 0.587 for privacy concerns (see Table 7.9),
which were significantly large ( 2f > 0.35), consistent with the effect sizes identified for R2 by
Cohen (1988). The variance explained for information disclosure was 0.013 ( 2f < 0.02) and
was 0.023 for perceived risk ( 2f > 0.02) with the sizes of the effects being small (Cohen 1988).
Although PLS path modelling successfully approximated the research model, this study
established further rigour and tested the implications of predictive relevance (Q2). As discussed
in Section 5.8.4, predictive relevance, or the predictive sample reuse technique, is important for
testing the predictive validity of a complex model and for measuring how well-examined values
are replicated by the model (Stone 1974: Geisser 1975: Chin 1995; Chin 2010). To calculate Q2,
a blindfolding procedure was used with the omission distance of 7. The study obtained a cross-
validated redundancy Q2 of all the focal variables as shown in Table 7.9. All these values of Q2
exceeded zero (Q2 > 0), which was indicative of a highly predictive model (Chin 2010).
Table 7.9: Results of explained variance and predictive relevance
Constructs R2 Q2
Intention to use 0.652 0.511 Intention to disclose 0.490 0.335 Perceived usefulness 0.446 0.477 Perceived ease of use 0.787 0.311 Perceived risk 0.023 0.103 Trusting beliefs 0.787 0.400 Trust in Internet n.a. 0.099 Privacy concerns 0.587 0.306 Information disclosure 0.013 0.286 Fit n.a. 0.706 Cost n.a. 0.703 Facilitating conditions n.a. 0.764 Subjective norms n.a. 0.417
Note: n.a. = not applicable.
Chapter 7: Data Analysis and Results
252
7.6 Impact of Control Variables At this stage, the study investigated the effect of control variables, that is; demographic variables
(i.e. gender, age and education); Internet frequency usage; Web services frequency usage; and
previous experience of identity theft. As discussed in Chapter 5 (Section 5.11), the study
examined the influence of control variables in the research model after conducting the analysis
and testing the research hypothesis to eliminate the impacts of sample characteristics (Spector &
Brannick 2011; Atinc, Simmering & Kroll 2012; Carlson & Wu 2012). The measurement
properties of control variables and their impact are discussed in the following sub-sections.
7.6.1 First Analysis for Measurement Properties of Control Variables
This study adopted Web service experience which included Facebook, LinkedIn, online shopping
and online banking usage frequency as a formative construct. Therefore, we examined factor
weights, rather than factor loadings, which represent the contribution of each item to the relevant
construct. Table 7.10 shows that among the Web services, Facebook, online shopping and online
banking usage frequency contributed to the construct because they were significant at p < 0.05,
p < 0.001 and p < 0.01 respectively (Chin 1998a: MacKenzie, Podsakoff & Podsakoff 2011),
whereas LinkedIn’s usage frequency indicator was not significant. Thus, Web services’
experience usage finally included Facebook, online shopping and online banking usage
frequency to examine their overall effect on endogenous variables in the model. Consequently,
the measurement properties of the Web services usage factor were considered satisfactory with
evidence of adequate reliability and validity and were used for testing its predicted relationships.
Table 7.10: Measurement model of control variables – the formative construct Web services Weight
t-value
Facebook 0.276** 2.71
LinkedIn -0.006 n.s. 0.097
Online shopping 0.730*** 6.19
Internet banking 0.258* 1.96
Note: n.s. = not significant * p < 0.1; ** p < 0.05; *** p < 0.001.
Chapter 7: Data Analysis and Results
253
7.6.2 Impact of Control Variables
This study followed the recommended approach regarding entering the control variables in the
model (Atinc, Simmering & Kroll 2012; Carlson & Wu 2012) which had been applied in
previous studies (e.g. Malhotra, Kim & Agarwal 2004; Li et al. 2008). Control variables were
linked to all endogenous variables in the model; that is, intention to use, intention to disclose,
information disclosure, perceived usefulness, perceived ease of use, perceived risk, privacy
concerns and trusting beliefs. To determine the significant relationship, we calculated the path
coefficient and t-value as shown in Table 7.11.The results showed that nine of 48 relationships (6
covariate* 8 dependent variables) were significant.
Table 7.11: Impact of control variables
Notes: 1. *p < 0.05; **p < 0.01; ***p < 0.001.
2. INTU: intention to use; INTD; intention to disclose; InfoD: information Disclosure; PU: perceived usefulness; PEOU: perceived ease of use; PC: privacy concerns; PR: perceived risk; TB: trusting beliefs.
Control Variable
INTU INTD InfoD PU PEOU PC PR TB
Age
β -0.013 -0.010 -0.065 0.005 0.032 0.114 0.017 -0.016
t-value 0.585 0.295 1.69 0.184 0.952 1.915 0.557 0.712
Gender
β 0.034 -0.031 0.018 -0.012 0.065* 0.008 0.094 0.028
t-value
1.352
1.153
0.629
0.613
2.042
0.448
1.935
1.397
Education
β 0.044 -0.041 0.059 0.030 0.040 0.052 0.137* 0.001
t-value
1.635 1.136 1.672 1.179 1.215 1.349 2.401
0.042
Internet usage frequency
β 0.161*** -0.027 0.016 0.132*** 0.305*** 0.035 0.066 0.045
t-value
3.225 0.586 0.490 2.847 5.903 1.103 1.251 1.329
Web services usage frequency
β 0.025 0.188*** 0.624*** -0.167*** 0.074 -0.022 0.285*** 0.040
t-value 0.731 3.426 15.568 4.637 1.762 0.829 5.203 1.534
Previous experience of identity theft
β -0.011 -0.016 -0.037 -0.046 0.035 0.012 0.125* 0.043
t-value 0.565 0.595 1.196 1.849 1.140 0.012 2.086 1.625
Chapter 7: Data Analysis and Results
254
Age and gender were not found to have significant effects. Although the influence of gender on
perceived ease of use was significant (β = 0.065, p < 0.01) the path coefficient was below the
critical value of 0.1 (Lohmoller 1989; Chin 2010; Carlson & Wu 2012). Education alone was
positively related to perceived risk (β = 0.137, p < 0.01). Thus this study fails to accept H12a,
that is, that demographic factors (age, gender and education) have a direct effect on users’
perceptions of IdMS. The results also showed that internet experience had a large positive effect
on intention to use, perceived usefulness and perceived ease of use (p < 0.001). Thus, the study
partially accepted H12b, that is, Internet usage frequency has a significant impact on users’
perceptions of IdMS. Web services’ experience were positively correlated with intention to
disclose, information disclosure and perceived risk (p < 0.001), whereas it was negatively related
to perceived usefulness (p < 0.001). Thus, H12c, that is, Web services’ usage frequency has an
effect on users’ perceptions of IdMS, was partially supported. Finally, the effect of previous
experience of identity theft was only positively significant on perceived risk (β = 0.125,
p < 0.01). Therefore, the predicted hypothesis (H12d), that is, previous experience of identity
theft has an effect on users’ perceptions of IdMS, was not accepted. The implications of these
findings are discussed in Chapter 8.
7.7 Overall Findings of Hypotheses Testing Table 7.12 shows the overall finding of hypotheses testing in this study.
Chapter 7: Data Analysis and Results
255
Table 7.12: Overall results of hypotheses testing
Hypotheses Results
Mai
n E
ffec
ts
H1: Intention to disclose identity information has a positive effect on users’ intention to use IdMS. Supported H2a: Users’ perceived usefulness of IdMS has a positive effect on intention to use. Supported
H2b: Users’ perceived usefulness of IdMS has a positive effect on intention to disclose identity information. Not Supported
H3: Users’ perceived ease of use of IdMS has a positive effect on intention to disclose identity information. Supported
H4a: Perceived risk has a negative effect on intention to use IdMS. Not Supported
H4b: Perceived risk has a negative effect on intention to disclose identity information. Not Supported
H5a: Trusting beliefs have a positive effect on intention to use IdMS. Supported
H5b: Trusting beliefs have a positive effect on intention to disclose identity information. Supported
H5c: Trusting beliefs have a positive effect on users’ perceived usefulness. Supported
H5d: Users’ perceived ease of use of IdMS has a positive effect on their trusting beliefs. Supported
H5e: Trusting beliefs have a negative effect on perceived risk. Supported
H6a: Trust in the Internet has a positive effect on intention to use IdMS. Not Supported
H6b: Trust in the Internet has a positive effect on intention to disclose identity information. Supported
H6c: Trust in the Internet has a positive effect on trusting beliefs of IdMS. Supported
H7: Past identity information disclosure has a positive effect on users’ behavioural intention to disclose identity information. Supported
H8a: Privacy concerns have a negative effect on intention to disclose identity information. Supported
H8b: Privacy concerns have a negative effect on users’ past online information disclosure. Supported
H8c: Privacy concerns have a positive effect on perceived risk. Not Supported
H8d: Privacy concerns have a negative effect on trusting beliefs. Not Supported
H9a: The fit between IdMS task and technology characteristics has an effect on users’ behavioural intention to use. Supported
H9b: The fit between IdMS task and technology characteristics has a positive effect on users’ perceived ease of use. Supported
H9c: The fit between IdMS task and technology characteristics has a positive effect on users’ perceived usefulness. Supported
H9d: The fit between IdMS task and technology characteristics has a positive effect on users’ privacy concerns. Supported
H10a: Cost has a negative effect on behavioural intention to use IdMS. Supported
H10b: Facilitating conditions have a positive effect on behavioural intention to use IdMS. Not Supported
H10c: Subjective norms have a positive effect on behavioural intention to use IdMS. Not Supported
Chapter 7: Data Analysis and Results
256
Mod
erat
ing
Eff
ects
H11a: The positive relationship between behavioural intention to disclose identity information and intention to use an IdMS will be stronger among SSO non-users than users.
Supported
H11b: The positive relationship between perceived usefulness and behavioural intention to use an IdMS will be more significant for SSO non-users than users.
Supported
H11c: The positive relationship between trusting beliefs and behavioural intention to use an IdMS will be stronger among SSO non-users than users.
Supported
H11d: The negative relationship between privacy concerns and behavioural intention to disclose identity information will be stronger among SSO non-users than users.
Supported
H11e: The negative relationship between cost and behavioural intention to use an IdMS will be stronger among SSO non-users than users.
Supported
Eff
ects
of
Con
trol
V
aria
ble
s H12a: Demographic factors (age, gender, and education) have an effect on users’ perceptions of IdMS. Not Supported
H12b: Internet experience has an effect on users’ perceptions of IdMS. Partially Supported
H12c: Web services’ experience has an effect on users’ perceptions of IdMS. Partially Supported
H12d: Previous experience of identity theft has an effect on users’ perceptions of IdMS. Not Supported
Chapter 7: Data Analysis and Results
257
7.8 Summary This chapter presented the results of the main study and tested the research model and related
hypotheses. Section 7.2 described the data collection procedures including the sample profile
and a verification of the data set characteristics. This was followed by an assessment of the
measurement properties of the research model in Section 7.3. Section 7.4 presented the results
of the main and moderating hypotheses, and Section 7.5 provided an examination of the
structural model evaluation. Section 7.6 described the impact of control variables. The final
section, Section 7.7, provided a summary of the overall findings of the hypothesis testing.
Implications of the findings, conclusions and limitations of the research are discussed in the
next chapter.
Chapter 8: Discussion and Conclusions
8.1 Introduction This chapter presents the empirical findings of the current study, outlines the answers to the
research questions and discusses the research hypotheses. It highlights significant contributions
and implications of the study for both theory and practice. The chapter also discusses research
limitations and future research directions and ends with concluding remarks.
The chapter is organized as follows. Firstly, the chapter presents a review of the objectives and
research questions of this study (Section 8.2). This is followed by a discussion of the findings
which address the answers of the research questions (Section 8.3). Then it discusses the
contributions and implications of the study for both research and practice (Section 8.4). Next,
the chapter discusses the limitations of the current study and provides future directions for
further research (Section 8.5). Finally, Section 8.6 highlights concluding remarks for the study.
8.2 Research Objectives and Questions The main objective of this study was to provide a better understanding of the factors influencing
IdMS adoption by users. In doing so, it aimed to understand the relationship between IdMS and
technology adoption. Therefore, the initial research question that guides this study was: what
factors affect the adoption of identity management systems from the user’s perspective? In
order to answer this question, the following objectives were set in Chapter 1:
- To understand the state of IdMS research through an examination of the existing IdMS
literature;
- To identify the factors that may affect the adoption of IdMS;
- To develop and validate a user adoption model of IdMS;
- To investigate and understand the perceived drivers and barriers of users to adopt IdMS.
Chapter 8: Discussion and Conclusions
259
The first three objectives were successfully accomplished by the comprehensive literature
review on IdMS, user adoption of IS/IT, and Web-based services and technologies (presented in
Chapters 2 and 3). The literature review allowed the identification of theoretical concepts that
were fundamental for the development of the conceptual model for user adoption of IdMS
which was developed in Chapter 4. To achieve the set of objectives and answer the research
question, four research sub-questions were posed to guide the empirical phase of this study:
1) To what extent do the factors (perceived ease of use, usefulness, risk, trusting beliefs,
trust in the Internet, information disclosure, privacy concerns, cost, facilitating
conditions and subjective norms) affect users’ behavioural intentions to adopt IdMS?
2) How do users perceive these factors that affect IdMS adoption?
3) How does prior experience of IdMS (SSO) affect the adoption of IdMS?
4) Do individual differences have any effect on user adoption of IdMS?
In an effort to answer these questions, this study provided a theoretical framework to investigate
the salient antecedents of IdMS adoption which enable the study to efficiently answer the
research questions. Through the review of the research objectives and related research
questions, we can conclude that this study fulfilled its purpose and successfully developed and
validated a model of the factors that influence user adoption of IdMS. The findings of the study
are synthesized and its theoretical insights are discussed in the following sections.
8.3 Major Findings
Using empirical data, this study tested the conceptual model and proposed hypotheses .The
empirical results of the full sample and sample split led to several findings which are discussed
under four categories based on their efforts to answer the research questions in the following
sub- sections:
Chapter 8: Discussion and Conclusions
260
8.3.1 To What Extent Do the Factors Affect Users’ Behavioural
intentions to Adopt IdMS?
In regards to this question, the study found that the intention to use and intention to disclose
identity information, namely, behavioural intentions, were directly affected by some factors.
Firstly, the intention to disclose identity information, perceived usefulness, trusting beliefs, fit
and cost are significant factors for users’ behavioural intention to use IdMS.
The study confirmed that the intention to disclose identity information, perceived usefulness,
trusting beliefs and fit were significant determining factors for IdMS adoption. These variables
together explained 65% of the variance in the behavioural intention to use.
Secondly, perceived ease of use, trusting beliefs, trust in the Internet, privacy concerns and past
information disclosure are significant factors for users’ behavioural intention to disclose
identity information.
The study also found that perceived ease of use, trusting belief, trust in the Internet, privacy
concerns and past information disclosure had a significant effect on user intention to disclose
identity information on the Internet. These latent factors together explained 49% of the variance
in behavioural intention to disclose identity information.
The following paragraphs discuss the major findings derived from the results of the current
study regarding the role of the underlying factors towards behavioural intentions to adopt IdMS.
8.3.1.1 Intention to disclose identity information
The study revealed that disclosing identity information in the future plays an important role in
encouraging users to adopt IdMS. The behavioural intention to disclose identity information
was positively related to intention to use IdMS (β = 0.185) (H1). McKnight et al. (2002) found
low correlation between intention to disclose personal information and intention to purchase in
the e-commerce context, and suggested that this relationship be tested in other Web-based
contexts where sharing information more directly supported such IdMS. Our results support this
Chapter 8: Discussion and Conclusions
261
suggestion and found that the behavioural intention to disclose identity information had a
significant impact on the intention to use IdMS. Therefore, disclosing of identity information is
deemed critical when potential adopters evaluate the benefits of IdMS.
8.3.1.2 Perceived ease of use and perceived usefulness
The study found that perceived usefulness had a positive effect on the intention to use IdMS
(β = 0.312) (H2a).This finding implied that usefulness as perceived by users was still the core
determinant of adoption and lends further support to previous technology acceptance studies
that came to similar conclusions (e.g. Gefen, Karahanna & Straub 2003; Cho 2006; Lee 2009a;
Schilke & Wirtz 2012). In contrast, we found that perceived ease of use was significant and a
much stronger predictor of behavioural intention to disclose identity information than perceived
usefulness with standardized coefficients of 0.205 (H3) and -0.043 (H2b) respectively. This
implies that users may acknowledge the utility of an IdMS, but lack the motivation to use it if it
is not user friendly. Given that individuals often balance multiple roles and different technology
skills, they may not wish to spend the time needed to learn a new technology even if it is useful
(Behrend et al. 2010). With regard to IdMS specifically, it appears that users can acknowledge
the efficacy of IdMS in managing different online identities but may not use it if it requires
effort to learn to use. This finding is consistent with previous research which had shown a
stronger impact of ease of use compared to usefulness on the behavioural intention to use new
IT (e.g. Behrend et al. 2010; Lee 2009b). This study has confirmed that IdMS are more likely to
be adopted if they are easy to download, install and configure thus users do not need time to
learn how to use these systems (Dhamija & Dusseault 2008; Poetzsch et al. 2009). Our result
supports previous findings that showed that Internet users were very concerned about learning
how to use new Internet-based technologies (Featherman & Pavlou 2003; Lee 2009b). Thus, we
suggest that IdMS designers should focus on whether an IdMS tool is user-friendly.
Chapter 8: Discussion and Conclusions
262
8.3.1.3 Perceived risk
Perceived risk surprisingly was not found to have a significant negative association with the
intention to use (β = 0.059) (H4a). This result is similar to the finding reported by Chang
(2010). In addition, it was not related to the intention to disclose identity information (β =
0.054) (H4b). These results contradict previous studies that found perceived risk negatively
related to behavioural intentions (Malhotra, Kim & Agarwal 2004; Cho 2006; Luo et al. 2010).
Thus, the likelihood of identity theft and overall risk were not apparently influenced by the
perceived risk of using an IdMS. This finding possibly reflects subjects’ perceptions of the
limited scope of IdMS which do not typically provide financial transactions, where perceived
risk might intuitively be expected to be more significant (Landau, Gong & Wilton 2009;
Satchell et al. 2011). Another possible explanation is that, due to efficient data storage and
transfer capacities of Internet-based technologies and services, Internet users may believe that,
after they disclose identity information, the damage has already been done and thus they may
feel less inhibited about revealing that information online again (Metzger 2004). Thus, future
disclosure is not necessarily related to higher perceived risk in the Internet environment
(Metzger 2004; Norberg, Horne & David 2007). What this finding suggests is that risk
perceptions are not barriers that may reduce potential users' behavioural intention to adopt
IdMS. However, where IdMS services and technologies have been introduced, site developers
should pay particular attention to IT security and provide integrity evaluation to protect and
enhance their reputation.
8.3.1.4 Trusting beliefs
To confirm the appropriateness of employing trusting beliefs in new IT phenomena, this study
revealed that trusting beliefs, derived from two facets, is a salient antecedent to IdMS adoption.
The third-order trusting beliefs analysis indicated that the trusting beliefs factor had two
significant facets: trust in the IdMS artefact (β = 0.979) and trust in IdMS providers (β = 0.976).
This study showed that the second-order trust in the IdMS artefact was reflected by the
benevolence (β = 0.881), competence (β = 0.912) and integrity (β = 0.977) of the IdMS artefact
Chapter 8: Discussion and Conclusions
263
which explained 96% of the variance in trusting beliefs. It also showed that the second-order
trust in IdMS providers was reflected by the benevolence (β = 0.857), competence (β = 0.910)
and integrity (β = 0.866) of IdMS providers which explained 95% of the variance in trusting
beliefs. The significant loadings of the six trusting beliefs (competence, benevolence, and
integrity of the IdMS artefact and competence, benevolence, and integrity of IdMS providers)
indicate that all of them hold for trust in the IdMS. When interacting with IdMS, consumers
appear to treat the IdMS artefact and IdMS providers as “social actors” and perceive human
characteristics (e.g. benevolence and integrity) in the IdMS.
The results found that trusting beliefs have a high significant effect on the intention to use
(β = 0.245) (H5a) and the intention to disclose identity information (β = 0.228) (H5b). This
finding is consistent with prior studies in which trusting beliefs played a direct role in
technology adoption (Gefen, Karahanna & Straub 2003; Malhotra, Kim & Agarwal 2004; Cho
2006; Li et al. 2008; Hwang & Lee 2012). This study suggests that trusting beliefs stemming
from these important facets can significantly increase potential users' behavioural intention to
adopt IdMS. One possible explanation of this finding may be that most respondents’ experience
with the Internet was acquired through the use of simple information-based Web services and
technologies (McKnight et al. 2002; Li et al. 2008). Thus, respondents may have perceived that
the context with which they had had experience through interacting with Web services was the
same as the context in this study. Our results agree with previous studies (Wang & Benbasat
2005; Li et al. 2008) and suggest that when users have no prior interaction with a new system,
they will obtain information and use cognitive processes such as categorizing to make their trust
inferences based on reputation. Future research could examine the influence of dispositional
factors, such as personal trait, towards an IdMS provider and specific IdMS technology as trust
need to be defined in more specific terms than just general beliefs (McKnight et al. 2002).
Chapter 8: Discussion and Conclusions
264
8.3.1.5 Trust in the Internet
Institution-based trust, or trust in the Internet, is an essential element of IdMS adoption. In
aiming to provide a more accurate understanding of the Internet as the platform for IdMS, this
study developed a multi-dimensional higher-order trust construct. The third-order trust in the
Internet was reflected significantly by the second-order situational normality (β = 0.977) which
explained 95.5% variance, and first-order structural assurance (β = 0.907) which explained 82%
variance in the trust in the Internet factor. The results show that trust in the Internet had a high
impact on the intention to disclose identity information (β = 0.417) (H6b). However, it does not
have a direct impact on the intention to use (β = -0.026) (H6a) which contradicts a previous
study which has found this relationship to be significant (Belanger & Carter 2008). The possible
reason for the insignificant impact on the intention to use is that users may have relatively clear
knowledge about the soundness of the Internet as a platform and may have formed more
specific trust or risk beliefs through which different transactions can be made. Another possible
reason was that users do not need to adopt IdMS infrastructure themselves because this adoption
procedure is a task for the online providers who implement the IdMS (Poetzsch et al. 2009). The
significant impact of trust in the Internet on the intention to disclose identity information as
found in this study suggests that users believe that mechanisms are in place to ensure secure and
private data transmission over such an impersonal medium. Therefore, an effective strategy to
increase user awareness of the IdMS technologies implemented in the Internet would help to
increase user adoption of IdMS. Future studies should investigate how to influence consumers'
knowledge about IdMS on the Internet platform.
8.3.1.6 Information disclosure
This study shows that past information disclosure plays a very significant role in increasing
users’ behavioural intention to disclose identity information and to use an IdMS in the future.
The path coefficient of this positive relationship was 0.236, significant at alpha level of 0.001
(H7). The possible explanation for this finding could be that respondents in this study were
social networkers who were Internet-experienced (Boyd & Ellison 2008; Pring 2012a, 2012b).
Chapter 8: Discussion and Conclusions
265
Internet experience was found to be a factor in the decision to disclose personal information to
commercial websites (Metzger 2004). Our result supports previous findings that Internet users
with more experience are less concerned with privacy and are more willing to give identity
information online than less experienced users (Metzger 2004; Norberg, Horne & David 2007)
which differs from other studies that found that Internet experience was related to greater
mistrust and the wish to control personal information (Hoffman, Novak & Peralta 1999;
Jarvenpaa & Tractinsky 1999). Thus, this study could conclude that individuals who are
Internet-experienced and have a higher level of provision of sensitive information on the
Internet will continue to provide their identity information and participate in the early adoption
of IdMS services and technologies.
8.3.1.7 Privacy concerns
This study modelled privacy concerns as a second-order factor which was reflected by its first-
order dimensions, that is, awareness (β = 0.875); choice (β = 0.772); collection (β = 0.748);
control (β = 0.787); error (β = 0.823); improper access (β = 0.778); and unauthorized secondary
use (β = 0.851). Each of these dimensions of privacy concerns was significant (p < 0.001) and
of high magnitude, supporting our conceptualization of this factor as a second-order structure.
The privacy concerns factor negatively impacted on the willingness to disclose identity
information on the Internet. Our empirical results provided support for this hypothesis (β = -
0.223) (H8a), and were consistent with previous research that confirmed that Internet users with
more concerns with privacy were less willing to provide identity information online (e.g.
Malhotra, Kim & Agarwal 2004; Dinev & Hart 2006; Bansal, Zahedi & Gefen 2010; Li,
Sarathy & Xu 2010, Xu et al. 2011). This indicates that users who had more concerns about
their privacy with online services or identity providers were less likely to use IdMS because
such concerns made them unsure about the overall protection of their sensitive information.
This finding agrees with the argument that privacy concerns related to disclosing various types
of personal information online have gained in importance (Bansal, Zahedi & Gefen 2010).
Therefore, dependence on IdMS for managing online identities would increase.
Chapter 8: Discussion and Conclusions
266
8.3.1.8 Fit
‘Fit’, that is, the task characteristics moderated by the functionality of the technology also
appeared to be a positive determinant of users’ intention to use IdMS that was not directly
captured by task and technology characteristics. The study found that ‘fit’ had a high significant
effect on the intention to use (β = 0.279) (H9a). Goodhue and Thompson’s (1995) theory of
task–technology fit stated that for an IS to have a positive effect, it must be used and be a good
fit for the tasks it supports. Our interpretation of Goodhue and Thompson’s proposition was that
for users to use an IdMS, it must be a good fit for the tasks that it supports. The results support
the latter of these propositions which is consistent with previously published findings (e.g.
Strong, Dishaw & Bandy 2006; Chang 2010). More specifically, we have revealed that users,
who perceive the IdMS to coincide with the need to manage different online identities and to
carry more functionality in the online environment, were more willing to use IdMS in the future.
8.3.1.9 Situational factors
This study examined the influence of three situational factors, that is, cost, facilitating
conditions and subjective norms, on the behavioural intention to use IdMS. The results showed
that facilitating conditions (β = 0.016) (H10b) were not associated with the intention to use. This
finding is different from UTAUT studies (e.g. Venkatesh et al. 2003; Zhou, Lu & Wang 2010)
and is consistent with previous Web services’ adoption studies (e.g. Cho 2006). Thus, skilful
people with good Internet access will not have a strong attitude towards the adoption of IdMS
services and technologies. Similarly, the factor ‘subjective norms’ does not play a role in the
adoption of IdMS as we found that ‘subjective norms’ had no significant impact on the intention
to use (β = 0.008) (H10c). This finding differs from that of prior IT adoption studies in which
subjective norms played an important role in a mandatory-usage context (Venkatesh & Davis
2000, Venkatesh & Bala 2008; Jeyaraj, Rottman & Lacity 2006). This finding could imply that
social norms have no impact on individual behavioural intention in a non-working setting where
the usage of technology was voluntary as previous empirical evidence has revealed (Wu & Chen
2005; Lee 2009b; Lessa, Negash & Donald 2011). Another conclusion is that, as IdMS are still
Chapter 8: Discussion and Conclusions
267
in the early stage and not many people have experience with them (Landau & Moore 2012;
Wang, Chen & Wang 2012), social factors were not significant in this study.
However, cost was negatively related to the intention to use (β = -0.104) (H10a). This finding is
consistent with those of previous findings (Mallat 2007; Wu & Wang 2005; Chong, Chan & Ooi
2012) which found that perceived cost was the most significant situational barrier to the
adoption of new technology. Our empirical findings concur with the argument that minimizing
the direct and indirect costs associated with IdMS will increase individual adoption of IdMS
(Dhamija & Dusseault 2008; Poetzsch et al. 2009). This study confirms that implementation
costs, access cost and transaction fees are three important components that made IdMS costly to
use.
8.3.2 How Do Users Perceive the Factors that Affect IdMS Adoption?
In an effort to answer this question, this study examined the effect of some factors, that is,
perceived ease of use, perceived usefulness, perceived risk, trusting beliefs, privacy concerns
and information disclosure on endogenous constructs in the research model. The findings
confirmed strong significant relationships among the latent factors in the structural model and
supported some hypotheses in the base model. The significance of all of these findings is
discussed in the following sub-sections:
8.3.2.1 Perceived usefulness
Third, trusting beliefs and fit are significant drivers for users’ perceived usefulness of IdMS.
The results of this study show that perceived usefulness of IdMS is positively influenced by
trusting beliefs (β = 0.418) (H5c) and fit (β = 0.683) (H9b). The findings confirmed that trusting
beliefs and fit explained about 66% of the total effect on perceived usefulness. This study found
a strong relationship between fit and perceived usefulness .This is consistent with previous
Web-based services adoption studies that showed that task–technology fit (TTF) had a positive
impact on usefulness perceptions (Klopping & McKinney 2004; Chang 2010; Usoro 2010; Lee
et al.2012) which differed from other IT adoption research (Dishaw, Strong & Bandy 2004) that
Chapter 8: Discussion and Conclusions
268
did not confirm this correlation. This is probably because the domain of this study is different
from Dishaw, Strong and Bandy’s research which was in the context of work-setting and
mandatory-usage, but was similar to that of Web-based services studies. The following two
explanations relate to this strong relationship between fit and perceived usefulness. Firstly, users
may feel that usefulness of IdMS depends largely on the fit between their task needs (e.g. to
create, delete or control online identities) and the functionalities of the IdMS. The second
possible explanation is that users have a better and clearer understanding of their tasks with their
identities on the Internet, and are thus able to assess the benefits of the IdMS functionalities as
being suitable for managing different online identities.
This study’s results showed that users’ initial trust in IdMS was found to have significant effect
on the perceived usefulness of IdMS. This finding is consistent with prior trust-TAM studies
(e.g. Gefen, Karahanna & Straub 2003; Wang & Benbasat 2005; Wu & Chen 2005; Lee 2009b;
Chong, Chan & Ooi 2012). For example, Gefen, Karahanna and Straub (2003) found that
consumers’ perceived usefulness of online shopping was influenced by their trust in e-vendors.
This study suggested that consumers perceive IdMS not only as support tools for managing
online identities but also as “social actors” with human characteristics. Therefore, we conclude
that users’ expectations of gaining benefits from using IdMS significantly depend on their trust
in the IdMS artefact, the identity provider and the service provider.
8.3.2.2 Perceived ease of use
Fourth, the interaction between IdMS task and technology characteristics (fit) is a significant
driver for users’ perceived ease of use of IdMS.
We found the correlation between fit and perceived ease of use to be dominantly and positively
significant (β = 0.683) (H9c). This sole predictor explained 44% of the ease of use perceptions.
Our findings are similar to those of previous research that integrated TAM and TTF and found
that TTF impacted on perceived ease of use (Klopping & McKinney 2004; Chang 2010; Usoro
2010; Lee et al 2012). The explanation for this significant relationship could be that the
Chapter 8: Discussion and Conclusions
269
respondents in this study were not constrained to any particular IdMS, thus their evaluation in
exposing this relationship was related to their expectations with similar Web-based applications
where they may have experienced information sharing or enhanced privacy protection.
8.3.2.3 Perceived risk
Fifth, trusting beliefs is a significant driver for perceived risk of IdMS.
The study validated the view that trust and perceived risk were closely associated. Trusting
beliefs (the trust in the IdMS artefact and IdMS providers) had a significant negative impact on
the perceived risk of IdMS (β = -0.290) (H5e).This finding is in line with previous empirical
literature in suggesting that perceived risk was influenced by trusting beliefs (Malhotra, Kim &
Agarwal 2004; Cho 2006; Belanger & Carter 2008) but conflicts with Luo et al.’s (2010) study.
This significant impact between trusting beliefs and perceived risk may be attributed to the
following explanation. In the initial adoption stage, individuals are unclear about the technical
capability of new technology (Li et al. 2008; Luo et al. 2010). As a result, users who believe in
the technical capability, integrity and benevolence of IdMS providers and IdMS tools in
protecting their identity information are more likely to overcome their risk perceptions toward
new IdMS technology.Thus, this study has confirmed that trust in IdMS due to the benevolence,
integrity and competence of the IdMS artefact and providers reduces the perceived risk of
adopting IdMS.
8.3.2.4 Trusting beliefs
Sixth, perceived ease of use and trust in the Internet are significant drivers for trusting beliefs of
IdMS.
The perceived ease of use, trust in the Internet and privacy concerns were all expected to have a
significant impact on trusting beliefs. The results showed that trusting beliefs were affected by
the perceived ease of use and trust in the Internet with significant path coefficients of 0.151
(H5d) and 0.683 (H6c) respectively. However, the results did not confirm the relationship
between privacy concerns and trusting beliefs (H8d) as we found the path (β = 0.139) between
Chapter 8: Discussion and Conclusions
270
these two factors to be insignificant. These three factors explained approximately 79% of the
total variance in trusting beliefs.
This study confirmed that perceived ease of use has a positive effect on trusting beliefs in IdMS.
This result is consistent with that of Gefen, Karahanna and Straub (2003) and Lee (2009b) who
indicated that perceived ease of use was a significant factor for initial trust in Web-based
services. Our results also reinforced the premise that the ease of use perceptions significantly
improved the prediction of trusting beliefs and increased online services adoption. Therefore,
we inferred that ease of use perceptions could help to promote customers' positive impressions
of IdMS services and providers in the initial adoption of IdMS and, furthermore, may cause
users to be willing to use IdMS.
One e-commerce researcher found the link from trust in the Internet to trusting beliefs was not
significant (McKnight et al. 2002): our results conflict with previous research and confirm that
trust in the Internet plays a significant role in trusting beliefs in the online context. One possible
explanation of this finding is that the respondents in this study had substantial Internet
experience (eight years, on average) and may have perceived that the institutional context with
which they had experience was same as the institutional context in this study. Thus the
relationship between trust in the Internet and trusting beliefs was found to be significant. This
study may imply that as users believed that the Internet was trustworthy for conducting different
transactions, they were more likely to trust the IdMS artefact and providers to manage their
different online identities which would lead them to use IdMS as this study has confirmed.
Therefore, this study suggests that an effective strategy to help consumers increase their trust in
IdMS is to educate them about the Internet platform and increase their awareness of the
technologies implemented.
This study did not support the relationship between privacy concerns and trusting beliefs as well
as the correlation between privacy concerns and perceived risk. This finding differs from that in
previous research which found that privacy concerns and risk perceptions were an antecedent to
Chapter 8: Discussion and Conclusions
271
trust in the online context (e.g. Malhotra, Kim & Agarwal 2004; Breward 2007; Bansal, Zahedi
& Gefen 2010; Zhou 2011). One plausible explanation of this insignificant relationship is that
users may not perceive higher concerns and risks in using IdMS. Another reason may be that the
highly privacy-enhancing nature of IdMS with privacy considerations taken into account in the
design of these systems (Cameron & Jones 2007; Dey & Weis 2010; Coopamootoo &
Ashenden 2011) could further reduce respondents’ concerns towards privacy so they do not
overcome the risk perceptions and trusting beliefs in IdMS adoption. These results conflict with
previous findings (e.g. Malhotra, Kim & Agarwal 2004) and support the view that Internet users
with a high degree of privacy concerns may be unlikely to rate ‘high’ on risk perceptions and
‘low’ on trusting beliefs. Thus, users with high privacy concerns may not doubt the
trustworthiness of IdMS providers and, hence, of the IdMS. Also, users’ privacy concerns about
identity information may not increase their perceived risk. The findings of this study support the
view that individuals tend to rely more on trust than on technology-based features to form their
attitude towards new technology usage behaviour (Lee 2009b).
8.3.2.5 Information disclosure
Seventh, privacy concerns are a significant barrier to users’ identity information disclosure on
the Internet.
Our results demonstrated the importance of privacy as an antecedent to past online information
disclosure. Users’ concerns about privacy and the degree to which they believed that IdMS
protected their privacy negatively influenced their information disclosure (β = -0.109) (H8b).
Our findings are consistent with previous privacy research (Metzger 2004) and other models of
online exchange, including the Electronic Exchange Model (Swaminathan, Lepkowska-White &
Rao1999) and the Internet Consumer Trust Model (Jarvenpaa & Tractinsky 1999). Therefore,
privacy concerns reduce the benefit of information disclosure on the Internet which may lead
online consumers to the decision to not use IdMS.
Chapter 8: Discussion and Conclusions
272
8.3.2.6 Privacy concerns
Eighth, the interaction between IdMS task and technology characteristics (fit) is a significant
driver for users’ privacy concerns regarding IdMS.
Our results indicated that the relationship between ‘fit’, that is, the interaction between the
IdMS task and technology function and privacy concerns was positively significant, with a
standardized coefficient of 0.766 (H9d). ‘Fit’ was the sole predictor for privacy concerns and
explained 58.7% of the total variance. To our knowledge, such a relationship has not been
investigated in previous research. The reason for this significant relationship may be that the
design of IdMS takes privacy protection into account (Dey & Weis 2010; Coopamootoo &
Ashenden 2011). Thus, our result supports the fact that users need to be convinced that the
solution improves the site’s privacy (Cameron & Jones 2007). This implies that users will have
higher intentions of using IdMS if these systems provide more benefits for the tasks that the
users are using their online identities to deal with, such as enhancing privacy protection
(Acquisti & Grossklags 2005; Dhamija & Dusseault 2008). Therefore, IdMS designers should
take into consideration enhancing the protection of user privacy as our findings revealed that
this feature plays an important role in increasing users’ intentions to adopt IdMS.
8.3.3 How Does Prior Experience of SSO Affect the Adoption of IdMS?
Ninth, the intention to disclose identity information, perceived usefulness, trusting beliefs,
privacy concerns and cost are significant determinations for IdMS adoption, but this is treated
very differently by SSO users and non-users. While these factors appear to be important drivers
for SSO non-users, users do not seem to regard them as significant.
In an effort to answer this question, the study examined and reported critical findings on the
moderating effects of prior IdMS use, that is, SSO experience on the research model. The result
of the sample split (presented earlier in Chapter 7, Section 7.4.2) shows a difference between
SSO users and non-users. While the proposed positive associations between the behaviour
intention to disclose identity information and the intention to use; perceived usefulness and the
Chapter 8: Discussion and Conclusions
273
intention to use; trusting beliefs and the intention to use; privacy concerns and the intention to
disclose; and the negative relationship between cost and the intention to use were more
significant for SSO non-users, such relationships were less or not at all significant for SSO
users. These findings can be explained by the notion of path dependency (Cohen & Levinthal
1990). Consistent with this theory, adopting IdMS is a process of having related experience with
similar or related technologies. Therefore, users who had experience with managing identities
using SSO tended to gain a deeper understanding of IdMS not only about its benefits but also its
inherent risks, exposing trusting beliefs and costs. Furthermore, consistent with the concept of
“switching” (Zhu et al. 2006), the existence of a previous IdMS (i.e. SSO) may bring more
incremental value for SSO users and thus make them more mindful of the risk of a new IdMS.
In contrast, users without any SSO use experience may be driven by the benefits and costs of
using IdMS and by concerns about falling behind on the technology curve, and thus might be
more willing to adopt IdMS as they may not pay sufficient attention to the risks.
The study provides some preliminary evidence to indicate that individuals with similar
technology experience (SSO users) are less likely to perceive the benefits, risk, trust and costs
regarding IdMS which may reduce their motivation to adopt IdMS. Our findings concur with
prior arguments in the technology adoption literature that, “competence with older technologies
may offer ‘traps’ which make it difficult to shift to new and potentially better technologies”
(Swanson 1994, p. 1082). Showing different migration patterns with prior technology path
dependence, the study provides support for path dependency in managing online identities’
migration, and suggests that the concept of path dependence in IdMS adoption is a complex and
interesting research topic warranting further investigation.
Chapter 8: Discussion and Conclusions
274
8.3.4 Do Individual Differences Have any Effect on User Adoption of
IdMS?
Finally, individual differences, specifically Internet and Web services’ experience, play an
important role in users’ perceptions towards IdMS adoption.
The empirical test of the model allowed us to answer this question by examining the impact of
control variables, that is, individual differences on the research model. This study tested the
effect of demographic variables (age, gender and education), Internet and Web services’
experience, and previous experience of identity theft on the endogenous constructs in the
research model.
The study confirms that demographic factors are not significant in IdMS adoption. Age and
gender were not associated with any endogenous variable in the model. Education was found to
have a small, positive effect on perceived risks, indicating that educated subjects reported more
risk perceptions with adopting IdMS. The possible interpretation for this significant correlation
was that our respondents were highly educated as 87% had a Bachelor’s degree qualification or
higher. Therefore, this study concurred and confirmed that the education level of the individuals
played a significant role in the risk perceptions inherited with adopting new technology
(Featherman & Pavlou 2003). However, the overall results, as expected, indicated that
demographic factors had no effect on users’ perceptions towards IdMS adoption. Our findings
conflict with previous empirical evidence that confirmed the role of demographic variables in
the technology adoption decision (Venkatesh et al. 2003; Venkatesh, Thong & Xu 2012) and
Web-based interaction (Zhou et al. 2011).
We also tested whether Internet and Web services’ experience had an effect on users’
perceptions of IdMS through their usage frequency of Internet and some Web services, that is,
Facebook, online shopping and Internet banking. The study predicted that both Internet and
Web services’ experience had an influence on users’ perceptions of IdMS (H12b, H12c). Our
Chapter 8: Discussion and Conclusions
275
findings (presented earlier in Chapter 7, Section 7.6) partially supported these two hypotheses.
The frequency of Internet usage was found to have a dominant and significant relationship with
intention to use, perceived usefulness and perceived ease of use. Frequency of Web services’
usage had a significant positive effect on the intention to disclose, information disclosure and
perceived risk, and had a negative impact on perceived usefulness. A potential explanation for
these significant relationships could be that, as our subjects were active Internet users, they were
more experienced in using the Internet and related services and, therefore, more capable of
capturing the benefits of IdMS and more aware of the risks inherent in the Internet environment.
This study confirms the previous research that found that the more experience obtained by users
on the Web, the less significant the functional barriers to online services and the greater the
perceptions over risk (Castaneda, Munoz-Leivaa & Luquea 2007). In addition, it concurs with
Metzger (2004) who found that Internet users with more experience were less concerned with
privacy and were more willing to provide information online than were less experienced users.
Overall, our results are consistent with the extant literature that emphasized the important role
of experience as an individual difference in the early stages of technology-based service
adoption (Venkatesh et al. 2003; Castaneda, Munoz-Leivaa & Luquea 2007; Kim 2008;
Venkatesh, Thong & Xu 2012). This study suggests that Internet users who are active on the
Web are more likely to provide their identity information and, consequently, they would be
more willing to adopt IdMS.
Finally, our results showed that previous identity theft experience was only found to be related
to risk perceptions. Therefore; the study did not confirm the expected hypothesis (H12d) which
predicted the effect of previous identity theft experience on users’ perception towards IdMS
adoption. The possible interpretation of the significant relationship between previous identity
theft experience and perceived risk could be due to the latter being measured by the likelihood
of identity theft indicators. Therefore, participants who were victims of identity theft may
consider that such an experience had already breached the security of the identity information
that they would consider might be stolen when using an IdMS. This finding supports the view
Chapter 8: Discussion and Conclusions
276
that many Internet users believe that they are vulnerable to identity theft and fraud while using
Web-based services (Lee 2009b). This finding also confirms the fact that identity theft is at the
top of the perceived risk in the minds of online users (Featherman & Pavlou 2003; Swartz
2009). As to the insignificance of previous identity theft experience in increasing users'
perceptions and concerns towards IdMS, one possible explanation could be respondents’
perception of the higher level of control inherent in the IdMS. Users tend to think of their
identities as being under their own control in their interaction with the IdMS provider: the
decision to initiate contact with a provider is voluntary, and identity information would be
disclosed only to complete the transaction requested (Maler & Reed 2008). Thus, even for
individuals who have been the victim of identity theft, they may not worry too much about their
privacy because of their higher levels of control over disclosing identity information. Our
results conflict with previous studies that found such an experience (previous privacy invasion
experience) had an influence on privacy concerns and on the behavioural intention to use Web-
based services (Li, Sarathy & Xu 2010; Xu et al. 2011). Accordingly, this study suggests that
previous identity theft experience has no impact on users’ behavioural intentions to adopt IdMS.
8.4 Contributions and Implications The current study has adopted one of the new frontiers of the IS/IT discipline: IdMS. This study
and its findings provide several contributions to the literature and implications for academics as
well as for practitioners.
8.4.1 Theoretical Contributions
From an academic perspective, this research contributes in several ways to the body of
knowledge of two emerging areas: IdMS and IS/IT adoption. This study adds theoretically to
the growing body of IS literature in general and to IS/IT and IdMS adoption research more
specifically.
Chapter 8: Discussion and Conclusions
277
8.4.1.1 Contributions to information system, technology adoption literature While the appearance of IdMS has attracted significant interest among researchers, its
theoretical development is still at an early stage. The development and evaluation of a
theoretical model for user adoption of IdMS extends the body of knowledge of technology
adoption theories that is one of the most mature and explored areas of IS, and of Web-based
services and technology acceptance research into the IdMS domain. In addition, it provides a
foundation for further research on user adoption of IdMS as the current study, as far as we are
aware, is the first attempt to empirically examine IdMS adoption from the user’s perspective.
This study contributes theoretically to both the TAM and TTF by extending the TAM/TTF
examining different antecedents of the IdMS artefact and providing an understanding of what
influences adoption in the contexts of IdMS use. Although TAM-based research has been
applied and used by a large number of studies, “TAM-based research has paid scant attention to
the antecedents of its belief constructs: most importantly, IT artefact design and evaluation”
(Benbasat & Barki 2007, p. 212). Furthermore, “it should be possible to predict future
technology use by applying the TAM at the time that a technology is introduced” (Turner et al.
2010, p. 464). Only being recently introduced, IdMS are in the early stage and researchers have
not examined whether usefulness and ease of use perceptions and external variable constructs
remain sufficient for explaining users’ behaviour towards using the IdMS artefact. In this study,
the TAM was extended to another behavioural intention variable, namely, the intention to
disclose identity information on the Internet which explained 49% of the variance. In addition,
external factors were added that were found to have influence on perceived ease of use,
perceived usefulness and behavioural intention to use. This suggests that our proposed model
supports the predictive validity and applicability of the TAM in Web-based technology such as
IdMS.
The extant TTF-based research has been focused on user adoption of IT in work settings (e.g.
Dishaw & Strong 1999, 2003; Gebauer, Shaw & Gribbins 2010; Yen et al. 2010) and rarely
Chapter 8: Discussion and Conclusions
278
considers the effect of the task–technology fit in non-work settings (Shang, Chen & Chen2007;
Chang 2010; Zhou, Lu & Wang 2010; Lee et al 2012). This study applies the TTF model to the
user adoption of IdMS in non-work settings. Specifically, the new measurement of IdMS task
and technology characteristics enables an understanding of how the interaction between these
values influences individual’s behavioural intentions towards using IdMS. In addition, it
provides a better understanding of how they have impacted on perceptions of the ease of use and
usefulness of IdMS.
This study has examined traditional fit model with regards to IdMS. Previous studies have
examined the effect of fit on performance (Goodhue & Thompson 1995) and tool usage
(Dishaw & Strong 1998, 1999, 2005). There is a lack of studies that examine the effect of fit on
behavioural intentions (Yen et al. 2010; Lee et al. 2012). Moreover, to our knowledge, no study
has conceptualized and measured fit, and examined its effect on users’ intention to adopt in the
IdMS context. The current study tries to fill this gap and contributes to fit models by
conceptualizing fit as moderation and examining its effect on users’ behavioural intentions
towards the use of IdMS.
There is a lack of theoretical and conceptual frameworks to guide IT artefact research (Gefen,
Benbasat & Pavlou 2008). This study has developed a model by identifying the IdMS artefact
constructs that have the potential to increase trust and reduce risk in the online environment, and
by specifying how these constructs can be incorporated into technology adoption models. In
addition, although previous studies had examined trust in the context of interpersonal
relationships between consumers and e-vendors (e.g. Gefen, Karahanna & Straub 2003; Luo et
al. 2010), the “social” associations between consumers and technologies were largely limited
(Wang & Benbasat 2005; Li et al. 2008). This study has examined trust in interpersonal
relationships (trust in IdMS providers) and in the relationships between user and technology
(trust in the IdMS artefact). To the best of our knowledge, this study is the first attempt to
investigate such trust relationships in terms of consumers’ intention to adopt new technology.
Chapter 8: Discussion and Conclusions
279
Wu et al. (2011b, p. 577) argued that “[a]lthough trust gained much attention from researchers
in recent years, the relevant empirical studies are still not enough for us to examine the effects
for the whole trust and TAM model.” More than previous empirical trust studies, this study has
shown that trust constructs relate to each other in organized, meaningful ways. This is important
as trust is “commonly used to describe both detailed phenomena (e.g. “I trust him to keep his
promise”) and higher order phenomena (e.g. “I just don’t trust the Web”) (McKnight et al. 2002,
p. 352). With the different trust constructs and their measures as presented in this study, trust
research can be carried out at either level of analysis. This study has confirmed that different
dimensions of trust play different roles in the adoption of emergent IT-enabled artefacts. Trust
in the Internet acts as an important mechanism to overcome the perceived risks inherent in the
online environment and increases online users’ willingness to disclose identity information.
Trusting beliefs which are formed from trust in the IdMS artefact and trust in IdMS providers
directly influence behavioural intentions to adopt, increase usefulness perceptions and overcome
the risk inherent in IdMS. Future studies should examine the antecedents and the effect of these
different dimensions of trust when considering the initial adoption stage of Web-based
technology artefacts.
Although many researchers have examined factors such as usefulness, ease of use, enjoyment
and so on, that drive individuals to adopt or reject IT products in general, Web-based service
and technology adoption research focusing on factors such as security, trust and privacy has
been limited (Dwyer, Hiltz & Passerini 2007; Gefen, Benbasat & Pavlou 2008; Im, Kim & Han
2008; Luo 2010; Shin 2010; Liao, Liu & Chen 2011; Li 2012). Recently, there has been
research which has attempted to establish the relationship between security-related factors such
as security, risk, trust and privacy by clarifying the slight differences in these similar variables
(Shin 2010; Zhou 2011). Therefore, this study has contributed to the literature by establishing
the correlations of inhibitory-related factors (privacy, risk and trust) and has addressed this gap
by examining users’ beliefs about risk, trust and privacy in the IdMS context.
Chapter 8: Discussion and Conclusions
280
Information security behavioural research and inhibitory factors should be investigated from the
individuals’ perspective and their conceptualization should result in multi-dimensional
constructs (Crossler et al. 2013).The majority of prior studies that have examined the influence
of trust and privacy concerns on individual behaviour have typically tested them as a single
construct (e.g. Cho 2006; Dinev & Hart 2006; Lee 2009b; Bansal, Zahedi & Gefen 2010;
Hwang & Lee 2012). There is a lack of studies that have investigated and tested these variables
as multi-dimensional constructs (Junglas, Johnson & Spitzmuller 2008; Luo et al. 2010; Wu et
al. 2011b; Li 2012). This study, to the best of our knowledge, is the first that has incorporated
and developed multi-dimensional trust and privacy concerns constructs to capture these security
factors and empirically examine their influence on technology adoption decisions. This study is
also the first attempt to examine and operationalize these factors in a multi-dimensional way in
the IdMS context. In particular, this study has considered one of the most significant gaps in the
technology adoption literature and has attempted to shed some light on the antecedents of the
belief constructs such as usefulness, trust and risk of novelty of a technology (IdMS) (Benbasat
& Barki 2007; Gefen, Benbasat & Pavlou 2008; Venkatesh, Thong & Xu 2012). This study
hopefully will stimulate further research and provide a useful lens through which to examine
behaviour associated with the acceptance of emerging innovative Web technology at its early
adoption stage. The study also contributes to a growing body of literature on the enhancement
of Web services and on mitigating Internet privacy concerns.
This study provides some steps towards understanding online consumers' privacy concerns
about information disclosure to online providers. Studies that have focused on online
information disclosure and their antecedents have been limited (Metzger 2004; Norberg, Horne
& David 2007; Li, Sarathy & Xu 2010; Lowry, Cao & Everard 2011; Li 2012). The current
study offers some empirical findings on why Internet users disclose identity information to
online providers examined with regard to when they are more or less likely to disclose.
However, this study does not consider the quality of information disclosure. We found that
privacy concerns are significant barriers to past information disclosure and the willingness to
Chapter 8: Discussion and Conclusions
281
disclose identity information in the future. In addition, the frequency of past information
disclosure increases users’ willingness to disclose identity information which has a significant
impact on users’ intention to use Web-based services and IdMS. This study demonstrates the
importance of privacy as an antecedent to online information disclosure. Also, it emphasizes
that technology perception factors such as perceived ease of use are important drivers at a
specific level of online users’ willingness to disclose sensitive information. Overall, the current
study’s findings provide insight into the nomological network of salient beliefs that affect
individuals’ online information disclosure and intention to disclose identity information on the
Internet. Further research on issues of privacy concerns and information disclosure is needed.
Future studies could examine other situational factors on information disclosure and privacy
concerns such as personal characteristics and the design of technology. They also should
examine how different categories of information might influence individuals’ willingness to
disclose identity information.
Empirical studies that address path dependency are scarce in the IS literature (Zhu et al. 2006).
Although there is limited empirical research that incorporates different technology standards’
migration pathways at the firm level (Zhu et al. 2006), there is no study which has empirically
addressed path dependency in technology adoption at the individual level. This is the first study
of which we are aware that seeks to fill this gap as it examines the migration from SSO systems
to IdMS in technology adoption. We found that prior use of SSO helped to reduce adoption
costs for IdMS use yet it brings more mindfulness of the risks of using IdMS. In contrast, SSO
non-users tended to evaluate the costs and benefits more and were less wary of the risks inherent
in IdMS use which increased their behavioural intentions to adopt IdMS. Our results supported
the notion of path dependency, and provide implications for research on technology adoption in
general. This study suggests that focusing on different generations in the trajectory of
technology and standards evolution might result in insights for research. Diverse generations of
technologies and standards tend to coexist in the market, such as wireless technology, cloud
Chapter 8: Discussion and Conclusions
282
computing, E-wallets and ubiquitous systems. Future research should examine the costs and
benefits of migrating along different paths to incorporate changes in technologies and standards.
This study modelled individual differences as a control variable having an effect on users’
perceptions of IdMS. Although some previous studies (e.g. Li, Sarathy & Xu 2010; Xu et al.
2011) have examined the effect of previous privacy invasion experience on e-commerce
acceptance, this is the first study of which we are aware that theorized the effects of previous
experience with identity theft on technology adoption. We have developed hypotheses regarding
how previous identity theft experience impacted on users’ perceptions towards IdMS adoption.
We found that Internet users who were identity theft victims were more likely to perceive more
risk with using IdMS, but this outcome did not affect their behavioural intentions towards
adopting IdMS. This study thus extends the nomological network related to Web-based
technology and use to include a new set of individual differences constructs and related
theoretical mechanisms.
Another major contribution of this work to the technology adoption research community is the
comprehensive review analysis conducted on the Web-based services and technologies adoption
literature.There are some reviews of literature and meta-analyses about specific IT adoption
models at the individual level (e.g. Lee, Kozar & Larsen 2003; King et al. 2006; Williams, Rana
& Dwivedi 2011) and the organizational level (e.g. Oliveira & Martins 2011). For example,
Williams, Rana and Dwivedi (2011) provided a systematic review of prior UTAUT model
research; Turner et al. (2010) conducted a systematic review of previous TAM studies; and
Cane and McCarthy (2009) presented a meta-analysis and examined the wide body of research
that had investigated TTF. However, most of these reviews had not investigated or provided an
analysis of the factors that affect individual adoption decisions. Although there were limited
papers that identified factors affecting individual acceptance of IT, they were either reviews of
existing IT adoption research prior to 2004 (Jeyaraj, Rottman & Lacity 2006) or were focused
on specific technology such as mobile commerce (AlHinai , Kurnia & Smith 2010; Zhang, Zhu
& Liu 2012). There have been limited comprehensive reviews of the literature related to IS/IT
Chapter 8: Discussion and Conclusions
283
adoption and diffusion research (Dwivedi et al. 2008; Williams, Rana & Dwivedi 2011). To the
best of our knowledge, our work is the first literature review that provides a comprehensive
analysis of user adoption of different Web-based services and technologies. In this study, we
review and discuss a number of well-known models and theories for technology adoption at the
individual level (as presented in Chapter 3, Section 3.4). In addition, we provide a
comprehensive analysis of user adoption of Web-based technologies and services and define
factors that appeared to be influencing users’ adoption decisions at the individual level (as
presented in Section 3.5.2). Our conceptual examination of various technology adoption studies
will help future researchers to observe the trends and to suitably design studies on technology
and Web-based services adoption and, consequently, significant contributions can be made to
both theory and practice.
8.4.1.2 Contributions to IdMS literature This study has also made some contributions to the IdMS literature as detailed below:
This research provided an assessment of the state of IdMS research and analyzes the extant
studies. Accordingly, we comprehensively reviewed the research on IdMS that had been
conducted in different fields. We also revealed the emergence of the IdMS research domain and
its current status by using a detailed analysis and taxonomy of 106 publications from key
research outlets. We also developed a framework derived from the TFI model which represents
an information system as being made up of technical, formal and informal layers. We classified
the IdMS studies, reviewed key findings and identified opportunities for future research into
IdMS. The findings of this review could provide value to researchers and a better understanding
of the state of the art in the IdMS domain thus theoretical and practical contributions could be
made. Detailed discussion on the findings of the IdMS literature review and the implications for
research are presented in Chapter 2 (see Section 2.8.7).
The distinction between real-world identity and digital/online identity has become more blurred
(Mont, Bramhall & Pato 2003). In addition, identity management is a new and emerging field
Chapter 8: Discussion and Conclusions
284
and its meaning and understanding have not yet been completely established and clarified
(Karch 2011; Lips & Pang 2008). According to Pfitzmann and Hansen (2010) who have been
collecting and developing consolidated terms about the basic concepts in relation to digital
identity since 2000, “[i]dentity management is a much younger and much less defined field – so
a really consolidated terminology for this field does not exist” (p. 6). The definition of IdMS is
confusing because the different stakeholders concerned (users, identity providers and service
providers) have different requirements and different perspectives (Alpar, Hoepman & Siljee
2011), therefore; its conceptualization is difficult (Seltsikas & O’Keefe 2010). For that reason,
the extant literature abounds with different definitions and understandings of IdMS based on the
context and focus of the research. This research has contributed to identity management and
IdMS research by providing an in-depth understanding of identity management on the Internet
and by discussing some definitions and features which are focused on the Web-based IdMS.
This study also takes into account the emerging technologies and standards used to develop the
system. In addition, it compares and examines the openness of identity management on the Web
as illustrated in the context of proprietary identity and open identity exchange using Web-based
IdMS.
The results of the review analysis indicated that a large proportion of IdMS research had been
focused on technical issues and that few researchers had focused at the individual or business
levels. In addition, the majority of current studies were focused on technical or design problems,
and the challenges of IdMS. Behaviours and perceptions of individuals towards online identity
and IdMS have been rarely explored in previous research. Designing IdMS is not just a
technological issue, but theoretical, social and regulatory dimensions must also be addressed
(Adjei & Olesen 2011). Our findings have also shown that there is a lack of empirical studies in
the IdMS context and specifically those which have used quantitative techniques. Moreover,
few theories have been applied to IdMS research and it does not yet have a theory to call its
own. In trying to fill these gaps and alleviate this shortcoming, our study is the first attempt to
develop a theoretical model for and to empirically examine user adoption of IdMS from the user
Chapter 8: Discussion and Conclusions
285
perspective by conducting a behavioural type of research using an explanatory quantitative
approach and, in particular, survey methodology.
8.4.2 Practical Implications
The design of new technology artefacts includes embedding existing theories from different
research domains into the development of a new piece of technology (Kuechler & Vaishnavi
2012). As new factors relating to user adoption of IdMS have been identified in this study and
have come to light, they might provide opportunities for creating or enhancing new IdMS tools.
This study has implications for practitioners, especially for designers and online service
providers, in Web-based applications and IdMS.
Although we found some factors that influenced behavioural intentions to adopt IdMS, this
study has revealed that trusting beliefs are a more influential factor, implying that increasing
trust in potential adopters is more important than providing benefits. Therefore, IdMS
developers need to search for risk-reducing mechanisms and trust-building strategies that might
help in inspiring high confidence in potential users. This study has suggested that IdMS
designers and providers should consider the development of benevolence, integrity and
competence dimensions in IdMS in order to develop flexible, reliable and long-term trust
relationships (McKnight et al. 2002).
Competence may be developed through providing statements of guarantee, search facilities and
recommendations about new IdMS services and benefits which facilitate the promise to be
made. IdMS providers may enhance the perception of their benevolence through long-term
customer service and regular communications with potential users, as well as through the
provision of information regarding privacy and security risks. In addition, IdMS providers may
enhance their honesty through seals from agencies such as Trust-e which helps Web providers
to build trust and enhance engagement across all their online channels. TRUSTe
(http://www.truste.com) is the leading online privacy solutions provider with a broad suite of
privacy services to help businesses build trust and increase engagement across all of their online
Chapter 8: Discussion and Conclusions
286
channels – including websites, mobile applications, advertising, cloud services, business
analytics and email marketing. IdMS designers could develop IdMS technologies’ benevolence
through focusing on the prevention of intrusion, fraud and identity theft through, for example,
developing methods to strengthen encryption and developing Web interfaces to authenticate
Web relationships. In addition, interventions in behaviour through joined forces, in trade
associations or industry groups (McKnight et al. 2002) and increased familiarity through
advertising (Lee 2009b) may promote the perception of the integrity of IdMS providers and
tools and enhance individual perceptions of IdMS use.
The findings of this study have demonstrated that reducing privacy concerns enhances the
willingness to share and disclose identity information on the Internet and thereby increases the
intention to adopt IdMS. The findings show that Web users trade off privacy concerns for the
benefits of information disclosure on IdMS. Therefore, IdMS providers should address users’
privacy concerns about disclosing information and the use of IdMS. IdMS providers should
offer to manage online identities’ services with benefits that balance customers’ privacy
concerns. This study has defined six principles of information practices to which service and
identity providers should adhere in order to ensure privacy. These principles are awareness,
collection, choice, control, improper access and unauthorized secondary use. IdMS providers
need to enhance their privacy assurance practices through privacy notices using security
symbols, and by adding methods to avoid privacy risk perceptions by emphasizing control and
trust (Lee & Cranage 2010). In addition, online privacy seal programs through companies such
as TRUST-e could add integrity to privacy practice (Lee & Cranage 2010). IdMS designers
should also work on developing privacy protection in IdMS, such as self-regulation and
legislation as well as continuing to adopt privacy-enhancing technologies which enhance
privacy practice to suit various audiences (Sheng, Nah & Siau 2008).
This study has demonstrated the importance of ‘task–technology fit’ in explaining behavioural
intentions towards Web-based technology (i.e. IdMS). In related published TTF studies, the
implications for practitioners have mainly been to focus on IT-centric variables with, for
Chapter 8: Discussion and Conclusions
287
example, perceived usefulness or user satisfaction as the key to success (i.e. intention among
users to continue their usage of an IT) (Lee, Cheng & Cheng 2007; Chang 2010; Gebauer, Shaw
& Gribbins 2010) or work-centric variables, for example, users’ utilization of IT functions as
determination of the intention to continue using an IT (Dishaw & Strong 1999; Strong, Dishaw
& Bandy 2006; Larsen et al. 2009; Yuan et al. 2010). Results obtained in this study have
suggested that design variables such as perceived fit and suitability between the technology and
users’ needs with regard to Web-based technology functions can be just as important in
determining the intention to use a Web-based service. Therefore, IT practitioners, and
specifically Web-based technology and IdMS designers, should not only focus on perceived
usefulness, user satisfaction or users’ utilization of IT functions. They should also take into
consideration users’ needs and the perceived fit between task and technology functions when
planning initiatives in which the purpose is to motivate users to use a Web-based technology.
IdMS designers and providers could provide different services to meet different groups’ task
demands to improve user adoption of IdMS. In addition, they should raise their awareness of the
need to design better technological support to ensure the sustainability of their services. For
example, based on this study, IdMS developers may pay close attention to ensuring that IdMS
are able to be used in different operating systems with multiple Internet browsers as well as in
different technologies such as mobile phones and tablets.
IdMS developers and providers need to ensure that they carry out a comprehensive analysis of
the cost–benefit equation towards the development of in-world economies. As shown by our
results for IdMS adoption, users without IdMS-related experience were mainly driven by the
assessment of the benefits of the new technology, and were more focused on the effect of IdMS
adoption costs. In addition, we found that Internet users who were more active on the Web,
specifically social networkers and e-commerce customers, were more likely to provide sensitive
personal information and thus to use IdMS. Our study findings can help IdMS providers to
understand what types of users are more likely to spend money and engage in commercial
transactions using IdMS. This may enable the targeting of users who are more likely to adopt
Chapter 8: Discussion and Conclusions
288
new services under Web 3.0 such as IdMS, with the motivation of either making or spending
money. The proposed model offers an effective tool for understanding market potential through
an analysis of users’ needs and by prototyping market profiles. Furthermore, IdMS designers
should ensure a balanced consideration of user needs, technology characteristics, managerial
barriers and, especially, the Internet platform where IdMS will be used, as adopters would then
be likely to assimilate the innovative technology.
Overall, IdMS designers should seek usability analyses and expert security reviews before
deploying these systems and should develop common trust models with policies that benefit
both users and online service providers. This study concludes its practical implications by
reflecting that “[n]o one organization can ensure a completely trusted system, and any bad or
careless actor can tarnish the reputation of many. Thus, the identity community as a whole has
a responsibility to behave securely and call attention to practices that threaten privacy or are
unsafe. Because of the central position they hope to hold in the online environment, designers
and implementers of identity management systems must be extra vigilant about security
risks”(Dhamija & Dusseault 2008, pp. 27-28).
8.5 Research Limitations and Future Directions Research on IS can be conducted using a variety of strategies and a wide range of settings
(Benbasat & Weber 1996; Banker & Kauffman 2004). In addition, there is no ideal research
since diverse strategies carry comparative strengths and weaknesses (Dennis & Valacich 2001).
As research on IdMS is in the early stages, this study represents one of the first attempts to
empirically examine IdMS approaches and the factors that influence its adoption at the
individual level. Therefore, the current study inevitably confronted several limitations. We next
outline the limitations of this study and identify the suggested further improvements for future
research.
Chapter 8: Discussion and Conclusions
289
Firstly, this study’s potential methodological limitation was related to the survey recruitment
method and the sample used. The study was conducted within social media and e-commerce
Web services’ domains. In addition, the participants of this study were social networkers
specifically Facebook and LinkedIn users.Therefore; this might be a threat to the external
validity of the study because these subjects may not fully represent the entire population of all
potential IdMS users. Moreover, it is not certain whether the results would be applicable to
other contexts, such as e-government or e-health. Future research may look into the possibility
of the generalizability of this research and further strengthen the extant findings by using a large
sample systematically selected from among different subjects and in diverse Web services’
contexts.
In addition, the empirical data was collected from subjects located in Australia, the United
States of America, United Kingdom, Canada and India which, in terms of national
characteristics, are different from other countries. The model test shows that country variable
has no effect on any of the dependent variables. It would be useful to test whether the research
model developed in this study could be generalized to situations in other countries. Recent
research (Srite & Karahanna 2006; McCoy, Galletta & King 2007; Lowry, Cao & Everard
2011; Crossler et al. 2013) has recommended that future research use the adopted national
cultural values and account for cross-cultural differences such as uncertainty avoidance and
collectivism–individualism as direct or moderating impacts. This would more thoroughly
explain the issues of technology adoption in different cultures which are derived from different
perspectives both philosophically as well as the understandings at the individual level.
Furthermore, IdMS are suggested as a “system innovation” by the scope of the system change
which would involve organizational and technical dimensions as well as social and cultural
meaning (Aichholzer & Straub 2010). Thus, future research may consider cultural factors as
they could also affect the adoption of IdMS across nations.
Given the innovative nature of IdMS and the infancy stage of IdMS implementation, this study
has focused on behavioural intention as the only dependent variable in order to understand
Chapter 8: Discussion and Conclusions
290
theory-driven behaviour in the early adoption stage. In addition, this study has used cross-
sectional surveys and data collection carried out by using a non-random sample during both the
pilot study and the main study. Therefore, measurement reliability probably would not be as
robust as in a longitudinal study since the adoption of IdMS is a dynamic and continuous
process. While most of the study participants did not have experience with IdMS or related
services such as SSO, they may not have known what IdMS are. However, all respondents
stated that they understood about IdMS. Further research could employ additional methods in
the future. Future studies could use longitudinal analysis and investigate the research model
across different time periods, examining experienced users and the differences between adopters
and non-adopters to provide more insight into the phenomenon of IdMS adoption. Moreover,
future research using the multi-methodological triangulation method combining quantitative and
qualitative methods is called for in order to explore additional potential variables that will help
to understand users’ perceptions of IdMS and explain improved variances of their behavioural
intention.
Another methodological limitation of this study related to the number of items in several
constructs of the model. As was consistent with previous studies (e.g. Featherman & Pavlou
2003; Kim 2008; Luo et al. 2010) some first-order constructs in the study (i.e. subjective norms,
choice, control, improper access and information disclosure) were measured using only two
items. This could create some risks in the research findings, particularly in terms of reliability
and validity (Gefen, Rigdon & Straub 2011). However, we found that the two-item scales
generally exhibited adequate reliability in all cases and other results confirmed adequate
validity. Future research may look into the possibility of further reinforcement of the extant
instrument items employed for this study and evaluate their applicability in a different context.
Specific IdMS technology and service characteristics were not included or measured in the
model as many IdMS had not yet implemented them. Therefore, future study could include
construct operationalization. Moreover, IdMS functions identified in this study were based on
identity laws and some design features discussed in the literature. However, there could be
Chapter 8: Discussion and Conclusions
291
additional IdMS characteristics. To fulfil users’ needs with regard to IdMS, future research
could investigate more IdMS functions matching users’ needs and examining how these
variables may affect users’ attitude towards IdMS. In addition, specific IdMS tools such as
OpenID could be further studied to define special functions for this system, comparing the
results with other IdMS tools to completely evaluate IdMS design and functions to best support
users’ needs regarding managing online identities.
Rather surprisingly, risk perceptions were not found to have a significant negative relationship
with the intention to use IdMS and the willingness to disclose identity information on the Web.
This possibly reflected the limited assessment of this factor which was evaluated only in
relation to the uncertainty and the likelihood of identity theft. Inclusion of more risk perceptions
such as performance, time, social and psychological loss may give a more complete assessment
of perceived risk, and could increase its apparent significance (Featherman & Pavlou 2003).
Researchers are therefore called to examine comprehensive risk perceptions in the context of the
acceptance of emerging innovative technology, such as IdMS, in its early adoption stage.
This study was limited to only one type of trust in IdMS providers and not to users’ beliefs
about familiar providers. The study also did not differentiate between trust in SPs and IdPs and
treated them holistically under the ‘trust in IdMS providers’ variable. Users may have pre-
existing trust with a SP and may interact for the first time with an IdP (initial trusting belief) or
vice versa when they use IdMS for the first time (Landau, Gong & Wilton 2009). Therefore,
trusting beliefs in IdMS providers in this study were not measured based on all possible
relationships with IdMS providers with whom the user may have familiarity and experience:
consumers are more willing to trust a particular online provider as they develop an ongoing
relationship with that provider (Hoffman, Novak & Peralta 1999). Prior research has found
differences in pre-existing trust and initial trust of service providers (Luo 2010). Future research
could therefore consider further differentiation of users’ trusting beliefs of IdMS providers as
well as comparing this between familiar versus unfamiliar providers: this could enhance the
understanding of trusting beliefs in IdMS.
Chapter 8: Discussion and Conclusions
292
This study has examined the effects of information disclosure and willingness to disclose
identity information on users’ behaviour intention. Information disclosure was measured using
two questions which reflected on the frequency with which respondents had disclosed their
personal information in the past to any website for financial and non-financial transactions. The
willingness to disclose identity information was measured using three items which reflected
respondents’ intentions to provide and share their identity information in the future. However,
the value, types and quality of identity information were not examined in this study. In addition,
as this study employed a self-reporting questionnaire for measuring participants’ perceptions
and usage behaviour, it is possible that respondents over-reported their answers (Straub, Gefen
& Boudreau 2005). Further research might measure the disclosure of identity information on the
Internet more directly rather than relying on self-reports and could ask the post-exposure
questionnaire to check off any false information that the respondents may provide to the
questionnaire (Metzger 2004).
This study did not examine the effect of computer-mediated communication (CMC) technology
factors such as the user interface functions of IdMS; nevertheless, we hoped that our results
would inform the design of IdMS interfaces. It has been noted that system interface is critical to
user performance on IT and has an important role in terms of user acceptance of new technology
(Lee, Kang & Kim 2007). In addition, IdMS are more likely to be adopted if they are easy to
download, install and configure which includes the authentication process and password
interfaces (Dhamija & Dusseault 2008). Therefore, a potential approach which incorporates
additional factors relevant to users’ decisions to adopt IdMS might be beneficial. Further
research could examine specific IdMS characteristics to investigate the effect of individual
interface features and compare the usability of IdMS design with existing interfaces to provide
best practices and design guidelines for implementing usable log-in interfaces on both SPs and
IdPs websites.
Chapter 8: Discussion and Conclusions
293
Finally, extensive efforts were taken to review all of the literature related to this study; however,
it is important to acknowledge that it is possible that some previous research may have been
overlooked in this process. In addition; this study has provided a comprehensive model for
IdMS adoption. While the current model includes the dominant factors that affect user adoption
of IdMS at the individual level, other factors which did not come to light in the current study
could explain and influence users’ behavioural intentions to adopt IdMS. We suggest that future
research should investigate additional and new constructs (e.g. personality traits, habits, ability
to manage different passwords; and reputation/experience with specific IdMS) that may help to
increase the adoption of IdMS. In addition, it would also be beneficial to explore the
antecedents of factors that were identified in this study such as perceived ease of use, risk,
privacy concerns and trusting beliefs, explaining how these factors affect users’ perceptions of
IdMS and further improving the explanatory power of these variables.
Chapter 8: Discussion and Conclusions
294
8.6 Concluding Remarks The main objective of this study was to identify and empirically examine the factors affecting
user adoption of IdMS. In order to achieve the objective, a structured review of the IdMS, IS/IT
and Web-based applications’ adoption literature was undertaken. Drawing upon behavioural and
technology adoption theories from the IS, psychology and economics literature, as well as the
context-specific characteristics of the IdMS, a conceptual model and a set of hypotheses were
developed. The research model was specified as a complex model with hierarchical and
unidimensional constructs. This study was conducted and the model was tested in the contexts
of social networking and e-commerce. Expert panels, survey pre-tests as well as a pilot study
with a total of 150 samples were conducted and analyzed to develop and validate the research
instruments. A total of 332 samples were analyzed to test the conceptual model in the main
study. This study applied PLS path modelling to assess the model and test the associations
among constructs. The findings of the study successfully verified satisfactory measurement and
structural properties of the research model, confirming most of the proposed hypotheses. In
addition, the study confirmed the significant effect of previous IdMS experience (prior use of
SSO) as a moderator variable. The study also confirmed the impact of some contextual and
individual differences variables on user adoption of IdMS.
This study is one of the first to empirically examine user adoption of IdMS and to explore
various categories of individual motivations in IdMS use. The main significant contribution of
this study lies in providing a theoretical user-adoption model relevant to IdMS. This study
contributes to the IdMS research by conducting behavioural, empirical research in IdMS which
helps to extend the body of knowledge of IS/IT adoption into the IdMS domain. The findings of
the study offer a road map and develop guidelines for IdMS providers and designers to achieve
user acceptance of IdMS. This study contributes to the successful use of IdMS by end-users. In
addition, the study has identified some technical areas needing further investigation. The
proposed framework also offers an increased understanding of users’ perceptions and concerns
which, in turn, could provide a tool that could be used to develop mechanisms and strategies
Chapter 8: Discussion and Conclusions
295
that will encourage IdMS adoption. Although this study was conducted in the domain of IdMS,
our findings may be of interest to any Web-based service or technology which deals with users’
identity information.
The study findings confirm that IdMS will be the alternative and attractive solution for
managing and maintaining online identities on the Internet. However, the overall adoption and
user acceptance of the IdMS artefact will be driven by end-users’ beliefs, perceptions and needs,
and their effects on users’ behavioural intention towards IdMS. This study suggests some
important factors which affect users’ behavioural intention to adopt IdMS including usefulness,
ease of use, task–technology fit, trusting beliefs, trust in the Internet, information disclosure,
privacy concerns and cost. Hence, the IdMS user adoption model will play an instrumental role
in increasing the user acceptance rate, evaluating technical areas, providing successful
implementation and creating security and privacy policies.We hope this study stimulates further
research and provides a useful lens through which to explore individuals’ beliefs and
perceptions in the context of adoption of IdMS and emerging innovative technology in its early
adoption stage.
References
296
References
Acquisti, A. & Grossklags, J. 2005, 'Privacy and Rationality in Decision Making', IEEE Security & Privacy, vol. 3, no. 1, pp. 26-33.
Adjei, K.J. & Olesen, H. 2011, 'Keeping Identity Private -Establishing Trust in the Physical and Digital World for Identity Management Systems', Vehicular Technology Magazine, IEEE vol. 6, no. 3, pp. 70 -9.
Agarwal, R. & Prasad, J. 1998, 'A conceptual and operational definition of personal innovativeness in the domain of information technology', Information Systems Research, vol. 9, no. 2, pp. 204–15.
Agarwal, R. & Prasad, J. 1999, 'Are Individual Differences Germane to the Acceptance of New Information Technologies?', Decision Sciences, vol. 30, no. 2, pp. 361–91.
Agre, P.E. 1997, ' Introduction', in P.E. Agre & M. Rotenberg (eds), Technology and privacy: The new landscape, The MIT Press, London.
Aichholzer, G. & Strauß, S. 2009, 'The Citizen’s Role in National Electronic Identity Management. A Case-study on Austria', Proceedings of the Second International Conference on Advances in Human-Oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC 09), IEEE Computer Society, Porto, Portugal, pp. 45-50.
Aichholzer, G. & Strauß, S. 2010, 'Electronic identity management in e-Government 2.0: Exploring a system innovation exemplified by Austria', Information Polity, vol. 15 no. 1-2, pp. 139–52.
Ajzen, I. 1991, 'The Theory of Planned Behavior.', Organizational Behavior and Human Decision Processes, vol. 50, no. 2, pp. 179-211.
Ajzen, I. & Fishbein, M. 1980, Understanding Attitudes and Predicting Social Behavior, Prentice-Hall, Englewood Cliffs,NJ.
Akerof, G.A. & Kranton, R.E. 2000, 'Economics and Identity', The Quarterly Journal of Economics, vol. 115, no. 3, pp. 715-53.
Al-Gahtani, S.S., Hubona, G.S. & Wang, J. 2007, 'Information technology (IT) in Saudi Arabia: Culture and the acceptance and use of IT', Information and Management, vol. 44, no. 8, pp. 681–91.
Al-Sinani, H.s., Alrodhan, W.A. & Mitchell, C.J. 2010, 'CardSpace-Liberty integration for CardSpace users', Proceedings of the Ninth Symposium on Identity and Trust on the Internet (IDtrust 10), ACM, New York, USA.
Al-Sinani, H.S. & Mitchell, C.J. 2010, 'Using CardSpace as a Password Manager', Proceedings of Policies and Research in Identity Management, Second IFIP WG 11.6 Working Conference, Oslo, Norway.
Al-Sinani, H.S. & Mitchell, C.J. 2011, 'Client-Based CardSpace-OpenID Interoperation', Proceedings of the Twenty-Sixth International Symposium on Computer and Information Sciences(ISCIS 2011), London, UK, pp. 387-93.
Alavi, M. & Carlson, P. 1992, 'A Review of MIS Research and Disciplinary Development', Journal of Management Information Systems, vol. 8, no. 4, pp. 45 - 62.
Alavi, M. & Henderson, J.C. 1981, 'An evolutionary strategy for implementing a decision support systems', Management Science, vol. 27, no. 11, pp. 1309-22.
References
297
Alavi, M. & Joachimsthaler, E.A. 1992, 'Revisiting DSS Implementation Research: A Meta-Analysis of the Literature and Suggestions for Researchers', MIS Quarterly, vol. 16, no. 1, pp. 95-116.
Alesandro, A., Friedman, A. & Telang, R. 2006, 'Is There a Cost to Privacy Breaches? An Event Study', Proceedings of the Twenty-Seventh International Conference on Information Systems, Milwaukee, WI.
AlHinai, Y.S., Kurnia, S. & Smith, S.P. 2010, 'The adoption of mobile commerce services by individuals: A Current State of the Literature', Proceedings of 21st Australasian Conference on Information Systems, Brisbane,Australia.
Al-Omoush, K.S., Yaseen, S.G. & Alma’aitah, M.A. 2012, 'The impact of Arab cultural values on online social networking: The case of Facebook', Computers in Human Behavior, vol. 28, no. 6, pp. 2387–99.
Alpar, G., Hoepman, J. & Siljee, J. 2011, 'The Identity CrisisSecurity, Privacy and Usability
Issues in Identity Management', The Computer Research Repository (CoRR), vol. 1101.
Alrodhan, W. & Mitchell, C. 2009, 'Improving the Security of CardSpace', EURASIP Journal on Information Security, vol. 2009.
Alvarez, R.M., Sherman, R.P. & VanBeselaere, C. 2003, 'Subject Acquisition for Web-Based Surveys', Political Analysis, vol. 11, no. 1, pp. 23-43.
Amoako-Gyampah, K. & Salam, A.F. 2004, 'An extension of the technology acceptance model in an ERP implementation environment', Information & Management, vol. 41, no. 6, pp. 731–45.
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Pellegrino, G. & Sorniotti, A. 2013, 'An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations', Computers & Security, vol. 33, pp. 41–58.
Armitage, A. & Keeble-Allen, D. 2008, 'Undertaking a Structured Literature Review or
Structuring a Literature Review: Tales from the Field', The Electronic Journal of Business Research Methods, vol. 6, no. 2, pp. 103 - 14.
Armstrong, J.S. & Overton, T.S. 1977, 'Estimating Non-Response Bias in Mail Surveys', Journal of Marketing Research, vol. 14, pp. 396-402.
Arora, S. 2008, ' National eID card schemes: A European overview', Information Security Technical Report, vol. 13, no. 2, pp. 43–53.
Atinc, G., Simmering, M.J. & Kroll, M.J. 2012, 'Control Variable Use and Reporting in Macro and Micro Management Research', Organizational Research Methods, vol. 15, no. 1, pp. 57-74.
Atkinson, J.W. 1964, An introduction to motivation, Oxford, England: Van Nostrand.
Attewell, P. & Rule, J.B. 1991, Survey and other methodologies applied to IT impact research: experiences from a comparative study of business computing, Harvard Business School Press, Boston, Massachusetts.
Back, M.D., Stopfer, J.M., Vazire, S., Gaddis, S., Schmukle, C., Egloff, B. & Gosling, S.D. 2010, 'Facebook Profiles Reflect Actual Personality, Not Self-Idealization', Psychological Science, vol. 21, no. 3, pp. 372-4.
Bagozzi, R.P. 2007, 'The Legacy of the Technology Acceptance Model and a Proposal for a Paradigm Shift.', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 244-54.
Bagozzi, R.P. & Yi, Y. 1988, 'On the evaluation of structural equation models', Journal of the Academy of Marketing Science ,vol. 16, no. 1, pp. 74–94.
References
298
Balasubramaniam, S., A.Lewis, G., Morris, E., Simanta, S. & B.Smith, D. 2009, 'Identity Management and its Impact on Federation in a System-of-Systems Context', Proceedings of the Third Annual IEEE International Systems Conference, IEEE, Vancouver, Canada.
Baldoni, R. 2012, 'Federated Identity Management Systems in e-Government: the Case of Italy', Electronic Government: An International Journal, vol. 9, no. 1, pp. 64-84.
Bandura, A. 1986, Social Foundations of Thought and Action: A social cognitive theory, Prentice-Hall, Englewood Cliffs,NJ.
Bandyopadhyay, K. & Fraccastoro, K.A. 2007, 'The Effect of Culture on User Acceptance of Information Technology', Communications of the Association for Information Systems, vol. 19, no. 1, pp. 522-43.
Banker, R.D. & Kauffman, R.J. 2004, 'The Evolution of Research on Information Systems: A Fiftieth-Year Survey of the Literature in Management Science', Management Sience, vol. 50, no. 3, pp. 281- 98.
Bansal, G., Zahedi, F.M. & Gefen, D. 2010, ' The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online', Decision Support Systems, vol. 49, no. 2, pp. 138-50.
Barati, S. & Mohammadi, S. 2009, 'An Efficient Model to Improve Customer Acceptance of Mobile Banking', Proceedings of the World Congress on Engineering and Computer Science, vol. 2, San Francisco, USA.
Barclay, D., Higgins, C. & Thompson, R. 1995, 'The Partial Least Squares (PLS) Approach to Causal Modeling: Personal Computer Adoption and Use as an Illustration', Technology Studies, vol. 2, no. 2, pp. 285-309.
Barnes, S.J. & LHuff, S. 2003, ' Rising Sun: imode and the wireless internet.', Communications of the ACM, vol. 46, no. 11, pp. 97-84.
Bauer, M., Meints, M. & Handsen, M. 2005, D3.1: Structured overview on prototypes and concepts of identity management systems, FIDIS, viewed 24 December 2011 <http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.overview_on_IMS.final.pdf>.
Beggs, A. & Klemperer, P. 1992, 'Multi-period Competition with Switching Costs', Econometrica, vol. 60, no. 3, pp. 651-66.
Behrenda, T.S., Wiebeb, E.N., Londonb, J.E. & Johnsonc, E.C. 2011, 'Cloud computing adoption and usage in community colleges', Behaviour & Information Technology, vol. 30, no. 2, pp. 231–40.
Belanger, F. & Carter, L. 2008, 'Trust and risk in e-government adoption', Journal of Strategic Information Systems vol. 17, no. 2, pp. 165–76.
Benbasat, I. & Barki, H. 2007, 'Quo vadis, TAM?', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 211-8.
Benbasat, I. & Weber, R. 1996, 'Research commentary: Rethinking "diversity" in information systems research', nformation Systems Research, vol. 7, no. 4, pp. 389-99.
Benslimane, Y., Plaisent, M. & Bernard, P. 2002, ' Applying the Task-Technology Fit Model to WWW-based Procurement: Conceptualization and Measurement', Proceedings of the 36th Hawaii International Conference on System Sciences (HICSS’03), Hawaii.
Bertino, E. & Takahashi, K. 2010, Identity Management: Concepts, Technologies, and Systems, Artech House.
References
299
Bertocci, V., Serack, G. & Baker, C. 2007, Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities, Addison-Wesley Professional.
Bhargav-Spantzel, A., Camenisch, J., Gross, T. & Sommer, D. 2007, 'User centricity: taxonomy and open issues', Journal of Computer Security, vol. 15, no. 5, pp. 493-527.
Bhattacherjee, A. 2001, 'Understanding Information Systems Continuance:An Expectation-Confirmation Model', MIS Quarterly, vol. 25, no. 3, pp. 351-70.
Bhattacherjee, A. & Premkumar, G. 2004, 'Understanding changes in belief and attitude toward information technology usage: a theoretlcal model and longitudinal test', MIS Quarterly, vol. 28, no. 2, pp. 229-54.
Birrell, E. & Schneider, F. 2012, Federated Identity Management Systems:A Privacy-based Characterization, Technical Report , Cornell University.
Bohrnstedt, G.W. 1970, 'Reliability and validity assessment in attitude measurement', in G.F. Summers (ed.), Attitude measurement, Rand-McNally, Chicago.
Booth, A.L. & Nolen, P. 2012, 'Gender differences in risk behaviour: does nurture matter?', The Economic Journal, vol. 122, no. 558, pp. F56–F78.
Borcea-Pfitzmann, K., Hansen, M., Liesebach, K., Pfitzmann, A. & Steinbrecher, S. 2006, 'What user-controlled identity management should learn from communities', Information security technical report, vol. 11, no. 3, pp. 119–28.
Boyd, D.M. & Ellison, N.B. 2008, 'Social network sites: Definition, history, and scholarship', Journal of Computer-Mediated Communication, vol. 13, pp. 210–30.
Brody, R.G., Mulig, E. & Kimball, V. 2007, 'Phishing, pharming and identity tthef', Academy of Accounting and Financial Studies Journal, vol. 11, no. 3, pp. 43-7.
Buchanan, T., Paine, C., Joinson, A.N. & Reips, U.-D. 2007, 'Development of Measures of Online Privacy Concern and Protection for Use on the Internet', Journal of the American Society for Information Science and Technology, vol. 58, no. 2, pp. 157–65.
Business Wire 2008, Identity Theft Twice as Likely in English-Speaking Countries :PayPal Trust and Safety Study Reveals that Online Fraud and Identity Theft are Global Concerns, Business Wire, viewed 21 December 2012 <http://www.businesswire.com/news/home/20081021005640/en/Identity-Theft-English-Speaking-Countries>.
Cameron, K. 2005, The Laws of Identity, Microsoft Corporation, viewed 18 March 2011 <http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf>.
Cameron, K. & Jones, M.B. 2007, 'Design Rationale behind the Identity Metasystem Architecture', in, ISSE/SECURE 2007 Securing Electronic Business Processes, Vieweg, Fachverlage GmbH, Wiesbaden, pp. 117-29.
Cameron, K., Posch, R. & Rannenberg, K. 2009, ' Proposal for a common identity framework: A user-centric identity metasystem', in K. Rannenberg, D. Royer & A. Deuker (eds), The Future of Identity in the Information Society, Springer, pp. 477–500.
Cane, S. & McCarthy, R. 2009, 'Analayzing The Factors that Affect Information Systems Use: A Task-Technology Fit-Meta Analysis', The Journal of Computer Information Systems, vol. 50, no. 1, pp. 108-23.
Canhoto, A.I. & Backhouse, J. 2007, 'Profiling under conditions of ambiguity—An application in the financial services industry', Journal of Retailing and Consumer Services, vol. 14, no. 6, pp. 408–19.
References
300
Cao, Y. & Yang, L. 2010, 'A survey of Identity Management technology ', Proceedings of the IEEE International Conference on Information Theory and Information Security (ICITIS), Qinhuangdao, China, pp. 287 - 93
Cao, Y., Yang, L., Fu, Z. & Yang, F. 2011, 'Identity Management Architecture: Paradigms and Models', Applied Mechanics and Materials, vol. 40-41 pp. 647-51.
Carlson, K.D. & Wu, J. 2012, 'The Illusion of Statistical Control : Control Variable Practice in Management Research', Organizational Research Methods, vol. 15, no. 3, pp. 413-35.
Carter, L. & Be´Langer, F. 2005, 'The utilization of e-government services: citizen trust, innovation and acceptance factors', Information Systems Journal, vol. 15, no. 1, pp. 5–25.
Castaneda, J.A., Munoz-Leivaa, F. & Luquea, T. 2007, 'Web Acceptance Model (WAM): Moderating effects of user previous experiencene', Information & Management, vol. 44, no. 4, pp. 384-96.
Caudill, M.E. & Murphy, E.P. 2000, 'Consumer Online Privacy: Legal and Ethical Issues', Journal of Public Policy & Marketing, vol. 19, no. 1, pp. 7-19.
Chan, S.C. & Lu, M. 2004, 'Understanding Internet Banking Adoption and Use Behavior: A Hong Kong Perspective', Journal of Global Information Management, vol. 12, no. 3, pp. 21-44.
Chang, H. 2010, 'Task-technology fit and user acceptance of online auction', InternationalJournal of Human-Computer Studies, vol. 68, no. 1-2, pp. 69–89.
Chelune, G.J. 1987, 'A neuropsychological perspective of interpersonal communication', in V.J. Derlega & J.H. Berg (eds), Self-disclosure: Theory, research, and therapy, Plenum, New York, pp. 10-34.
Chen, H.-C., Yen, D.C. & Hwang, M.I. 2012, 'Factors influencing the continuance intention to the usage of Web 2.0: An empirical study', Computers in Human Behavior, vol. 28, no. 3, pp. 933–41.
Chen, K. & Rea, A.J. 2004, 'Protecting personal information online: a survey of user privacy
concerns and control techniques', Journal of Computer Information Systems, vol. 44, no. 4, pp. 85–92.
Cheng, T.C., Lam, D. & Yeung, A. 2006, 'Adoption of internet banking: An empirical study in Hong Kong', Decision Support Systems, vol. 42, no. 3, pp. 1558–72.
Cheung, R. & Vogel, D. 2013, ' Predicting user acceptance of collaborative technologies: An extension of the technology acceptance model for e-learning', Computers & Education, vol. 63, no. April 2013, pp. 160–75.
Chin, W.W. 1995, 'PLS is to LISREL as Principal Components Analysis is to Common Factor
Analysis', Technology Studies, vol. 2, pp. 315-9.
Chin, W.W. 1998a, 'Commentary: issues and opinion on structural equation modeling', MIS Quarterly, vol. 22, pp. vii–xvi.
Chin, W.W. 1998b, 'The Partial Least Squares Approach for Structural Equation Modeling', in G.A. Marcoulides (ed.), Modern Methods for Business Research, Lawrence Erlbaum Associates, Mahwah, New Jersey, pp. 295-336.
Chin, W.W. 2010, 'How to Write Up and report PLS Analyses', in V.E. Vinzi, W.W. Chin, J. Henseler & H. Wang (eds), Handbook of Partial Least Squares, Springer-Verlag, Berlin, pp. 655-90.
References
301
Chin, W.W., Gopal, A. & Salisbury, W.D. 1997, 'Advancing the Theory of Adaptive Structuration: The Development of a Scale to Measure Faithfulness of Appropriation', Information Systems Research, vol. 8, no. 4, pp. 342-67.
Chin, W.W., Marcolin, B.I. & Newsted, P.R. 2003, 'A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study', Information Systems Research, vol. 14, no. 2, pp. 189-217.
Chin, W.W. & Newsted, P.R. 1999, 'Structural Equation Modeling Analysis with Small Samples Using Partial Least Squares', in R. Hoyle (ed.), Statistical Strategies for Small Sample Research, Sage Publications, Newbury Park, CA, pp. 307-41.
Chin, W.W., Thatcher, J.B. & Wright, R.T. 2012, 'Assessing Common Method Bias:Problems With The ULMC Technique', MIS Quarterly vol. 36, no. 3, pp. 1003-19.
Cho, V. 2006, 'A study of the roles of trusts and risks in information-oriented online legal services using an integrated model', Information & Management, vol. 43, no. 4, pp. 502–20.
Chong, A., Chan, F. & Ooi, K.-B. 2012, 'Predicting consumer decisions to adopt mobile commerce: Cross country empirical examination between China and Malaysia', Decision Support Systems, vol. 53, no. 1, pp. 34–43.
Choudrie, J. & Dwivedi, Y.K. 2005, ' Investigating the research approaches for examining
technology adoption issues', Journal of Research Practice, vol. 1, no. 1.
Churchill, G.A. 1979, 'A paradigm for developing better measures of marketing constructs', Journal of Marketing Research, vol. 16, no. 1, pp. 64-73.
Clarke, R. 1993, 'Computer Matching and Digital Identity', Proceedings of Computers, Freedom & Privacy Conference, San Francisco,USA.
Clarke, R. 1999, 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice', Proceedings of User Identification & Privacy Protection Conference, Stockholm, Sweden.
Cohen, J. 1988, Statistical Power Analysis for the Behavioral Sciences 2nd edn, Lawrence Erlbaum Associates, Hillsdale, NJ.
Cohen, W.M. & Levinthal, D.A. 1990, 'Absorptive Capacity: A New Perspective on Learning and Innovation', Administrative Science Quarterly, vol. 35, no. 1, pp. 128-52.
Comley, P. 2002, 'Online Survey Techniques: Current Issues and Future Trends', Interactive Marketing, vol. 4, no. 2, pp. 156-69.
Compeau, D., Higgins, C.A. & Huff, S. 1999, 'Social cognitive theory and individual reactions to computing technology: A longitudinal study', MIS Quarterly, vol. 23, no. 2, pp. 145-59.
Compeau, D.R. & Higgins, C.A. 1995, 'Computer Self-Efficacy: Development of a Measure and Initial Test', MIS Quarterly, vol. 19, no. 2, pp. 189-211.
Conway, J.M. & Huffcutt, A.L. 2003, 'A Review and Evaluation of Exploratory Factor Analysis Practices in Organizational Research', Organizational Research Methods, vol. 6, no. 2, pp. 147-68.
Cook, C., Heath, F. & Thompson, R.L. 2000, 'A Meta-Analysis of response rates in Web- or Internet-based surveys', Educational and Psychological Measurement, vol. 60, no. 6, pp. 821-36.
Coopamootoo, P.L. & Ashenden, D. 2011, 'Designing Usable Online Privacy Mechanisms:What Can we Learn from Real World Behaviour', in S. Fischer-Hübner, P.
References
302
Duquenoy, M. Hansen, R. Leenes & G. Zhang (eds), Privacy and Identity Management for Life: 6th IFIP WG 9. 2, 9. 6/11. 7, 11. 4, 11. 6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers, Springer.
Cooper, D.R. & Schindler, P.S. 2008, Business Research Methods, 10 edn, McGraw Hill, Irwin.
Corrocher, N. 2011, 'The adoption of Web 2.0 services: An empirical investigation', Technological Forecasting & Social Change, vol. 78, no. 4, pp. 547–58.
Costello, A.B. & Osborne, J.W. 2005, 'Best Practices in Exploratory Factor Analysis: Four Recommendations for Getting the Most From Your Analysis', Practical Assessment, Research & Evaluation, vol. 10, no. 7, pp. 1-9.
Couper, M.P. 2000, 'Web Surveys: A Review of Issues and Approaches', The Public Opinion Quarterly, vol. 64, no. 4, pp. 464-94.
Crawford, S.D., Couper, M.P. & Lamias, M.J. 2001, 'Web Surveys : Perceptions of Burden', Social Science Computer Review, vol. 19, no. 2, pp. 146-62.
Crespo, A.H. & delBosque, I.R. 2008, 'The effect of innovativeness on the adoption of B2C e-commerce: A model based on the Theory of Planned Behaviour', Computers in Human Behavior, vol. 24, no. 6, pp. 2830–47.
Crespo, A.H. & delBosque, I.R. 2010, 'The influence of the commercial features of the Internet on the adoption of e-commerce by consumers', Electronic Commerce Research and Applications, vol. 9, no. 6, pp. 562-75
Creswell, J.W. 2003, Research Design Qualitative, Quantitative and Mixed Methods Approaches, 2nd edn, Sage Publications, Chennai, India.
Crompton, M. 2010, 'Usercentric identity management: An oxymoron or the key to getting identity management right?', Information Polity vol. 15, pp. 291–7.
Cronbach, L.J. 1971, 'Test validation', in R.L. Thorndike (ed.), Educational measurement, 2nd edn, American Council on Education, Washington, DC, pp. 443-508.
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. & Baskerville, R. 2013, 'Future directions for behavioral information security research', Computers & Security, vol. 32, pp. 90–101.
Crowston, K., Fitzgerald, B., Gloor, P., Schultze, U. & Yoo, Y. 2010, 'Shifting Boundries: How Sould IS Researchers Study NonOrgantizational Uses of ICT?', Proceedings of the Thirty-First International Conference on Information Systems, St. Louis ,USA.
Cser, A. 2008, Forrester TechRadar: Identity And Access Management, Q2 2008, Forrester Research viewed 20 April 2011 <www.forrester.com/go?docid=45768>.
Cser, A. & Penn, J. 2008, Identity Management Market Forecast: 2007 To 2014 Provisioning Will Extend Its Dominance Of Market Revenues, Forrester Research.
Cunningham, S. 1967, 'The major dimensions of perceived risk', in D. Cox (ed.), Risk Taking and Information Handling in Consumer Behavior, Harvard University Press, Cambridge, MA.
D'Ambra, J. & Wilson, C. 2004a, 'Explaining Perceived Performance of the World Wide Web: Uncertainty and the Task-Technology Fit Model', Internet Research, vol. 14, no. A, pp. 294-310.
D'Ambra, J. & Wilson, C. 2004b, ' Use of the World Wide Web for International Travel: Integrating the Construct of Uncertainty in Information Seeking and the Task Technology Fit Model', Journal of the American Society for Information Science and Technology, vol. 55, no. 8, pp. 731-42.
References
303
Dabrowski, M. & Pacyna, P. 2008, 'Generic and complete three-level identity management model', Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies, Cap Esterel.
Daemen, T. & Rubinstein, I. 2006, The identity metasystem:Towards a privacy-compliant solution to the challenges of digital identity, Microsoft Corporation.
Davis, F.D. 1989, 'Perceived usefulness, perceived ease of use, and user acceptance of information technology', MIS Quarterly, vol. 13, no. 3, pp. 319-40.
Davis, F.D. 1993, 'User acceptance of information technology– system characteristics, user perceptions and behavioral impacts', International Journal of Man-Machine Studies, vol. 38, no. 3, pp. 475–87.
Davis, F.D., Bagozzi, R.P. & Warshaw, P.R. 1992, 'Extrinsic and Intrinsic Motivation to Use Computers in the Workplace', Journal of Applied Social Psychology, vol. 22, no. 14, pp. 1111-32.
Davis, F.D., Bagozzi, R.P. & Warshaw, R.P. 1989, 'User Acceptance of Computer Technology: A Comparison of Two Theoretical Models', Management Science, vol. 35, no. 8, pp. 982-1003.
DeCock, D., Simoens, K. & Preneel, B. 2008, ' Insights on identity documents based on the Belgian case study', Information Security Technical Report, vol. 13, no. 2, pp. 54–60.
DeCoster, J. 1998, 'Overview of Factor Analysis', viewed 11 August 2011, < http://www.stat-help.com/notes.html>.
DeLone, W. & McLean, E. 1992, 'Information systems success: The quest for the dependent variable', Information Systems Research, vol. 3, no. 1, pp. 60-5.
Dennis, A.R. & Valacich, J.S. 2001, 'Conducting research in information systems', Communications of AIS, vol. 7, no. 1, pp. 1–41.
Dennis, A.R., Wixom, B.H. & Vandenberg, R.J. 2001, 'Understanding Fit and Appropriation Effects in Group Support Systems Via Meta-Analysis', MIS Quarterly, vol. 25, no. 2, pp. 167-93.
Dey, A. & Weis, S. 2010, 'PseudoID: Enhancing Privacy in Federated Login', Hot Topics in Privacy Enhancing Technologies, pp. 95-107.
Dhamija, R. & Dusseault, L. 2008, 'The Seven Flaws of Identity Management :Usability and Security Challenges', IEEE Security & Privacy, vol. 6, no. 2, pp. 24-9.
Dillman, D.A., Smyth, J.D. & Christian, L.M. 2008, Internet, Mail, and Mixed-Mode Surveys: The Tailored Design Method, third edn, Wiley.
Dillon, A. 2001, 'User acceptance of information technology', in W. Karwowski (ed.), Encyclopedia of Human Factors and Ergonomics, Taylor and Francis, London
Dillon, A. & Morris, M. 1996, 'User acceptance of new information technology: theories and models', in M. Williams (ed.), Annual Review of Information Science and Technology, vol. 31, Information Today Medford , NJ, pp. 3-32.
Dillon, R.S. 2010, 'Respect for persons, identity, and information technology', Ethics and Information Technology, vol. 12, no. 1, pp. 17–28.
Dinev, T. & Hart, P. 2006, 'Internet privacy concerns and social awareness as determinants of intention to transact', International Journal of Electronic Commerce, vol. 10, no. 2, pp. 7–31.
Ding, C.G. & Lin, C.-H. 2012, ' How does background music tempo work for online shopping?', Electronic Commerce Research and Applications, vol. 11, no. 3, pp. 299–307.
References
304
Dishaw, M., Strong, D. & Bandy, B. 2004, 'The Impact of Task-Technology Fit inTechnology Acceptance and Utilization Models', Proceedings of the Tenth Americas Conference on Information Systems (AMCIS), New York,USA, pp. 3306-11.
Dishaw, M.T. & Strong, D.M. 1998, 'Supporting Software Maintenance with Software Engineering Tools: A Computed Task-Technology Fit Analysis', The Journal of Systems and Software, vol. 44, no. 2, pp. 107-20.
Dishaw, M.T. & Strong, D.M. 1999, ' Extending the technology acceptance model with task-technology fit constructs', Information & Management, vol. 36, no. 1, pp. 9-21.
Dishaw, M.T. & Strong, D.M. 2003, 'The Effect of Task and Tool Experience on Maintenance CASE Tool Usage', Information Resources Management Journal, vol. 16, no. 3, pp. 1-16.
Dishaw, M.T. & Strong, D.M. 2005, 'Examining Multiple Dimensions of Task Technology Fit', Proceedings of the Eleventh Americas Conference on Information Systems(ACIS), Omaha, NE, USA.
Djamasbi, S., Strong, D.M. & Dishaw, M. 2010, 'Affect and acceptance: Examining the effects of positive mood on the technology acceptance model', Decision Support Systems vol. 48 no. 2, pp. 383–94.
Donaldson, T. & Dunfee, W.T. 1994, 'Toward a Unified Conception of Business Ethics: Integrative Social Contracts Theory', Academy of Management Review, vol. 19, no. 2, pp. 252-84.
Dowling, G.R. & Staelin, R. 1994, 'A Model of Perceived Risk and Intended Risk-handling Activity', Journal of Consumer Research, vol. 21, no. 1, pp. 193-210.
Du, P.G. 2007, Organizing Identity, Sage, London.
Duggan, M. & Brenner, J. 2013, The Demographics of Social Media Users — 2012, Pew Internet, viewed 2 Feburary 2013, <http://pewinternet.org/~/media//Files/Reports/2013/PIP_SocialMediaUsers.pdf>.
Dunleavy, P., Margetts, H., Bastow, S. & Tinkler, J. 2006, Digital Era Governance, Oxford
University Press, Oxford.
Dwivedi, Y., Williams, M., B, L. & Schwartz, A. 2008, 'Profiling adoption, acceptance, and diffusion research in the information systems discipline', Proceedings of the Sixteenth European Conference on Information Systems(ECIS), Galway, Ireland.
Dwyer, C., Hiltz, S. & Passerini, K. 2007, 'Trust and privacy concern within social networking sites: a comparison of Facebook and MySpace', Proceedings of the Thirtieth Americas Conference on Information Systems(ACIS), Keystone,Colorado.
Edwards, J.R. 2001, 'Multidimensional constructs in organizational behavior research: an integrative analytical framework', Organizational Research Methods, vol. 4, no. 2, pp. 144-92.
Economist Intelligence Unit (EIU) 2007, Digital identity authentication in e-commerce, The Economist Intelligence Unit.
El-Maliki, T. & Seigneur, J.-M. 2007, 'A Survey of User-centric Identity Management Technologies', Proceedings of International Conference on Emerging Security Information, Systems and Technologies, IEEE Computer & society, Valencia,Spain, pp. 12-7.
Elliot, A.J. & Devine, P.G. 1994, 'On the Motivational Nature of Cognitive Dissonance: Dissonance as Psychological Discomfort', Journal of Personality and Social Psychology vol. 67, no. 3, pp. 382-94.
References
305
Featherman, M.S. & Pavlou, P.A. 2003, 'Predicting e-services adoption: a perceived risk facets perspective', Int. J. Human-Computer Studies vol. 59, no. 4, pp. 451–74.
Federal Trade Commission (FTC) 2011, 'Consumer Sentinel Network Data Book for January – December, 2010', pp. 1-90, viewed 2 March 2011, <http://www.ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2010.pdf>.
Federal Trade Commission (FTC) 2012, 'Consumer Sentinel Network Data Book for January – December, 2011', pp. 1-90, viewed 15 January 2013, <http://ftc.gov/sentinel/reports/sentinel-annual-reports/sentinel-cy2011.pdf>.
Ferdous, M.S., Jabed, M., Chowdhury, M., Moniruzzaman, M. & Chowdhury, F. 2012, 'Identity federations: A new perspective for Bangladesh', Proceedings of International Conference onInformatics, Electronics & Vision (ICIEV), Dhaka , Bangladesh, pp. 230 – 5.
Ferdous, M.S. & Josang, A. 2013, 'Entity Authentication & Trust Validation in PKI using Petname Systems', in A. Elci (ed.), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS), IGI Global.
Ferdous, M.S. & Poet, R. 2012, 'A Comparative Analysis of Identity Management Systems ', Proceedings of International Conference on High Performance Computing and Simulation (HPCS), Madrid, Spain, pp. 454 - 61.
Ferrat, T. & Vlahos, G. 1998, ' An Investigation of TaskTechnology Fit for Managers in Greece
and the US', European Journal of Information Systems, vol. 7, no. 2, pp. 123-36.
Festinger, L.A. 1957, A Theory of Cognitive Dissonance, Row, Peterson, Evanston, IL.
Field, A.P. 2009, Discovering statistics using SPSS :(and sex and drugs and rock 'n' roll), 3rd edn, Sage, London.
Finklea, K.M. 2010, Identity Theft: Trends and Issues, Congressional Research Service.
Finklea, K.M. 2012, Identity Theft: Trends and Issues, Congressional Research Service.
Fischer-Hubner, S., Pettersson, J.S., Bergmann, M., Hansen, M., Siani Pearson & Mont, M.C. 2007, 'HCI Designs for Privacy-Enhancing Identity Management', in A. Acquisti, S. Gritzalis, C. Lambrinoudakis & S.d. Vimercati (eds), Digital Privacy:Digital Privacy: Theory, Technologies, and Practices, Auerbach, New York.
Fishbein, M. & Ajzen, I. 1975, Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research, Addison-Wesley, Reading ,MA.
Fishburn, P.C. 1968, 'Utility Theory', Management Science, vol. 14, no. 5, pp. 335-78.
Florencio, D. & Herley, C. 2007, 'A Large-Scale Study of Web Password Habits', Proceedings of the Sixteenth International Conference on the World Wide Web ACM, Banff, Alberta, Canada.
Fogel, J. & Nehmad, E. 2009, 'Internet social network communities: risk taking, trust, and privacy concerns', Computers in Human Behavior, vol. 25, no. 1, pp. 153-60.
Fornell, C. & Larcker, D.F. 1981, 'Evaluating Structural Equations with Unobservable Variables and Measurement Error', Journal of Marketing Research, vol. 18, no. 1, pp. 39-50.
Friedman, A., Crowley, P. & West, D. 2011, Online Identity and Consumer Trust:Assessing Online Risk, The Brookings Institution.
Fu, Z., Wang, J., Yang, L., Cao, Y. & Zhu, A.W. 2011, 'Open Problems for Privacy Preservation in Identity Management', Applied Mechanics and Materials, vol. 40-41, pp. 652-6.
Garcia, S.S., Oliva, A.G. & Perez-Belleboni, E. 2012, 'Is Europe Ready for a Pan-European Identity Management System?', IEEE Security & Privacy, vol. 10, no. 4, pp. 44-9.
References
306
Gebauer, J., Shaw, M.J. & Gribbins, M. 2004, 'Usage and Impact of Mobile Business Applications - An Assessment Based on the Concepts of Task/Technology Fit.', Proceedings of the Americas Conference on Information Systems, New York, NY, pp. 2801-10.
Gebauer, J., Shaw, M.J. & Gribbins, M.L. 2010, 'Task-technology fit for mobile information systems', Journal of Information Technology, vol. 25, pp. 259–72.
Gefen, D., Benbasat, I. & Pavlou, P.A. 2008, 'A research agenda for trust in online environments', Journal of Management Information Systems vol. 24, no. 4, pp. 275–86.
Gefen, D., Karahanna, E. & Straub, D.W. 2003, 'Trust and TAM in online shopping: an integrated model', MIS Quarterly, vol. 27, no. 1, pp. 51–90.
Gefen, D., Rigdon, E.E. & Straub, D. 2011, 'An Update and Extension to SEM Guidelines for Administrative and Social Science Research', MIS Quarterly, vol. 35, no. 2, pp. iii-xiv.
Gefen, D. & Straub, D. 2005, 'A practical guide to factorial validity using PLS-Graph: tutorial and annotated example', Communications of the Association for Information Systems, vol. 16, no. 5, pp. 91-109.
Gefen, D., Straub, D.W. & Boudreau, M.-C. 2000, 'Structural Equation Modeling Techniques and Regression: Guidelines for Research Practice', Communications of the Association for Information Systems, vol. 4, no. 7, pp. 1-70.
Geisser, S. 1975, 'The predictive sample reuse method with applications', Journal of the American Statistical Association, vol. 70, pp. 320-8.
Gemünden, H.G. 1985, 'Perceived risk and information search: a systematic meta-analysis of empirical evidence', International Journal of Research in Marketing, vol. 2, no. 2, pp. 79-100.
Goeritz, A.S. 2006, 'Incentives in web studies: Methodological issues and a review', International Journal of Internet Science, vol. 1, no. 1, pp. 58-70.
Goodhue, D., Littlefield, R. & Straub, D.W. 1997, 'The measurement of the impacts of the IIC on the end-users: The survey', Journal of the American Society for Information Science, vol. 48, no. 5, pp. 454–65.
Goodhue, D. & Thompson, R. 1995, 'Task-Technology Fit and Individual Performance', MIS Quarterly, vol. 19, no. 2, pp. 213-36.
Goodhue, D.L. 2007, 'Comment on Benbasat and Barli's "Quo vadis TAM" article', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 219-22.
Goodhue, D.L., Klein, B.D. & March, S.T. 2000, 'User evaluations of IS as surrogates for objective performance', Information and Management, vol. 38, no. 2, pp. 87-101.
Goodhue, D.L., Lewis, W. & Thompson, R. 2006, 'PLS, Small Sample Size, and Statistical Power in MIS Research', Proceedings of the 39th Hawaii International Conference on System Sciences.
Goodhue, D.L., Lewis, W. & Thompson, R. 2012, 'Does PLS Have Advantages for Small Sample Size or Non-Normal Data? ', MIS Quarterly vol. 36, no. 3, pp. 981-1001.
Goodhue, D.L., Wybo, M.D. & Kirsch, L.J. 1992, 'The impact of data integration on the costs and benefits of information systems', MIS Quarterly, vol. 16, no. 3, pp. 293-311.
Goodhue, L. 1995, 'Understanding user evaluations of information systems.', Management Science, vol. 41, no. 12, pp. 1827–44.
Goritz, A.S. & Wolff, H.-G. 2008, 'Individual payments as a longer-term incentive in online panels', Behavior Research Methods, vol. 40, no. 4, pp. 1144-9.
References
307
Gosling, S.D., Vazire, S., Srivastava, S. & John, O.P. 2004, 'Should We Trust Web-Based Studies?: A Comparative Analysis of Six Preconceptions About Internet Questionnaires', American Psychologist, vol. 59, no. 2, pp. 93–104.
Goth, G. 2005, 'Identity Theft Solutions Disagree on Problem', IEEE Distributed Systems Online, vol. 6, no. 8.
Greenfield, R. 2011, Hints Facebook Is Becoming a Full-On Identification Service, The Atlantic Wire, viewed 28 December 2012 <http://www.theatlanticwire.com/technology/2011/08/facial-recognition-facebook-becoming-full-identification-service/40675/>.
Greenwood, D., PDempster, A., Laird, N.M. & Rubin, D.B. 2007, 'The context for Identity Management Architectures and Trust Models', Proceedings of the OECD Workshop on Digital Identity Management, Trondheim, Norway.
Grimsley, M. & Meehan, A. 2007, ' e-Government information systems: evaluation-led design for public value and client trust.', European Journal of Information Systems, vol. 16, no. 2, pp. 134–48.
Gross, R. & Acquisti, A. 2005, 'Information Revelation and Privacy in Online Social Networks (The Facebook case)', Proceedings of ACM Workshop on Privacy in the Electronic Society (WPES), ACM, Alexandria, Virginia, USA.
Grossman, M., Aronson, J.E. & McCarthy, R.V. 2005, 'Does UML Make the Grade? Insights from the Software Development Community', Information and Software Technology, vol. 47, no. 6, pp. 383-97.
Groves, R.M., Floyd, J., Fowler, J., Couper, M.P., Lepkowski, J.M., Singer, E. & Tourengeau, R. 2004, Survey Methodology, WIley-Interscience, Hoboken, NJ.
Guadagnoli, E. & Velicer, W.F. 1988, 'Relation of sample size to the stability of component patterns', Psychological Bulletin, vol. 103, no. 2, pp. 265-75.
Guba, E.G. & Lincoln, Y.S. 1994, 'Competing paradigms in qualitative research', in N.K. Denzin & Y.S. Lincoln (eds), Handbook of qualitative research, Thousand Oaks, CA: Sage, pp. 105-17.
Gwebu, K.L. & Wang, J. 2011, 'Adoption of Open Source Software: The role of social identification', Decision Support Systems, vol. 51 no. 1, pp. 220–9.
Ha, S. & Stoel, L. 2009, 'Consumer e-shopping acceptance: Antecedents in a technology acceptance model', Journal of Business Research, vol. 62, no. 5, pp. 565–71.
Hair, J., Black, W., Babin, B. & Anderson, R. 2010, Multivariate Data Analysis – A Global Perspective, Seventh edn, Pearson Prentice Hall, New Jersey
Hair, J.F., Anderson, R.E., Tatham, R.L. & Black, W.C. 1995, Multivariate Data Analysis with Readings, 4th edn, Prentice Hall, Englewood Cliffs, NJ.
Hair, J.F., Money, A.H., Samouel, P. & Page, M. 2007, Research Methods for Business, John Wiley & Sons, Ltd.
Hair, J.F., Sarstedt, M., Ringle, C.M. & Mena, J.A. 2012, 'An assessment of the use of partial least squares structural equation modeling in marketing research', Journal of the Academy of Marketing Science, vol. 40, no. 3, pp. 414-33.
Halperin, R. 2006, 'Identity as an Emerging Field of Study', Data Protection and Data Security, vol. 30, no. 0, pp. 533-7.
Halperin, R. & Backhouse, J. 2008, ' A roadmap for research on identity in the information society', Identity in the Information Society (IDIS), vol. 1, no. 1, pp. 71–87.
References
308
Hampton, K., Goulet, L., Rainie, L. & Purcell, K. 2011, Social networking sites and our lives, Pew Internet, viewed 20 January 2013, <http://www.pewinternet.org/~/media/Files/Reports/2011/PIP_ Social networking sites and our lives.pdf>.
Hansen, M., Pfitzmann, A. & Steinbrecher, S. 2008, ' Identity management throughout one's
whole life', Information Security Technical Report vol. 13, no. 2, pp. 83–94.
Hansen, M., Berlich, P., Camenisch, J., Claub, S., Pfitzmann, A. & Waidner, M. 2004, 'Privacy-Enhancing Identity Management', Information Security Technical Report, vol. 9, no. 1, pp. 35-44.
Heijden, H.V. 2003, 'Factors influencing the usage of websites: the case of a generic portal in The Netherlands', Information & Management, vol. 40, no. 6, pp. 541–9.
Henseler, J. & Fassott, G. 2010, 'Testing moderating effects in PLS path models: an illustration of available procedures', in E. Vinzi, W.W. Chin, J. Henseler & H. Wang (eds), Handbook of partial least squares, Springer, Heidelberg.
Hinkin, T.R. 1998, 'A Brief Tutorial on the Development of Measures for Use in Survey Questionnaires', Organizational Research Methods, vol. 1, no. 1, pp. 104-21.
Hirschheim, R. 2007, 'Introduction to the special issue on “Quo Vadis TAM—issues and reflections on technology acceptance research', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 8-18.
Hirschheim, R.A. 1991, 'Information systems epistemology: an historical perspective', in R. Galliers (ed.), Information Systems Research: Issues, Methods, and Practical Guidelines, Blackwell Scientific Publications, Oxford, pp. 28-60.
Hitachi ID Systems Inc 2012, Defining Identity Management, Hitachi ID Systems, <http://hitachi-id.com/password-manager/docs/defining-enterprise-identity-management.pdf>.
Hoehle, H., Scornavacca, E. & Huff, S. 2012, ' Three decades of research on consumer adoption and utilization of electronic banking channels: A literature analysis', Decision Support Systems, vol. 54, no. 1, pp. 122–32.
Hoelter, J.W. 1983, 'The analysis of covariance structures: Goodness-of-fit indices',
Sociological Methods and Research, vol. 11, no. 3, pp. 325-44.
Hoffman, D.L., Novak, T.P. & Peralta, M. 1999, ' Building consumer trust online', Communications of the ACM, vol. 42, no. 4, pp. 80-5.
Holden, S. & Millett, L. 2005, ' Authentication, privacy, and the federal E-Government', Information Society vol. 21, no. 5, pp. 367–77.
Hong, S.-J. & Tam, K.Y. 2006, 'Understanding the Adoption of Multi-purpose Information Alliances: The Case of Mobile Data Services', Information Systems Research, vol. 17, no. 2, pp. 162-79.
Hong, W., Thong, J.Y.L., Wong, W.-m. & Tam, K.-y. 2002, 'Determinants of User Acceptance of Digital Libraries: An Empirical Examination of Individual Differences and System Characteristics', Journal of Management Information Systems vol. 18, no. 3, pp. 97–124.
Hossain, L. & deSilva, A. 2009, 'Exploring user acceptance of technology using social networks', Journal of High Technology Management Research, vol. 20 no. 1, pp. 1–18.
Hovav, A. & Berger, R. 2009, 'Tutorial: Identity Management Systems and Secured Access Control', Communications of the Association for Information Systems, vol. 25, no. 1, pp. 531-70.
References
309
Huhnlein, D., Robnagel, H. & Zibuschka, J. 2010, 'Diffusion of Federated Identity Management', Proceedings of Information Security Solutions Europe - Sicherheit, Schutz und Zuverlässigkeit (ISSE/SICHERHEIT 2010), vol. 170, ed. F.C. Freiling, GI, Berlin,Germany, pp. 25-36.
Hui, K.-L., Teo, H.H. & Lee, S.-Y.T. 2007, ' The value of privacy assurance: an exploratory field experiment. ', MIS Quarterly, vol. 31, no. 1, pp. 19–33.
Hwang, Y. & Lee, K.C. 2012, ' Investigating the moderating role of uncertainty avoidance cultural values on multidimensional online trust', Information & Management, vol. 49, no. 3-4, pp. 171–6.
Im, I., Hong, S. & Kang, M.S. 2011, 'An international comparison of technology adoption
Testing the UTAUT model', Information & Management, vol. 48, no. 1, pp. 1–8.
Im, I., Kim, Y. & Han, H.-J. 2008, 'The effects of perceived risk and technology type on users’ acceptance of technologies', Information & Management, vol. 45, no. 1, pp. 1–9.
IP, R. 2005, 'An Exploratory Study on how Weblog Technologies Fit Virtual Community Members' Social Needs', Proceedings of the Eleventh Americas Conference on Information Systems, Omaha, NE,USA, pp. 1-14.
Identity Theft Resource Center (ITRC) 2011, 2011 Data Breach Stats, Identity Theft Resource Center, viewed 18 Feb 2011 <http://www.idtheftcenter.org/ITRC%20Breach%20Stats%20Report%202011.pdf>.
Ivy, K., Conger, S. & Landry, B.J. 2010, '30P. Federated Identity Management: Why is Adoption so Low?', Proceedings of International Conference on Information Resources Management(CONF-IRM 2010), Association for Information Systems AIS Electronic Library (AISeL), Montego Bay, Jamaica, <http://aisel.aisnet.org/confirm2010/34>.
Jarvenpaa, S.L. & Tractinsky, N. 1999, 'Consumer trust in an Internet store: A cross-cultural validation', Journal of Computer Mediated Communication, vol. 5, no. 2, pp. 1-36.
Jensen, J. 2012, ' Federated Identity Management Challenges', Proceedings of Seventh International Conference on Availability, Reliability and Security, IEEE Computer Society, Prague , Czech republic, pp. 230- 5.
Jensen, J. & Jaatun, M.G. 2013, 'Federated Identity Management—We Built It; Why Won’t
They Come?', IEEE Security & Privacy, vol. 11, no. 2, pp. 34 - 41.
Jeyaraj, A., Rottman, J.W. & Lacity, M.C. 2006, 'A review of the predictors, linkages, and biases in IT innovation adoption research', Journal of Information Technology, vol. 21, no. 1, pp. 1–23.
Johnson, R.E., Rosen, C.C. & Djurdjevic, E. 2011, 'Assessing the Impact of Common Method Variance on Higher Order Multidimensional Constructs', Journal of Applied Psychology, vol. 96, no. 4, pp. 744–61.
Jones, A.B. & Hubona, G.S. 2005, 'Individual differences and usage behavior: revisiting a technology acceptance model assumption', The Data Base for Advances in Information Systems, vol. 33, no. 2, pp. 58-77.
Josang, A., Al-Zomai, M. & Suriadi, S. 2007b, 'Usability and Privacy in Identity Management Architectures', Proceedings of the Fifth Australasian Fymposium on ACSW Frontiers, Australian Computer Society, Ballarat, Australia pp. 143-52.
Josang, A. & Pope, S. 2005, 'User centric identity management', Proceedings of Asia Pacific Information Technology Security Conference (AusCERT), Gold Coast, Australia, pp. 77–89.
Junglas, I.A., Abraham, C. & Watson, R.T. 2008, 'Task-technology fit for mobile locatable information systems', Decision Support Systems, vol. 45, no. 4, pp. 1046-57.
References
310
Junglas, I.A., Johnson, N.A. & Spitzmuller, C. 2008, 'Personality traits and concern for privacy:an empirical study in the context of location-based services', European Journal of Information Systems vol. 17, no. 4, pp. 387–402.
Junglas, L. & Watson, R. 2003, ' U-commerce: A conceptual extensions of e-commerce and m commerce', Proceedings of the twenty fourth International Conference on Information Systems, Seattle, WA, pp. 14-7.
Kahneman, D. & Tversky, A. 1979, 'Prospect Theory: An Analysis of Decision under Risk', Econometrica, vol. 47, no. 2, pp. 263-92.
Kaplan, B. & Duchon, D. 1988, 'Combining qualitative and quantitative methods in information systems research: a case study', MIS Quarterly, vol. 12, no. 4, pp. 570 - 86.
Karahanna, E., Straub, D.W. & Chervany, N.L. 1999, 'Information Technology Adoption Across Time: A Cross-Sectional Comparison of Pre-Adoption and Post-Adoption Beliefs', MIS Quarterly, vol. 23, no. 2, pp. 183-213.
Karch, E. 2011, Identity Management: A System Engineering Survey of Concepts and Analytical Approaches, Karchworld Identity viewed 31 August 2011 <http://blogs.msdn.com/b/karchworld_identity/archive/2011/04/02/identity-management-a-system-engineering-survey-of-concepts-and-analytical-approaches.aspx>.
Kerlinger, F.N. 1973, Foundations of Behavioral Research, 2nd edn, Holt McDougal, New York.
Kim, C., Galliers, R.D., Shin, N., Ryoo, J.-H. & Kim, J. 2012, 'Factors influencing Internet shopping value and customer repurchase intention', Electronic Commerce Research and Applications, vol. 11, no. 4, pp. 374–87.
Kim, H.-W., Xu, Y. & Gupta, S. 2012, 'Which is more important in Internet shopping, perceived price or trust?', Electronic Commerce Research and Applications, vol. 11, no. 3, pp. 241–52.
Kim, H.-W., Zheng, J.R. & Gupta, S. 2011, 'Examining knowledge contribution from the
perspective of an online identity in blogging communities', Computers in Human Behavior, vol. 27, no. 5, pp. 1760–70.
Kim, S.H. 2008, 'Moderating effects of Job Relevance and Experience on mobile wireless technology acceptance: Adoption of a smartphone by previous individuals', Information & Management, vol. 45, no. 6, pp. 387-93
King, W.R. & He, J. 2006, 'A meta-analysis of the technology acceptance model', Information & Management, vol. 43, no. 6, pp. 740–55.
Kitchenham, B.A. 2004, Procedures for Undertaking Systematic Reviews, Joint Technical Report Computer Science Department, Keele University
Kitchenham, B.A., Budgen, D. & Brereton, O.P. 2011, 'Using mapping studies as the basis for further research – A participant-observer case study', Information and Software Technology, vol. 53, no. 6, pp. 638–51.
Klonglan, G.E. & Coward, E.W.J. 1970, 'The Concept of Symbolic Adoption: A Suggested Interpretation', Rural Sociology, vol. 35, no. 1, pp. 77-83.
Klopping, I.M. & McKiney, E. 2004, 'Extending the Technology Acceptance Model and the Task-Technology Fit Model to Consumer E-Commerce', Information Technology, Learning, and Performance Journal, vol. 22, no. 1, pp. 35-48.
Koch, M. 2002, ' Global identity management to boost personalization', Proceedings of the Ninth Research Symptom on Emerging Electronic Markets, eds P. Schubert & U. Leimstoll, Basel,Switzerland, pp. 137–47.
References
311
Koch, M. & Woerndl, W. 2001, 'Community Support and Identity Management', Proceedings of the European Conference on Computer Supported Cooperative Work, Bonn, Germany.
Koh, C.E. & Nam, K.T. 2005, 'Business use of the internet: a longitudinal study from a value chain perspective', Industrial Management & Data Systems, vol. 105, no. 1, pp. 85-95.
Komiak, S.Y.X. & Benbasat, I. 2006, 'The Effects of Personalization and FamiIliarity on Trust and Adoption of Recommendation Agents', MIS Quarterly, vol. 30, no. 4, pp. 941-60.
Koops, B. & Leenes, R. 2006, 'Identity Theft, Identity Fraud and/or Identity-Related Crime', Data Protection and Data Security, vol. 30, no. 9, pp. 553-9.
Kosta, E., Dumortier, J., Ribbers, P., Fairchild, A., Tseng, J.S. & Liesebach, K. 2008, Requirements for privacy enhancing tools, PRIME Consortium.
Koufaris, M. & Hampton-Sosa, W. 2004, 'The development of initial trust in an online company by new customers', Information & Management, vol. 41, pp. 377–97.
Kuechler, W. & Vaishnavi, V. 2012, 'A framework for theory development in design science research: multiple perspectives', Journal of the Association for Information Systems, vol. 13, no. 6, pp. 395–423.
Kumar, N., Mohan, K. & Holowczak, R. 2008, 'Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls', Decision Support Systems vol. 46, no. 1, pp. 254–64.
Kwon, O. & Wen, Y. 2010, 'An empirical study of the factors affecting social network service use', Computers in Human Behavior vol. 26 no. 2, pp. 254–63.
Kwon, T.H. & Zmud, R.W. 1987, 'Unifying the Fragmented Models of Information Systems Implementation', in R.J. Boland & R.A. Hirschheim (eds), Critical Issues in Information Systems Research, John Wiley & Sons, New York, pp. 227–51.
Landau, S., Gong, H.L. & Wilton, R. 2009, 'Achieving privacy in a federated identity management system', in R. Dingledine & P. Golle (eds), Financial Cryptography, vol. 5628 of Lecture Notes in Computer Science, Springer, pp. 51-70.
Landau, S. & Moore, T. 2012, 'Economic tussles in federated identity management', First Monday, vol. 17, no. 10.
Laudon, K. & Traver, C. 2001, E-commerce. Business, technology, society, 5th edn, Pearson Prentice Hall, Upper Saddle River, NJ.
Lee, C., Cheng, H.K. & Cheng, H. 2007, 'An Empirical Study of Mobile Commerce in Insurance Industry: Task-Technology Fit and Individual Differences', Decision Support Systems, vol. 43, pp. 95-110.
Lee, C.H. & Cranage, D.A. 2010, 'Personalisatione privacy paradox: The effects of personalisation and privacy assurance on customer responses to travel Web sites', Tourism Management vol. 32, no. 5, p. 18.
Lee, H., Jeun, I. & Jung, H. 2009, 'Criteria for evaluating the privacy protection level of Identity Management Services', Proceedings of the Third International Conference on Emerging Security Information, Systems and Technologies(SECURWARE 2009), IEEE, Athens/Glyfada, Greece, pp. 150-60.
Lee, I., Choi, B., Kim, J. & Hong, S.J. 2007a, 'Culture-technology fit: effects of cultural characteristics on the post-adoption beliefs of mobile Internet users', International Journal of Electronic Commerce, vol. 11, no. 4, pp. 11–51.
Lee, K., Kang, I. & Kim, J. 2007, 'Exploring the user interface of negotiation support systems from the user acceptance perspective', Computers in Human Behavior, vol. 23 no. 5, pp. 220-39.
References
312
Lee, M. 2009a, 'Factors influencing the adoption of internet banking: An integration of TAM and TPB with perceived risk and perceived benefit', Electronic Commerce Research and Applications, vol. 8, no. 3, pp. 130-41.
Lee, M. 2009b, 'Predicting and explaining the adoption of online trading: An empirical study in Taiwan', Decision Support Systems vol. 47, no. 2, pp. 133–42.
Lee, S.C. 2003, An Introduction to Identity Management, SANS Institute InfoSec Reading Room.
Lee, S.M., Park, S.H., Yoon, S.N. & Yeon, S.J. 2007b, 'RFID based ubiquitous commerce and consumer trust', Industrial Management & Data Systems, vol. 107, no. 5, pp. 605-17.
Lee, Y., Kozar, K.A. & Larsen, K.R.T. 2003, 'The Technology Acceptance Model: Past, Present, and Future', Communications of the Association for Information Systems, vol. 12, no. 1, pp. 752-80.
Lee, Y., Lee, J. & Lee, Z. 2006, 'Social Influence on Technology Acceptance Behavior: Self-Identity Theory Perspective', The DATA BASE for Advances in Information Systems, vol. 37, no. 2/3, pp. 61-75.
Lee, Y.-K., Park, J.-H., Chung, N. & Blakeney, A. 2012, 'A unified perspective on the factors influencing usage intention toward mobile financial services', Journal of Business Research, vol. 65, no. 11, pp. 1590–9.
Legris, P., Ingham, J. & Collerette, P. 2003, 'Why do people use information technology? A
critical review of the technology acceptance model ', Information & Management, vol. 40, no. 3, pp. 191-204.
Leskinen, J. 2012, 'Evaluation Criteria for Future Identity Management', Proceedings of IEEE eleventh th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool ,UK pp. 801 - 6.
Lessa, L., Negash, S. & Donald, A.L. 2011, 'Acceptance of WoredaNet E-Government Services
in Ethiopia:Applying the UTAUT Model', Proceedings of the Seventeenth Americas Conference on Information Systems(AMCIS2011), Detroit,USA.
Lewicki, R., McAllister, D. & Bies, R. 1998, 'Trust and Distrust: New Relationships and Realities', Academy of Management Review, vol. 23, pp. 438-58.
Li, Y. 2012, ' Theories in online information privacy research: A critical review and an integrated framework', Decision Support Systems, vol. 54, no. 1, pp. 471–81.
Li, H., Sarathy, R. & Xu, H. 2010, 'Understanding situational online information disclosure as a
privacy calculus', Journal of Computer Information Systems, vol. 51, no. 1, pp. 62-71.
Li, X., Hess, T.J. & Valacich, J.S. 2008, 'Why do we trust new technology? A study of initial trust formation with organizational information systems', Journal of Strategic Information Systems, vol. 17, pp. 39–71.
Li, Y.-H. & Huang, J.-W. 2009, 'Applying Theory of Perceived Risk and Technology Acceptance Model in the Online Shopping Channel', World Academy of Science, Engineering and Technology, vol. 53 pp. 919-25.
Liang, H., Saraf, N., Hu, Q. & Xue, Y. 2007, 'Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management', MIS Quarterly, vol. 31, no. 1, pp. 59-87.
Liao, C., Chen, J.-L. & Yen, D. 2007, 'Theory of planning behavior (TPB) and customer satisfaction in the continued use of e-service: An integrated model', Computers in Human Behavior, vol. 23 no. 6, pp. 2804–22.
References
313
Liao, C., Liu, C.-C. & Chen, K. 2011, 'Examining the impact of privacy, trust and risk perceptions beyond monetary transactions: An integrated model', Electronic Commerce Research and Applications, vol. 10, no. 6, pp. 702-15.
Liaw, S.S., Chang, W.C., Hung, H.W. & Huang, H.M. 2006, 'Attitudes toward search engines as a learning assisted tool: approach of Liaw and Huang’s research model', Computers in Human Behavior, vol. 22, no. 2, pp. 177-90.
Liebenau, J. & Backhouse, J. 1990, Understanding Information: An Introduction., Macmillan, London.
Lindell, M. & Whitney, D. 2001, 'Accounting for Common Method Variance in Cross-Sectional Research Designs', Journal of Applied Psychology, vol. 86, no. 1, pp. 114-21.
Lingyun, Q. & Dong, L. 2008, 'Applying TAM in B2C E-Commerce Research:An Extended Model', Tsinghua Science & Technology, vol. 13, no. 3, pp. 265-72.
LinkedIn 2012, LinkedIn Global Demographics and Statistics January 2012, The Undercover Recruiter, viewed 1 October 2012 < http://theundercoverrecruiter.com/linkedin-demographics-and-statistics-2012-slides/>.
Lips, M. & Pang, C. 2008, Identity Management in Information Age Government Exploring Concepts, Definitions, Approaches and Solutions, Technical Report of the Victoria University of Wellington.
Littler, D. & Melanthiou, D. 2006, 'Consumer perceptions of risk and uncertainty and the implications for behavior towards innovative retail services: the case of Internet banking', Journal of Retailing and Consumer Services, vol. 13, no. 6, pp. 431–43.
Liu, C., J.T. Marchewka, Lu, J. & Yu, C.S. 2005, 'Beyond concern-a privacy-trust-behavioral intention model of electronic commerce', Information & Management, vol. 42, no. 2, pp. 289-304.
Liu, K. 2000, Semiotics in Information Systems Engineering, Cambridge University Press, Cambridge.
Lo, J. 2010, 'Privacy Concern, Locus of Control, and Salience in a Trust-Risk Model of Information Disclosure on Social Networking Sites', Proceedings of the Sixteenth Americas Conference on Information Systems (AMCIS2010), Lima, Peru.
Lohmoller, J.B. 1989, Latent Path Modeling with Partial Least Squares, Physica-Verlag, Heidelberg.
Lowry, P.B., Cao, J. & Everard, A. 2011, 'Privacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: the case of instant messaging in two cultures', Journal of Management Information Systems, vol. 27, no. 4, pp. 165–204.
Lu, J., Yao, J.E. & Yu, C.-S. 2005, 'Personal innovativeness, social influences and adoption of wireless Internet services via mobile technology', Journal of Strategic Information Systems, vol. 14, no. 3, pp. 245–68.
Ludwig, H.J. 2010, Australian Privacy Principles Companion Guide, Australian Government. Luo, X. 2002, 'Trust production and privacy concerns on the Internet A framework based on
relationship marketing and social exchange theory', Industrial Marketing Management, vol. 31, no. 2, pp. 111-8.
Luo, X., Li, H., Zhang, J. & Shim, J.P. 2010, 'Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services', Decision Support Systems, vol. 49, no. 2, pp. 222-34.
References
314
MacKenzie, S.B., Podsakoff, P.M. & Jarvis, C.B. 2005, 'The problem of measurement model misspecification in behavioral and organizational research and some recommended solutions', Journal of Applied Psychology, vol. 90, no. 4, pp. 710-30.
MacKenzie, S.B., Podsakoff, P.M. & Podsakoff, N.P. 2011, 'Construct Measurement and Validation Procedures in MIS and Behavioral Research: Integrating New and Existing Techniques ', MIS Quarterly, vol. 35, no. 2, pp. 293-334.
Maler, E. & Reed, D. 2008, ' The Venn of identity - options and issues in federated identity management', IEEE Security & Privacy, vol. 6, no. 2, pp. 16-23.
Malhotra, N.K., Kim, S.S. & Agarwal, J. 2004, ' Internet Users' Information Privacy Concerns (IUIPC): the construct, the scale, and a causal model', Information Systems Research, vol. 15, no. 4, pp. 336–55.
Malhotra, N.K., Kim, S.S. & Patil, A. 2006, 'Common Method Variance in Is Research: A Comparison of Alternative Approaches and aReanalysis of past Research', Management Science, vol. 52, no. 12, pp. 1865-83.
Malhotra, Y. & Galletta, D.F. 1999, 'Extending the Technology Acceptance Model to Account for Social Influence: Theoretical Bases and Empirical Validation', Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences, vol. 1, IEEE Computer Society Washington, DC, USA.
Malhotra, Y. & Galletta, D.F. 2005, 'A multidimensional commitment model of volitional systems adoption and usage behavior', Journal of Management Information Systems, vol. 22, no. 1, pp. 117-51.
Mallat, N. 2007, 'Exploring consumer adoption of mobile payments – A qualitative study', Journal of Strategic Information Systems, vol. 16, no. 4, pp. 413–32.
March, S.T. & Smith, G.F. 1995, 'Design and natural science research on information technology', Decision Support Systems, vol. 15, no. 4, pp. 251-66.
Marcoulides, G.A., Chin, W.W. & Saunders, C. 2009, 'A Critical Look ar Partial Least Squares Modeling', MIS Quarterly, vol. 33, no. 1, pp. 171-5.
Marmol, F.G., Girao, J. & Perez, G.M. 2010, 'TRIMS, a privacy-aware trust and reputation model for identity management systems', Computer Networks, vol. 54, no. 16, pp. 2899–912.
Marsh, H.M., Muthen, B., Asparouhov, A., Lüdtke, O., Robitzsch, A., A, A., Morin & Trautwein, U. 2009, 'Exploratory Structural Equation Modeling, Integrating CFA and EFA: Application to Students’ Evaluations of University Teaching', Structural Equation Modeling, vol. 16, pp. 439-76.
Mayer, R., Davis, J. & Schoorman, D. 1995, 'An integrative model of organizational trust', Academic of Management Review, vol. 20, no. 3, pp. 709-34.
McCoy, S., Galletta, D.F. & King, W.R. 2007, ' Applying TAM across cultures: the need for caution', European Journal of Information Systems, vol. 16, no. 1, pp. 81–90.
McKnight, D.H. 2005, 'Trust in Information Technology', in G.B. Davis (ed.), The Blackwell Encyclopedia of Managemen Information Systems, vol. 7, Blackwell, Malden, MA, pp. 329-31.
McKnight, D.H., Choudhury, V. & Kacmar, C. 2002, 'Developing and Validating Trust Measures for e-Commerce: An Integrative Typology', Information Systems Research, vol. 13, no. 3, pp. 334–59.
McKnight, D.H., Cummings, L.L. & Chervany, N.L. 1998, 'Initial Trust Formation in New Organizational Relationships', The Academy of Management Review, vol. 23, no. 3, pp. 473-90.
References
315
McLaughlin, M., Briscoe, G. & Malone, P. 2010, 'Digital Identity in The Absence of Authorities: A New Socio-Technical Approach', The Computing Research Repository, vol. 1011.
McLaughlin, M., Malone, P. & Jennings, B. 2009, 'A Model for Identity in Digital Ecosystems', Proceedings of the Third IEEE International Conference on Digital Ecosystems and Technologies, Istanbul, Turkey, pp. 295-30.
Meints, M. 2009, D3.17: Identity management systems – recent developments, FIDIS, viewed 4 April 2011 <http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables3/fidis-wp3-del3.17_Identity_Management_Systems-recent_developments-final.pdf>.
Melone, N. 1990, 'A Theoretical Assessmenot f the User-Satisfaction Construct in Information Systems Research', Management Science, vol. 36, no. 1, pp. 76-91.
Mercator Advisory Group (MAG) 2011, Trekking to Find the Holy Grail: E-Commerce Identity and Authentication ,Special Report in Collaboration with the Merchant Risk Council, Mercator Advisory Group.
Metzger, M.J. 2004, 'Privacy, Trust, and Disclosure: Exploring Barriers to Electronic Commerce', Journal of Computer-Mediated Communication, vol. 9, no. 4.
miiCard 2011, NSITIC's proposals-Key to mass adoption of a Online Identity ?, miiCard, viewed 20 January 2013 <http://www.miicard.com/blog/201105/nstics-proposals-key-mass-adoption-online-identity>.
Mingers, J. 2001, 'Combining IS Research Methods: Towards a Pluralist Methodology', Information Systems Research, vol. 12, no. 3, pp. 240-59.
Miyata, T., Koga, Y., Adachi, S.-I., Tsuchiya, Y., Sakamoto, Y. & Takahashi, K. 2006, ' A survey on identity management protocols and standards ', IEICE Transactions on Information and Systems, vol. E89-D, no. 1, pp. 112–23.
Mont, M.C., Bramhall, P. & Pato, J. 2003, On Adaptive Identity Management: The Next Generation of Identity Management Technologies, HP Laboratories Bristol.
Moon, J.W. & Kim, Y.G. 2001, 'ExtendingtheTAMforaWorld-Wide-Web context', Information & Management, vol. 38, no. 4, pp. 217–30.
Moore, G. & Benbasat, I. 1991, 'Development of an Instrument to Measure perceptions of Adopting an Information Technology Innovation', Information Systems Research, vol. 2, no. 3, pp. 192–222.
Moore, K. & McElroy, J.C. 2012, 'The influence of personality on Facebook usage, wall postings, and regret', Computers in Human Behavior, vol. 28, no. 1, pp. 267–74.
Morris, M.G., Venkatesh, V. & Ackerman, P.L. 2005, 'Gender and Age Differences in Employee Decisions about New Technology: An Extension to the Theory of Planned Behavior', IEEE Transactions on Engineering Management, vol. 52, no. 1, pp. 69-84.
Munkwitz-Smith, J.V. & West, A. 2004, 'Identity and access Management:Technological and Implementatio of Policy', College and University Journal, vol. 80, no. 2, pp. 27-31.
Murthy, U.S. & Kerr, D.S. 2000, 'Task/Technology Fit and the Effectiveness of Group Support Systems: Evidence in the Context of Tasks Requiring Domain Specific Knowledge', Proceedings of the Thirty-third Hawaii International Conference on System Sciences(HICSS), Hawai,USA, pp. 1-10.
Myers, M. & Newman, M. 2007, 'The qualitative interview in IS research:Examining the craft', Information and Organization, vol. 17, no. 1, pp. 2–26.
References
316
Nance, W.D. & Straub, D.W. 1996, ' An Investigation of Task/Technology Fit and Information Technology Choices in Knowledge Work', Journal of Information Technology Management, vol. 7, no. 3/4, pp. 1-14.
Nass, C. & Moon, Y. 2000, 'Machines and mindlessness: social responses to computers', Journal of Social Issues, vol. 56, no. 1, pp. 81–103.
Nass, C., Moon, Y., Fogg, B.J., Reeves, B. & Dryer, D.C. 1995, 'Can computer personalities be human personalities? ', International Journal of Human–Computer Studies, vol. 43, no. 2, pp. 223–39.
Netemeyer, R.G., Bearden, W.O. & Sharma, S. 2003, Scaling Procedures: Issues and Applications, Thousand Oaks, Sage Publications, CA.
Neuman, W.L. 2003, Social Research Methods – Qualitative and Quantitative Approaches, Allyn and Bacon., Boston.
Nickerson, C. 2008, 'Towards the Creation of Appropriate Teaching Materials for High Proficiency ESL Learners: The Case of Indian Management Students', The Electronic Journal for English as a Second Language, vol. 12, no. 13.
Nickerson, J.V. & zurMuehlen, M. 2006, 'The Ecology of Standards Processes: Insights from Internet Standard Making', MIS Quarterly, vol. 30, no. 5, pp. 467-88.
Nielson 2007, 875MM Consumers Have Shopped Online - Up 40% in Two Years, Nelson, viewed 22 August 2012 <http://www.marketingcharts.com/direct/875mm-consumers-have-shopped-online-up-40-in-two-years-3225/>.
Nielson 2011, Social Media Influence on Consumer Behavior 2011 Statistics, viewed 15 September 2012 <http://blog.nielsen.com/nielsenwire/social/>.
Norberg, P.A., Horne, D.R. & David, T.A. 2007, 'The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors', the Journal of Consumer Affairs, vol. 41, no. 1, p. 100.
Nunnally, J.C. & Bernstein, I.H. 1994, Psychometric Theory, 3rd edn, McGraw-Hill, New York.
OASIS 2005, 'Working Draft Version 04, An Introduction to XRIs', pp. 1-25, viewed 25 October 2012, <https://www.oasis-open.org/committees/download.php/11857/xri-intro-V2.0-wd-04.pdf>.
O'Brien, L., Merson, P. & Bass, L. 2007, 'Quality attributes for service-oriented architectures', Proceedings of The international Workshop on Systems Development in SOA Environments ,IEEE Computer and Society ,Washington, DC, USA.
OECD 2011, ‘National Strategies and Policies for Digital Identity Management in OECD Countries’, OECD Digital Economy Papers, No. 177, OECD Publishing, viewed 11 June 2012, <http://dx.doi.org/10.1787/5kgdzvn5rfs2-en>.
Oliveira, T. & Martins, M.F. 2011, 'Literature Review of Information Technology Adoption Models at Firm Level', The Electronic Journal Information Systems Evaluation, vol. 14, no. 1, pp. 110-21.
Oliver, R.L., Balakrishnan, P.V.S. & Barry, B. 1994, 'Outcome Satisfaction in Negotiation: A Test of Expectancy Disconfirmation', Organizational Behavior and Human Decision Processes, vol. 60, no. 2, pp. 252-75.
Olson, M. 2011, Research Study: Consumer Perceptions of Online Registration and Social Sign-in, Janrain, viewed 11 January 2013 <http://janrain.com/blog/research-study-consumer-perceptions-online-registration-and-social-sign/>.
References
317
Orlikowski, W.J. & Lacono, C.S. 2001, 'Research commentary: Desperately seeking the "IT" in IT research - A call to theorizing the IT artifact', Information Systems Research, vol. 12, no. 2, pp. 121-34.
Ostergaard, S.D. & Hvass, M. 2008, 'eGovernment 2.0 –How can Government benefit from web 2.0?', Journal of Systemics,Cybernetics and Informatics, vol. 6, no. 6, pp. 13–8.
Ouellette, J.A. & Wood, W. 1998, 'Habit and intention in everyday life: The multiple processes by which past behavior predicts future behavior', Psychological Bulletin, vol. 124, pp. 54-74.
Pavlou, P. & Gafen, D. 2004, 'Building effective online marketplaces with institution-based trust', Information Systems Research, vol. 15, no. 1, pp. 37–59.
Pavlou, P. & Gefen, D. 2005, 'Psychological contract violation in online marketplaces: Antecedents, consequences, and moderating role', Information Systems Research, vol. 16, no. 4, pp. 372-99.
Pavlou, P.A. 2003, 'Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model', International Journal of Electronic Commerce, vol. 7, no. 3, pp. 101-34.
Petronio, S. 2000, The boundaries of privacy: Praxis of everyday life, in S. Petronio (ed.), Balancing the secrets of private disclosures, Lawrence Erlbaum, Mahwah, NJ, pp. 37-49.
Petter, S., Straub, D. & Rai, A. 2007, 'Specifying Formative Constructs in Information Systems Research', MIS Quarterly, vol. 31, no. 4, pp. 623-56.
Petticrew, M. & Roberts, H. 2006, Systematic Reviews in the Social Sciences: A Practical Guide, Blackwell Publishing.
Pfitzmann, A. & Hansen, M. 2010, 'A terminology for talking about privacy by data minimization:Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management', viewed 2 Febraury 2012, <http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf>.
Pinsonneault, A. & Kraemer, K.L. 1993, 'Survey research methodology in management information systems: an assessment', Journal of Management Information Systems, vol. 10, no. 2, pp. 75-105.
Podsakoff, P.M., MacKenzie, S.B. & Lee, J.-Y. 2003, 'Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies', Journal of Applied Psychology, vol. 88, no. 5, pp. 879–903.
Poetzsch, S., Meints, M., Priem, B., Leenes, R. & Husseiki, R. 2009, D3.12: Federated Identity Management – what’s in it for the citizen/customer?, FIDIS, viewed 18 August 2010 <http://www.fidis.net/fileadmin/fidis/deliverables/new_deliverables/fidis-wp3del3.12.Federated_Identity_Management.pdf>.
Power, R. 2011, Face recognition and social media meet in the shadows, Network World, viewed 28 June 2012 <http://www.networkworld.com/news/2011/080111-face-recognition-and-social-media.html?page=2>.
Presser, S. & Blair, J. 1994, 'Survey pretesting: Do different methods produce different results?', in P.V. Marsden (ed.), Sociological Methodology, vol. 24, Sage, Beverly Hills, CA, pp. 73-104.
Presser, S., Couper, M.P., Lessler, J.T., Martin, E., Martin, J., Rothgeb, J.M. & Singer, E. 2004, 'Methods for Testing and Evaluating Survey Questions', Public Opinion Quarterly, vol. 68, no. 1, pp. 109-30.
References
318
Pring, C. 2012a, 100 social media statistics for 2012, The Social Skinny, viewed 22 November 2012 2012, <http://thesocialskinny.com/100-social-media-statistics-for-2012/>.
Pring, C. 2012b, 216 Social Media and Internet Statistics (September 2012), The Social Skinny, viewed 15 November 2012, < http://thesocialskinny.com/216-social-media-and-internet-statistics-september-2012/>.
Privacy Law 2012, Key Differences Between the Information Privacy Principles and the Australian PrivacyPrinciples, Maddocks, viewed 2 July 2013, <http://www.maddocks.com.au/uploads/articles/the-australian-privacy-principles-what-do-these-changes-mean-for-agencies.pdf>.
Qureshi, I. & Compeau, D. 2009, 'Assessing Between Group Differences in Information Systems Research: a comparision of covariance- and component-based SEM', MIS Quarterly, vol. 15, no. 3.
Ramirez, C. 2002, 'Strategies for Subject Matter Expert Review in Questionnaire Design', Proceedings of the Questionnaire Design, Evaluation and Testing Conference, Charleston, USA.
Recker, J. & Rosemann, M. 2010, 'A Measurement Instrument for Process Modeling Research :Development, test and procedural model', Scandinavian Journal of Information Systems, vol. 22, no. 2, pp. 3–30.
Richardson, H.A., Simmering, M.J. & Sturman, M.C. 2009, 'A Tale of Three Perspectives: Examining Post Hoc Statisical Techniques for Detection and Correction of Common Method Variance,' Organizational Research Methods vol. 12, no. 4, pp. 762-800.
Rindfleisch, A., Malter, A.J., Ganesan, S. & Moorman, C. 2008, 'Cross-Sectional Versus Longitudinal Survey Research: Concepts, Findings, and Guidelines', Journal of Marketing Research, vol. 45, no. 3, pp. 261-79.
Ringle, C., Wende, S. & Will, A. 2005, Smart PLS 2.0 (beta), University of Hamburg, <http://www.smartpls.de>.
Rogers, E.M. 1983, Diffusion of Innovations, The Free Press., New York.
Rogers, E.M. 1995 Diffusion of Innovations, The Free Press, New York.
Rogers, E.M. 2003, Diffusion of Innovations, 5th Edition, Simon and Schuster.
Rossudowski, A.M., Venter, H.S., Eloff, J.H.P. & Kourie, D.G. 2010, 'A security privacy aware architecture and protocol for a single smart card used for multiple services', Computers & Security, vol. 29, no. 4, pp. 393 – 409.
Rossvoll, T. & Fritsch, L. 2013, 'Reducing the User Burden of Identity Management:A Prototype Based Case Study for a Social-Media Payment Application', Proceedings of the Sixth International Conference on Advances in Computer-Human Interactions(ACHI 2013 ), Nice, France.
Rothman, K., Mikkelsen, E., Riis, A., Sorensen, H., Wise, L. & Hatch, E. 2009, 'Randomized
trial of questionnaire length', Epidemiology, vol. 20, no. 1, p. 154.
Rountree, D. 2012, Federated Identity Primer, Newnes, Boston. Roussos, G., Peterson, D. & Patel, U. 2003, ' Mobile identity management: an enacted view',
International Journal of Electronic Commerce, vol. 8, no. 1, pp. 81-100.
Sabena, F., Dehghantanha, A. & Seddon , A.P. 2010, 'A Review of Vulnerabilities in Identity Management using Biometrics', Proceedings of The Second International Conference on Future Networks, IEEE Computer & Society, Sanya, Hainan,China.
References
319
Saeed, K. 2011, 'Understanding the Adoption of Mobile Banking Services: An Empirical Assessment', Proceedings of the Seventeenth Americas Conference on Information Systems(AMCIS), Detroit,USA.
Sarantakos, S. 2005, Social Research, 3rd edn, Palgrave Macmillan, Melbourne.
Satchell, C., Shanks, G., Howard, S. & Murphy, J. 2006, 'Knowing me – knowing you. End user perceptions of digital identity management systems', Proceedings of the Fourteenth European Conference on Information System(ECIS), Göteborg, Sweden.
Satchell, C., Shanks, G., Howard, S. & Murphy, J. 2011, 'Identity crisis: user perspectives on multiplicity and control in federated identity management', Behaviour & Information Technology, vol. 30, no. 1, pp. 51-62.
Schierz, P., Schilke, O. & Wirtz, B. 2010, 'Understanding consumer acceptance of mobile payment services: An empirical analysis', Electronic Commerce Research and Applications, vol. 9, no. 3, pp. 209–16.
Schilke, O. & Wirtz, B.W. 2012, 'Consumer acceptance of service bundles: An empirical investigation in the context of broadband triple play', Information & Management, vol. 49, no. 2, pp. 81-8.
Schmidt, W.C. 1997, 'World-Wide Web survey research: Benefits, potential problems, and
solutions', Behavior Research Methods, Instruments, & Computers, vol. 29, no. 2, pp. 274–9.
Schreuder, H.T., Gregoire, T.G. & Weyer, J.P. 2001, 'For What Applications Can Probability and Non-Probability Sampling Be Used?', Environmental Monitoring and Assessment, vol. 66, no. 3, pp. 281-91
Scudder, J. & Josang, A. 2010, 'Identity dashboard systemand architecture', Proceedings of the Second IFIP WG 11.6 Working Conference on Policies & Research in Identity Management (IDMAN’10), Oslo, Norway.
Seddon, P.B. 1997, 'A respecification and extension of the DeLone and McLean model of success', Information Systems Research, vol. 8, no. 30, pp. 240–53.
Seltsikas, P. 2009, 'Managing Identities: from government e-commerce to national security', working paper series.
Seltsikas, P. & O’Keefe, R.M. 2010, 'Expectations and outcomes in electronic identity management: the role of trust and public value', European Journal of Information Systems, vol. 19, no. 1, pp. 93–103.
Seneler, C.O., Basoglu, N. & Daim, T.U. 2010, 'An empirical analysis of the antecedents of adoption of online services', Journal of Enterprise Information Management, vol. 23, no. 4, pp. 417-38.
Shadish, W.R., Cook, T.D. & Campbell, D.T. 2002, Experimental and Quasi-Experimental Designs for Generalized Causal Inference, Houghton Mifflin Company, Boston
Shang, R.-A., Chen, Y.-C. & Chen, C.-M. 2007, 'Why People Blog? An Empirical Investigations of the Task Technology Fit Model', Proceedings of the Eleventh Pacific Asia Conference on Information Systems (PACIS), Auckland, New Zealand.
Sharma, R., Yetton, P. & Crawford, J. 2009, 'Estimating the effect of common method variance: the method-method pair technique with an illustration from TAM research', MIS Quarterly, vol. 33, no. 3, pp. 473-90.
Shaw, J. 2008, Enterprise Single Sign-On :The Holy Grail of Computing, Quest software, viewed 5 February 2013 <http://i.zdnet.com/whitepapers/QuestSoftware_ESSO_HolyGrail.pdf>.
References
320
Sheng, H., Nah, F. & Siau, K. 2008, 'An Experimental Study on Ubiquitous commerce Adoption: Impact of Personalization and Privacy Concerns', Journal of the Association for Information Systems, vol. 9, no. 6, pp. 344-76.
Sherman, E. 2010, Apple and Other Tech Firms Must Fix Customer Security Glitches, viewed 22 Februrary 2012 <http://www.bnet.com/blog/technology-business/apple-and-other-tech-firms-must-fix-customer-security-glitches/4382>.
Shiau, W.-L. & Luo, M.M. 2012, 'Factors affecting online group buying intention and satisfaction: A social exchange theory perspective', Computers in Human Behavior, vol. 28, no. 6, pp. 2431–44.
Shin, D.H. 2010, 'The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption', Interacting with Computers, vol. 22, no. 5, pp. 428–38.
Sibona, C. & Walczak, S. 2012, 'Purposive Sampling on Twitter: A Case Study', Proceedings of the Fourty-fifth Hawaii International Conference on System Sciences(HICSS), Hawaii,USA.
Siegel, D. 2009, Pull: The Power of the Semantic Web to Transform Your Business, Portfolio.
Sitkin, S.B. & Weingart, L.R. 1995, 'Determinants of Risky Decision-Making Behavior: A Test of the Mediating Role of Risk Perceptions and Propensity', Academy of Management Journal, vol. 38, no. 6, pp. 1573-92.
Sivo, S.A., Saunders, C., Chang, Q. & Jiang, J.J. 2006, 'How Low Should You Go? Low Response Rates and the Validity of Inference in IS Questionnaire Research', Journal of the Association for Information Systems, vol. 7, no. 6, pp. 361-414.
Smedinghoff, T.J. 2012, 'Solving the legal challenges of trustworthy online identity', Computer Law & Security Review, vol. 28, no. 5, pp. 532–41.
Smith, D. 2008, 'The challenge of federated identity management', Network Security, pp. 1-9.
Smith, H.J., Milberg, S.J. & Burke, S.J. 1996, 'Information privacy: measuring individuals' concerns about organizational practices', MIS Quarterly, vol. 20, no. 2, pp. 167-96.
Socialbakers 2013a, Facebook Statistics by country, Socialbakers, viewed 22 March 2013, < http://www.socialbakers.com/facebook-statistics/>.
Socialbakers 2013b, LinkedIn Statistics, Socialbakers, viewed 22 March 2013, < http://www.socialbakers.com/linkedin-statistics/>.
Spector, P.E. & Brannick, M.T. 2011, 'Methodological Urban Legends: The Misuse of Statistical Control Variables', Organizational Research Methods, vol. 14 no. 2, pp. 287-305.
Srite, M. & Karahanna, E. 2006, 'The role of espoused national cultural values in technology acceptance', MIS Quarterly, vol. 30, no. 3, pp. 679–704.
Stamper, R., Liu, K., Hafkamp, M. & Ades, Y. 2000, 'Understanding the roles of signs and norms in organizations—a semiotic approach to information systems design', Behaviour and Information Technology, vol. 19, no. 1, pp. 15–27.
Standing, S., Standing, C. & Love, P. 2012, 'A review of research on e-marketplaces 1997–2008', Decision Support Systems, vol. 49, no. 1, pp. 41–51.
Staples, D.S., Wong, I. & Seddon, P.B. 2002, 'Having expectations of information systems benefits that match received benefits: does it really matter?', Information & Management ,vol. 40, no. 2, p. Information & Management
References
321
Stevens, J. 1996, Applied Multivariate Statistics for the Social Sciences, Lawrence Erlbaum Associates, Hillsdale, New Jersey.
Stewart, K.A. & Segars, A.H. 2002, 'An empirical examination of the concern for information privacy instrument', Information Systems Research, vol. 13, no. 1, pp. 36-49.
Stewart, K.J. 1999, 'Transference as a means of building trust in world wide web sites', Proceedings of the Twentieth International Conference on Information Systems(ICIS), Charlotte, NC,USA, pp. 459–64.
Stone, M. 1974, 'Cross validatory choice and assessment of statistical predictions', Journal of the Royal Statistical Society, vol. 36, no. 2, pp. 111-47.
Straub, D. 1989, 'Validating Instruments in MIS Research', MIS Quarterly, vol. 13, no. 2, pp. 147-69.
Straub, D., Boudreau, M.-C. & Gefen, D. 2004, 'Validation guidelines for IS positivist research', Communications of the Association for Information Systems, vol. 13, no. 1, pp. 380-427.
Straub, D., Gefen, D. & Boudreau, M.-C. 2005, 'Quantitative Research', in D. Avison & J. Pries-Heje (eds), Research in Information Systems: A Handbook for Research Supervisors and Their Students, Elsevier, Amsterdam, pp. 221-38.
Straub, D.W. & Burton-Jones, A. 2007, 'Veni, Vidi, Vinci: Breaking the TAM Logjam', Journal of the Association for Information Systems, vol. 8, no. 4, pp. 147-69.
Straub, S. & Aichholzer, G. 2010, 'National Electronic Identity Management: The Challenge of a citizen-centric Approach beyond Technical Design', International Journal on Advances in Intelligent Systems, vol. 3, no. 1-2, pp. 12-23.
Strong, D.M., Dishaw, M.T. & Bandy, D.B. 2006, 'Extending Task Technology Fit with Computer Self-Efficacy', The DATA BASE for Advances in Information Systems, vol. 37, no. 2/3, pp. 96-107.
Sullivan, C. 2011, Digital Identity, Griffin Press.
Sun, H. & Zhang, P. 2006, 'The role of moderating factors in user technology acceptance', International Journal of Human-Computer Studies, vol. 64, no. 4, pp. 53-78.
Sun, H. & Zhang, P. 2008, 'An Exploration of Affect Factors and Their Role in User Technology Acceptance: Mediation and Causality', Journal of the American Society for Information Science and Technology, vol. 59, no. 8, pp. 1252–63.
Sun, S.-T., Hawkey, K. & Beznosov, K. 2012, 'Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures', Computers & Security, vol. 31, no. 4, pp. 465–83.
Swaminathan, V., Lepkowska-White, E. & Rao, B.P. 1999, 'Browsers or buyers in cyberspace?
An investigation of factors influencing electronic exchange', Journal of Computer Mediated Communication, vol. 5, no. 2, pp. 1-23.
Swanson, E.B. 1994, ' Information Systems Innovation among Organizations', Management Science, vol. 40, no. 9, pp. 1069–92.
Swartz, N. 2009, 'Will Red Flags Detour ID Theft?', Information Management Journal, vol. 43, no. 1, pp. 38-41.
Sztompka, P. 1999, Trust: A Sociological Theory, Cambridge University Press, Cambridge, UK.
Tapiador, A., Fumero, A. & Salvachúa, J. 2011, 'Extended Identity for Social Networks', in J. Breslin, T. Burg, H.-G. Kim, T. Raftery & J.-H. Schmidt (eds), Recent Trends and Developments in Social Software, vol. 6045, Springer Berlin / Heidelberg, pp. 162-8.
References
322
Taylor, S. & Todd, P. 1995, 'Understanding Information Technology Usage: A test of competing models', Information Systems Research, vol. 6, no. 2, pp. 144–76.
Tenenhaus, M., Vinzi, V.E., Chatelin, Y.M. & Lauro, C. 2005, 'PLS path modeling', Computational Statistics and Data Analysis, vol. 48, no. 1, pp. 159-205.
Teng, C.-I., Chen, M.-Y., Chen, Y.-J. & Li, Y.-J. 2012, 'Loyalty Due to Others: The Relationships Among Challenge, Interdependence, and Online Gamer Loyalty', Journal of Computer Mediated Communication, vol. 117, no. 4, pp. 489–500.
Thompson, R.L., Higgins, C.A. & Howell, J.M. 1994, 'Influence of Experience on Personal Computer Utilization: Testing a conceptual model', Journal of Management Information Systems, vol. 11, no. 1, pp. 167–87.
Todorov, D. 2007, Mechanics of user identification and authentication: fundamentals of identity management, Auerbach Publications.
Tranfield, D., Denyer, D. & Smart, P. 2003, 'Towards a methodology for developing evidence-informed management knowledge by means of systematic review', British Journal of Management, vol. 14, no. 3, pp. 207-22.
Tropf, H.S. 2004, India and its Languages, Siemens AG, Munich.
Tu, Z. & Li, Q. 2012, 'Design and Implementation of Unified Identity Management System Based on SAML', Proceedings of the Second International Conference onConsumer Electronics, Communications and Networks (CECNet), Yichang,China, pp. 3178 - 81.
Tufekci, Z. 2008, 'Can you see me now? Audience and disclosure regulation in online social network sites', Bulletin of Science, Technology & Society, vol. 28, no. 1, pp. 20-36.
Turkle, S. 1996, Life on the screen: Identity in the age of the internet, Simon & Schuster, New York.
Turner, M., Kitchenham, B., Brereton, P., Charters, S. & Budgen, D. 2010, 'Does the technology acceptance model predict actual use? A systematic literature review', Information and Software Technology, vol. 52, no. 5, pp. 463–79.
Udo, G.J. 2001, 'Privacy and security concerns as major barriers for e-commerce: a survey study.', Information Management & Computer Security, vol. 9, no. 4, pp. 165–74.
Usoro, A. 2010, 'Task-Technology Fit and Technology Acceptance Models Applicability to e-Tourism', Journal of Economic Development, Management, IT, Finance and Marketing, vol. 2, no. 1, pp. 1-32.
Valkenburg, P., Meijers, W., Lycklama, D. & Jansen, V. 2011, E-identity as a business: Case studies and lessons learned in networked identity, Innopay.
VandeVijver, F.J.R. & Chasiotis, A. 2010, 'Making methods meet: Mixed designs in cross-cultural research', in J.A. Harkness, M. Braun, B. Edwards, T.P. Johnson, L. Lyberg, P. Mohler, B.-E. Pennell & T.W. Smith (eds), Survey methods in multinational, multiregional, and multicultural contexts, John Wiley & Sons, Hoboken, NJ, pp. 455-73.
VanGelder, M.M., Bretveld, R.W. & Roeleveld, N. 2010, 'Web-based Questionnaires: The Future in Epidemiology?', American Journal of Epidemiology, vol. 172, no. 11, pp. 1292-8.
Venkatesh, V. 2006, 'Where To Go From Here? Thoughts on Future Directions for Research on Individual-Level Technology Adoption with a Focus on Decision Making', Decision Sciences, vol. 37, no. 4, pp. 497–518.
Venkatesh, V. & Bala, H. 2008, 'Technology Acceptance Model 3 and a research agenda on interventions', Decision Sciences, vol. 39, no. 2, pp. 273–315.
References
323
Venkatesh, V. & Brown, S.A. 2001, 'A Longitudinal Investigation of Personal Computers in Homes: Adoption Determinants and Emerging Challenges ', MIS Quarterly, vol. 25, no. 1, pp. 71-102.
Venkatesh, V. & Davis, F.D. 2000, 'A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies', Management Science, vol. 46 no. 2, pp. 186–204.
Venkatesh, V., Davis, F.D. & Morris, M.G. 2007, 'Dead Or Alive? The Development, Trajectory And Future Of Technology Adoption Research', Journal of the Association of Information Systems, vol. 8, no. 4, pp. 267-86.
Venkatesh, V. & Goyal, S. 2010, 'Expectation Disconfirmation and Technology Adoption: Polynomial Modeling and Response Surface Analysis ', MIS Quarterly, vol. 34, no. 2, pp. 281-303.
Venkatesh, V., Morris, M.G., Davis, G.B. & Davis, F.D. 2003, 'User Acceptance of Information Technology: Toward a Unified View', MIS Quarterly, vol. 27, no. 3, pp. 425-78.
Venkatesh, V. & Speier, C. 1999, 'Computer technology training in the workplace: A longitudinal investigation of the effect of mood', Org. Behavior and Human Decision Processes, vol. 79, no. 1, pp. 1-28.
Venkatesh, V., Thong, J.Y.L. & Xu, X. 2012, 'Consumer Acceptance and Use of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology', MIS Quarterly, vol. 36, no. 1, pp. 157-78.
Venkatraman, N. 1989, 'The Concept of Fit in Strategy Research :Toward Verbal and Statical Correspondence', Academy of Management Review, vol. 14, no. 3, pp. 423-44.
Vijayasarathy, L. 2004, 'Predicting consumer intentions to use on-line shopping:the case for an augmented technology acceptance model', Information & Management, vol. 41, no. 6, pp. 747–62.
Vlahos, G.E., Ferratt, T. & Knoepfle, G. 2004, 'The use of computer-based information systems by German managers to support decision making ', Information & Management, vol. 41, no. 6, pp. 763-79.
Vossaert, J., Lapon, J., Decker, B.D. & Naessens, V. 2013, 'User-centric identity management using trusted modules', Mathematical and Computer Modelling, vol. 57, no. 7–8, pp. 1592–605.
Wang, R., Chen, S. & Wang, X. 2012, 'Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services', Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, San Francisco Bay Area, California.
Wang, W. & Benbasat, I. 2005, 'Trust in and adoption of online recommendation agents', Journal of the Association for Information Systems, vol. 6, no. 3, pp. 72–101.
Webester, J. & Waston, R.T. 2002, 'Analayzing ther Past to Prepare for the Future: Writing A Literature Review ', MIS Quarterly, vol. 26, no. 2, pp. xiii-xxiii.
Wetzels, M., Odekerken-Schroder, G. & Oppen, C.V. 2009, 'Using PLS Path Modeling for Assessing Hierarchical Construct Models: guidelines and empirical illustration', MIS Quarterly, vol. 33, no. 1, pp. 177-95.
Williams, L.J., Hartman, N. & Cavazotte, F. 2010, 'Method Variance and Marker Variables: A Review and Comprehensive CFA Marker Technique', Organizational Research Methods, vol. 13, no. 4, pp. 477-514.
Williams, M., Rana, N. & Dwivedi, Y. 2011, 'Is UTAUT Really Used or Just Cited for The Sake of it ? A Systematic Review of Citation of UTAUT’s Originating Article',
References
324
Proceedings of the Nineteenth European Conference on Information Systems(ECIS), Helsinki, Finland.
Williams, M.D., Dwivedi, Y.K., Lal, B. & Schwarz, A. 2009, 'Contemporary trends and issues in IT adoption and diffusion research', Journal of Information Technology, vol. 24, no. 1, pp. 1-10.
Wixom, B.H. & Todd, P.A. 2005, 'A Theoretical Integration of User Satisfaction and Technology Acceptance', Information Systems Research, vol. 16, no. 1, pp. 85-102.
Wold, H. 1985, 'Partial Least Squares', in S. Kotz & N. Johnson (eds), Encyclopedia of Statistical Sciences, Wiley, New York, pp. 581-91.
Wu, C.-S., Cheng, F.-F., Yen, D.C. & Huang, Y.-W. 2011a, 'User acceptance of wireless technology in organizations: A comparison of alternative models', Computer Standards & Interfaces vol. 33, no. 1, pp. 50-8.
Wu, I. & Chen, J.-L. 2005, 'An extension of Trust and TAM model with TPB in the initial adoption of on-line tax: An empirical study', Int. J. Human-Computer Studies, vol. 62, no. 6, pp. 784–808.
Wu, J.-H. & Wang, S.-C. 2005, 'What drives mobile commerce? An empirical evaluation of the revised technology acceptance model', Information & Management, vol. 42 no. 5, pp. 719–29.
Wu, K., Zhao, Y., Zhu, Q., Tan, X. & Zheng, H. 2011b, 'A meta-analysis of the impact of trust on technology acceptance model: Investigation of moderating influence of subject and context type', International Journal of Information Management, vol. 31, no. 6, pp. 572–81.
Xiaoquan, Z., Chong, W. & Yan, T.K. 2010, 'Role Identity Salience and User Participation in Online Communites ', Proceedings of the International Conference on Information Systems(ICIS 2010), Saint Louis, Missouri,USA.
Xu, H. & Gupta, S. 2009, 'The effects of privacy concerns and personal innovativeness on potential and experienced customers’ adoption of location-based services', Electronic Markets, vol. 19, no. 2–3, pp. 137–49.
Xu, H., Luo, X., Carroll, J.M. & Rosson, M.B. 2011, 'The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing', Decision Support Systems, vol. 51, no. 1, pp. 42–52.
Xu, H., Teo, H.-H., Tan, B. & Agarwal, R. 2005, 'The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services', Journal of Management Information Systems,vol. 26, no. 3, pp. 135 - 74.
Yang, S., Lu, Y., Gupta, S., Cao, Y. & Zhang, R. 2012, 'Mobile payment services adoption across time: An empirical study of the effects of behavioral beliefs, social influences, and personal traits', Computers in Human Behavior, vol. 28, no. 1, pp. 129–42.
Yanosky, R. & Salaway, G. 2006, Identity Management in Higer Education: A Base line study, ECAR.
Yen, D., Wub, C.-S., Cheng, F.-F. & Huang, Y.-W. 2010, 'Determinants of users’ intention to adopt wireless technology: An empirical study by integrating TTF with TAM', Computers in Human Behavior, vol. 26, no. 5, pp. 906–15.
Yi, M., Jackson, J., Park, J. & Probst, J. 2006, 'Understanding information technology acceptance by individual professionals: Toward an integrative view', Information & Management, vol. 43, pp. 350–63.
References
325
Yi, Y.D., Wu, Z. & Tung, L.L. 2005, 'How individual differences influence technology usage behavior? Toward an integrated framework', Journal of Computer Information Systems, vol. 46, no. 2, pp. 52–63.
Yin, R. 1994, Case study research: Design and methods, 2nd edn, Thousand Oaks, CA: Sage.
Yuan, Y., Archer, N., Connelly, C.E. & Zheng, W. 2010, 'Identifying the ideal fit between mobile work and mobile work support', Information & Management, vol. 47, no. 3, pp. 125–37.
Zhang, L., Zhu, J. & Liu, Q. 2012, 'A meta-analysis of mobile commerce adoption and the moderating effect of culture ', Computers in Human Behavior, vol. 28, no. 5, pp. 1902–11.
Zhang, Y. 1999, 'Using the Internet for Survey Research: A Case Study', Journal of the American Society for Information Science and Technology, vol. 51, no. 1, pp. 57– 6.
Zhou, T. 2011, 'The impact of privacy concern on user adoption of location-based services', Industrial Management & Data Systems, vol. 111, no. 2, pp. 212-26.
Zhou, T., Lu, Y. & Wang, B. 2010, 'Integrating TTF and UTAUT to explain mobile banking user adoption', Computers in Human Behavior, vol. 26, no. 4, pp. 760–7.
Zhou, Z., Jin, X.-L., Vogel, D.R., Fang, Y. & Chen, X. 2011, 'Individual motivations and demographic differences in social virtual world uses: An exploratory investigation in Second Life', International Journal of Information Management, vol. 31, no. 3, pp. 261–71.
Zhu, K., Kraemer, K.L., Gurbaxani, V. & Xu, S. 2006, 'Migration to Open-Standard Interorganizational Systems:Network Effects, Switching Costs, and Path Dependency', MIS Quarterly, vol. 30, no. 1, pp. 515-38.
Zigurs, I. & Buckland, B.K. 1998, 'A Theory of Task/ Technology Fit and Group Support Systems Effectiveness', MIS Quarterly, vol. 22, no. 3, pp. 313-34.
Zigurs, I., Buckland, B.K., Connolly, J.R. & Wilson, E.V. 1999, 'A test of task technology fit theory for group support systems', The Data Base for Advances in Information Systems, vol. 30, pp. 34–50.
Zucker, L.G. 1986, 'Production of trust: Institutional sources of economic structure, 1840–1920', in B.M. Staw & L.L. Cummings (eds), Research in Organizational Behavior, vol. 8, JAI Press, Greenwich, CT pp. 53–111.
Appendices
326
Appendix 2.1: Identity Management Systems Standards and Technologies
This section describes the most recent IdMS standards and technologies.
Information Cards (Windows Card Space)
The Information Card (http://informationcard.net) is classed as Identity Selector software and its
purpose is to store the digital identities of users which are presented as a visual card.
Information Cards provide a reliable user interface (UI) which enables users to securely access
their identities during commercial transactions. At present, there are three parties involved in the
application of Information Cards (Meints 2009):
1. The user who holds several Information Cards which contain several pieces of
identity information about him/her.
2. Relying parties, for example, websites, services or companies that request and accept
the Information Cards as security tokens.
3. Identity providers who assert that the Information Cards are security tokens about the
user.
The central purpose of the relying party is to ascertain which identity providers they trust. This
is enacted through the relying party’s policy, generally by using Web services security (WS-
Security) Policy, which is reclaimed through Web services (WS) metadata exchange and the
security token, which is attained through WS-Trust, is sent to the relying party through WS-
Security (Meints 2009). There are two types of information cards in CardSpace: firstly, personal
cards, containing the user’s encrypted personal information, which can be sent to the relying
party with the user’s permission; and, secondly, managed cards which contain information such
as credit card information, which is maintained in the data systems of the identity provider (Al-
Sinani, Alrodhan & Mitchell 2010). The identity selector of the InfoCard allows the user to
create a personal card with self-asserted claims. InfoCards restrict the contents of personal cards
to non-sensitive data, such as that published in telephone directories. At this time, personal
cards support only 14 editable claim types, such as first name, last name, email address, street,
city, state, postal code, country/region, etc. (Al-Sinani, Alrodhan & Mitchell 2010). A set of
Appendices
327
personal data inserted in personal cards is stored in encrypted form on the user machine as a
“security token”. In these contexts, the user decides how many Information Cards will be
released to the relying party based on the user’s perception of security which can be bolstered if
the relying party provides user access to their privacy policy.
OpenID
OpenID (www.openid.net) is the condensing of a user’s identity from multiple parties into a
“single sign-on” function that requires the user to remember a vastly reduced number of
usernames and passwords (Poetzsch et al. 2009). At present, major companies such as Yahoo,
IBM, Google and Microsoft support the use of OpenID. However, the application of OpenID,
especially by inexperienced users, can have serious consequences; “OpenID authentications are
a valuable target for phishing attacks as a stolen OpenID offers access to numerous services to
which the user has subscribed and thus is perfect loot for spammers and may provide a good
basis for further ID theft” (Meints 2009, p. 37). In this context, OpenID does not incorporate a
trust network which also requires further trust on the user’s behalf in the level of security of the
identity provider (in this case, OpenID). In summary, OpenID is useful in limiting the amount
of information that a user must remember, but the value of this benefit is questionable when
taking into consideration the costs of increased attacks on a centralized site of personal user
information (El-Maliki & Seigneur 2007). The comparative value of perceived benefits and
costs can only be judged by the user.
SXIP 2.0
The Simple eXtensible Identity Protocol (SXIP) (http://www.sxip.com) has been developed
using decentralized platform architecture, providing a simplified approach for exchanging
identity information. The URL-based approach has enabled the system to provide flexibility for
sharing identity information among websites. The users have full control over their identities
and have an active role in the exchange of their identity data. Hence, they can benefit from the
portable authentication to access many websites. The development languages used for SXIP are
personal home page (PHP), Pearl, Python and Java which enable the incorporation of a multi-
Appendices
328
platform application. The integration with other URL-based protocols increases the
interoperability (El-Maliki & Seigneur 2007). SXIP 2.0 allows organizations to develop an
authoritative approach towards user data and the exchange of identity information with other
websites.
Shibboleth
Shibboleth (http://shibboleth.internet2.edu/) is an open source software package for Web single
sign-on within or across organizational boundaries (Rountree 2012). Shibboleth is a semi-
commercial project which supports federated identity management across all educational
institutions (Hovav & Berger, 2009). Its aim is to allow universities to facilitate ease of access
to educational resources and to share their Web resources subject to access control. Access
control is based on a set of attributes, architectures, policy structure, practical technologies and
an open source implementation such as security assertion markup language (SAML) (El-Maliki
& Seigneur 2007; Hovav & Berger 2009).
U-Prove
U-Prove (http://research.microsoft.com/en-us/projects/u-prove/) is an advanced cryptographic
technology developed for claims-based identity management. This technology and the
underlying patent was acquired by Microsoft. It aims to promote an open identity and access
model for individuals, businesses and governments based on the principles of the identity
metasystem and identity laws (Adje & Olesen 2011; Cameron 2005). U-Prove offers greater
security, scalability and privacy than existing identity management schemes, and enables
minimal disclosure of identity information in electronic transactions and communications. U-
Prove tokens are stored on a user’s device for more convenience. The U-Prove agent acts as an
intermediary between websites (identity providers and third parties) and represents the users’
interests in choosing to share (or not to share) their identity information with websites. This
implies that the organization (identity provider) is prevented from tracking where or when the
Appendices
329
information is used. Similarly, third parties are prevented from linking users to their activities
(Adje & Olesen 2011).
OAuth
OAuth (http://oauth.net) is an open protocol for secure authorization which gives users the
ability to grant third party access to their resources without sharing their credentials, typically
their usernames and passwords (Rountree 2012). OAuth enables users to access and share their
private resources (e.g. photos, videos, contact lists, bank accounts) stored on one site with
another site without having to provide their credentials. OAuth 2.0, the next evolution of the
OAuth standard, focuses on client-developer simplicity (not user simplicity) while providing
specific authorization flows for mobile phones and living room devices as well as desktop and
Web applications (Adje & Olesen 2011).The scenario for OAuth is as follows:
• the user is on webservice.com and wants to import his/her details from details.com
• webservice.com redirects the user to details.com (the service provider)
• the user authenticates himself/herself to details.com
• details.com asks the user whether he/she wants to authorize webservice.com to access
his/her details
• the user makes his/her choice
• details.com redirects the user back to service.com
• webservice.com retrieves the details from details.com
• webservice.com informs the user that the import was successful.
Appendices
330
Appendix 2.2: A Description of the Publications Identified in the Selection Phase of IdMS Literature Review
Study Application
Areas
Focus of Research
Nature of Research
TFI Layers
Ind
ivid
ual
Bu
sin
ess
Tec
hn
ical
Gen
eral
For
mal
Tec
hn
ical
Info
rmal
1 (Akerof & Kranton 2000)
Commerce/business - - - √ Conceptual - - √
2 (Koch & Woerndl 2001)
Online community - - - √ Conceptual - √ -
3 (Koch,2002) Personalization services
- - √ - Conceptual - √ -
4 (Lee 2003) Technologies and services
- - - √ Conceptual √ - -
5 (Mont, Bramhall & Pato 2003)
Technologies and services
- - - √ Conceptual - √ -
6 (Pato 2003) Technologies and services
- - √ - Conceptual √ - -
7 (Roussos, Peterson & Patel 2003)
Mobile - √ - - Qualitative (Focus
groups) - - √
8 (Hansen et al 2004) Privacy enhancing technology
- - √ - Conceptual - √ -
9 (Munkwitz-Smith & West 2004)
Education - √ - - Conceptual - √ -
10 (Acquisti & Grossklags 2005)
Privacy -enhancing technology
√ - - - Quantitative
(Survey) - - √
11 (Bauer, Meints & Handsen 2005)
Terminology - - √ - NA √ - -
12 (Cameron 2005) Design - - - √ NA - √ -
13 (Goth 2005) Crime detection and forensics
- - - √ Conceptual √ - -
14 (Holden 2005) Government - √ - - Conceptual √ - -
15 (Josang & Pope 2005)
Architecture and paradigm
√ - - - Conceptual - √ -
16 (Alesandro et al. 2006)
Crime detection and forensics
- √ - - Quantitative
(Event Study) - - √
17 (Borcea-Pfitzmann et al. 2006)
Technologies and services/Community
- - - √ Conceptual √ - -
18 (Daemen & Rubinstein 2006)
Architecture and paradigm
- - √ - Conceptual - √ -
19 (Koops & Leenes 2006)
Crime detection and forensics
- - - √ Conceptual √ - -
20 (Miyata et al. 2006) Technologies and services
- - √ - Conceptual √ - -
21 (Satchell et al. 2006)
FIM √ - - - Qualitative (Interview) - - √
22 (Yanosky 2006) Education - √ - - Quantitative+
Qualitative - - √
23 (Bertocci, Serack & Baker 2007)
Technologies and services
- - √ - NA √ - -
24 (Bhargav-Spantzel et al.2007)
FIM √ - - - Conceptual - √ -
25 (Brody, Mulig & Kimball 2007)
Crime detection and forensics
- √ - - Conceptual - √ -
26 (Cameron & Jones 2007)
Architecture and paradigm
- √ - - Conceptual - √ -
27 (Du 2007) Commerce/business - - - √ Conceptual √ - -
28 (Fischer-Hubner et al . 2007)
Privacy enhancing technologies
- - - √ Quantitative (Experiment)
- - √
Appendices
331
29 (EIU 2007) Commerce/business - √ - - Quantitative (survey) √ - -
30 (El Maliki & Seigneur 2007)
Technologies and services
- - √ - Conceptual √ - -
31 (Greenwood et al. 2007)
Architecture and paradigm
- - √ Conceptual - √ -
32 (Josang , Al-Zomai & Suriadi 2007)
Architecture and paradigm
- - √ - Conceptual - √ -
33 (Todorv 2007) Terminology - - √ - NA √ - -
34 (Arora 2008) Government - √ - - Conceptual - √ -
35 (Cser & Penn 2008)
Commerce/business - √ - - Conceptual √ - -
36 (Dabrowski & Pacyna 2008)
Architecture and paradigm
- - √ - Conceptual - √ -
37 (Dhamija & Dusseault 2008)
Design - - - √ Conceptual - √ -
38 (DeCock, Simoens & Preneel 2008)
Government - - - √ Qualitative
(documentary evidence)
- - √
39 (Halperin, & Backhouse 2008)
Information society - - - √ Conceptual √ - -
40 (Hansen, Pfitzmann & Steinbrecher 2008)
Privacy enhancing technology
. √ - Conceptual - √ -
41 (Kosta 2008) Privacy enhancing technologies
- - √ - Conceptual - √ -
42 (Lips & Pang 2008)
Government - √ - - Conceptual √ - -
43 (Maler & Reed 2008)
FIM - - √ - Conceptual - √ -
44 (Ostergaard & Hvass 2008)
Government - - √ - Conceptual √ - -
45 (Smith 2008) FIM - - - √ Conceptual √ - -
46 (Aichholzer & Straub 2009)
Government √ - - - Qualitative (Interview)
- - √
47 (Alrodhan & Mitchell 2009)
Technologies and services
- - √ - Conceptual - √ -
48 (Balasubramaniam et al. 2009)
FIM - - √ Conceptual - √ -
49 (Cameron, Posch & Rannenberg 2009)
Design √ - - - Conceptual √ - -
50 (Hovav & Berger 2009)
Technologies and services
- - - √ Conceptual - √ -
51 (Landau, Gong & Wilton 2009)
FIM - - √ - Conceptual - √ -
52 (Lee et al. 2009) Crime detection and forensics
- - √ - Conceptual √ - -
53 (McLaughlin, Malone & Jennings 2009)
Digital ecosystem - - √ - Conceptual - √ -
54 (Meints 2009) Commerce/business - √ - - Conceptual - √ -
55 (Poetzsch et al 2009)
FIM - - - √ Conceptual √ - -
56 (Seltsikas ,2009) Commerce/business - - - √ Conceptual - - √
57 (Swartz 2009) Crime detection and forensics
- - - √ Conceptual √ - -
58 (Aichholzer & Straub 2010)
Government √ - - - Conceptual - √ -
59 (Al-Sinani & Mitchell 2010)
Technologies and services
- - √ - Conceptual - √ -
60 (Al-Sinani, Alrodhan & Mitchell 2010)
Technologies and services
- - √ - NA - √ -
61 (Cao & Yang 2010)
Architecture and paradigm
- - √ - Conceptual - √ -
62 (Crompton 2010) Country/culture - √ - - Conceptual √ - -
63 (Dey & Weis 2010)
Privacy enhancing technologies
- - √ - Conceptual - √ -
Appendices
332
64 (Dillon 2010) Ethics √ - - - Conceptual √ - -
65 (Finklea 2010) Crime detection and forensics
- - - √ Conceptual √ - -
66 (Ivy, Conger & Landry 2010)
FIM - √ - - Conceptual √ - -
67 (Marmol, Girao & Perez 2010)
E-transaction - - √ - Quantitative (Experiment)
- √ -
68 (McLaughlin, Briscoe & Malone 2010)
Social networks - - √ - Conceptual - √ -
69 (Pfitzmann & Hansen 2010)
Terminology - - - √ NA √ - -
70 (Rossudowski et al. 2010)
Architecture and paradigms
- - √ - Conceptual - √ -
71 (Sabena, Dehghant & Seddon 2010)
Technologies and services
- - √ - Conceptual - √ -
72 (Seltsikas & O’Keefe 2010)
Government - √ - -
Qualitative (participant observation , documentary evidence and interviews )
- - √
73 (Straub & Aichholzer 2010)
Government √ - - - Qualitative (Interview) - - √
74 ( Xiaoquan, Chong & Yan 2010)
Online community √ - - - Quantitative
(observational data) - - √
75 (Adje & Olesen 2011)
Privacy –enhancing technology
- - √ - Conceptual - √ -
76 (Alpar, Hoepman & Siljee 2011)
Terminology - - √ - Conceptual √ - -
77 (Al-Sinani & Mitchell 2011)
Technologies and services
- - √ - Conceptual - √ -
78 (Cao et al.2011) Architecture and paradigms
- - √ - Conceptual - √ -
79 (Coopamootoo &Ashenden 2011)
Design √ - - - Conceptual √ - -
80 (Friedman , Crowley & West 2011)
Online identity - - - √ NA √ - -
81 (FU et al. 2011) E-transaction - - √ - NA √ - -
82 (Karch 2011) Terminology - - - √ Conceptual √ - -
83 (Kim , Zheng & Gupta 2011)
Online identity √ - - - Quantitative (survey) - - √
84 (MAG 2011) Commerce/Business - √ - - Conceptual √ - -
85 (Sullivan 2011) Online identity - - - √ Conceptual √ - -
86 (Tapiador, Fumero & Salvachua 2011)
Social network - - √ - Conceptual - √ -
87 (Valkenburg et al. 2011)
Commerce/business - √ - - Conceptual √ - -
88 (Baldoni 2012) Government - √ - - Conceptual - √ -
89 (Birrell & Schneider 2012)
FIM - - - √ Conceptual √ -
90 (García, Oliva & Perez-Belleboni 2012)
Government √ - - - Conceptual √ - -
92 Ferdous et al. 2012 Government - √ - - Conceptual √ - -
91 (Ferdous & Poet 2012)
Technologies and services
- - - √ Conceptual - √ -
93 Jensen 2012 FIMS
√
Conceptual √
94 (Hitachi Inc 2012) Terminology - - - √ Conceptual √ - -
95 (Landau & Moore 2012)
FIM - - - √ Quantitative(Structured
observation) √ -
-
96 Leskinen 2012
Technologies and services
- - - √ Conceptual - √ -
97 (Rountree 2012) FIM - - - √ Conceptual √ - -
Appendices
333
98 (Smedinghoff2012) FIM - √ - - Conceptual √ - -
99 (Sun, Hawkey & Beznosov 2012)
Technologies and services
- - √ - Quantitative
(Model checking and empirical evaluation)
- √ -
100 (Tu & Li 2012) Design - √ - - Conceptual - √ -
101 (Wang, Chen & Wang 2012)
Social network - - √ - NA √ - -
102 Armando et al.2013
Technologies and services
- - √ - Conceptual - √ -
103 (Ferdous & Josang 2013)
Architecture and paradigms
- - √ - Conceptual - √ -
104 (Jensen & Jaatun 2013)
FIM - √ - - Qualitative (Interview) - - √
105 (Rossvoll & Fritsch 2013)
Design - - √ - Conceptual - √ -
106 Vossaert et al. 2013 FIM - - √ - Quantitative
(mathematical model) - √ -
Appendices
334
Appendix 3.1: Studies Identified in Selection Phase of Web-based Services and Technologies Adoption Literature
1 The study that used the specific model or theory, examined at least one of the origin model constructs.
Author Year Journal/Conference Technology
/Service Methodology
Theory /Model1
External Variable
1 Barnes and Huff 2003 Communications of the ACM I-Mode NA TAM,IDT NA
2 Featherman and Pavlou
2003 Int. J. Human-Computer Studies E-service Quantitative (survey)
TAM Perceived risk
3 Heijden 2003 Information & Management Website Quantitative (Survey)
TAM Perceived enjoyment , perceived attractive
4 Gefen, Karahanna and Straub
2003 MIS Quarterly Online shopping Quantitative (survey)
TAM Trust
5 Pavlou 2003 International Journal of Electronic Commerce
E-commerce Mix method TAM Risk , Trust
6 D’Ambra and Wilson
2004a Internet research Web services travel Mix methods TTF NA
7 D'Ambra and Wilson
2004b Journal of the ASIST WWW Quantitative (online survey)
TTF Fun ,Uncertainly ,Social norms
8 Dishaw et al 2004 Americas Conference on Information Systems
Software Quantitative (online survey)
TTF, UTAUT NA
9 Gebauer, Shaw and Gribbins
2004 the Americas Conference on Information Systems
Mobile information system
Qualitative
TTF NA
10 Grossman, Aronson and McCarthy
2005 Information and Software Technology
Web based unified modeling language
Quantitative (Online survey)
TTF NA
11 Klopping and McKinney
2004 , Information Technology, Learning, and Performance Journal
E-commerce ,Online shopping
Quantitative (online survey)
TAM,TTF NA
12 Vijayasarathy 2004 Information & Management Internet , Online shopping
Quantitative (survey)
TAM Compatibility, Privacy, Security, Normative beliefs, Self- efficacy
13 Carter and Bélanger
2005 Information Systems Journal E-government services
Quantitative (survey)
TAM Trustworthiness
14 Ip 2005 Eleventh Americas Conference on Information Systems
Weblog technologies
Qualitative (individual cases and focus groups)
TTF NA
15 Lu et al.
2005 Journal of Strategic Information Systems
Wireless mobile technology
Quantitative (online/offline survey)
TAM Subjective norms , Image ,Personal Innovativeness
16 Jones and Hubona 2005 Database for Advances in Information Email , Word Quantitative TAM Individual difference
Appendices
335
Systems processing (survey)
17 Malhotra and Galletta
2005 Journal of Management Information Systems
IS application Quantitative (survey)
TAM NA
18 Wang and Benbasat
2005 Journal of the AIS Online recommendation
Quantitative (laboratory experiment)
TAM Trust
19 Wixom and Todd
2005 Information Systems Research Data warehouse software
Quantitative (Survey)
TAM NA
20 Wu and Chen 2005 Int. J. Human-Computer Studies Online tax Quantitative (online survey)
TAM,TPB Trust
21 Wu and Wang 2005 Information & Management Mobile commerce Quantitative (online survey)
TAM,IDT Perceived risk, Compatibility, Cost
22 Cheng, Lam and Yeung
2006 Decision Support Systems Internet banking Quantitative (survey)
TAM Web security
23 Cho 2006 Information & Management Online service Quantitative (online survey)
TAM Trust, Perceived risks, Compatibility, Facilitating condition
24 Hong and Tam 2006 Information Systems Research Multipurpose information appliances
Quantitative (online survey)
TAM Perceived service availability, Perceived monetary value, Social influence, Perceived enjoyment, Need of uniqueness, Gender, Age
25 Lee, Lee and Lee 2006 Database for Advances in Information Systems
Web-based class support technology
Quantitative (survey)
TAM Self identity , Subjective norms
26 Komiak and Benbasat
2006 MIS Quarterly Online recommendation agent
Quantitative (experiment)
TRA Trust ,Personalization , Familiarity
27 Bandyopadhy and Fraccastoro
2007 Communications of the AIS Prepayment metering systems
Quantitative (survey)
UTAUT NA
28 Castaneda, Munoz-Leivaa ann Luquea
2007 Information & Management Website Quantitative (online survey)
TAM Internet experience, Web site experience
29 Lee, Cheng and Cheng
2007 Decision Support Systems PDA mobile commerce system
Quantitative (survey)
TTF Demographics, Computer Experience, Cognitive Style, Computer self-efficacy
30 Lee, Kang and Kim
2007 Computers in Human Behavior Web-based negotiation support systems (NSS)
Quantitative (survey)
TAM Playfulness, Causality, Subjective norms
31 Liao, Chen and Yen
2007 Computers in Human Behavior e-service Quantitative (field study)
TPB Personal characteristics, Social influence
32 McCoy, Galletta and King
2007 European Journal of Information Systems
Focal system Quantitative (online survey)
TAM Culture
33 Shang, Chen and Chen
2007 Pacific Asia Conference on Information Systems
Blog Quantitative (survey)
TTF Self presentation, Self-orientation, Sociality need
34 Crespo and 2008 Computers in Human Behavior E-commerce. Mix methods TPB Innovativeness , New technologies
Appendices
336
Bosque Online shopping
35 Kim 2008 Information & Management Mobile wireless Quantitative (online survey)
TAM Job Relevance, Perceived Cost Savings, Company’s Willingness to Fund , Experience
36 Kumar, Mohan and Holowczak
2008 Decision Support Systems Firewalls Quantitative (online survey)
TAM Computer anxiety, Privacy concern, Awareness of common security measures
37 Im et al.
2008 Information & Management Web board MS messenger Wireless PDA
Quantitative (experiment)
UTAUT Perceived risk, Technology type, Gender and Experience.
38 Junglas, Abraham & Watson
2008 Decision Support Systems Mobile locatable information systems
Quantitative (laboratory experiment)
TTF NA
39 Lingyun and Dong
2008 Tsinghua Science & Technology
Online shopping Quantitative (survey)
TAM Social presence, Trust; Perceived enjoyment
40 Sun and Zhang 2008 Journal of the ASIST Search engine Quantitative (online survey)
TAM
Computer playfulness Perceived enjoyment
41 Venkatesh and Bala
2008 Decision Sciences IT applications Quantitative (longitudinal field studies)
TAM3 NA
42 Barati and Mohammadi
2009 World Congress on Engineering and Computer Science
Mobile banking Conceptual TAM Innovation resistance ,Social factor, Cultural
43 Ha and Stoel 2009 Journal of Business Research Online shopping Quantitative (online survey)
TAM Quality, Trust, Enjoyment
44 Hossain and de Silva
2009 Journal of High Technology Management Research
Social networks Quantitative survey
TAM NA
45 Lee
2009a Electronic Commerce Research and Applications
Internet banking Quantitative (online survey)
TPB, TAM Perceived risk, Perceived benefit
46 Lee
2009b Decision Support Systems Online trading Quantitative (online survey)
TAM,TPB Perceived risk, Perceived benefit, Trust
47 Chang 2010 Int. J. Human-Computer Studies Online auction Mix methods (interview case study ,survey)
TTF,TAM NA
48 Crespo and Bosque
2010 Electronic Commerce Research and Applications
E-commerce Quantitative TPB Perceived risk
49 Djamasbi, Strong and Dishaw
2010 Decision Support Systems DSS
Quantitative (laboratory experiment)
TAM Positive mood
50 Gebauer, Shaw and Gribbins
2010 Journal of Information Technology Mobile information system
Mix methods
TTF NA
51 Kwon and Wen 2010 Computers in Human Behavior Social networks Quantitative (online survey)
TAM Social identity, Altruism telepresence Perceived encouragement
Appendices
337
52 Li, Sarathy and Xu
2010 journal of Computer Information Systems
E-commerce Quantitative (online survey)
TAM Privacy protection belief , Privacy risk belief
53 Recker and Rosemann
2010 Scandinavian Journal of Information Systems
Business Process Modelling Notation
Quantitative (online survey)
TAM NA
54 Schierz, Schilke and Wirtz
2010 Electronic Commerce Research and Applications
Mobile payment services
Quantitative (online survey)
TAM Perceived compatibility, Perceived security, Individual mobility
55 Seneler, Basoglu and Daim
2010 Journal of Enterprise Information Management
Airline online service
Mix methods
TAM, TTF NA
56 Shin 2010 Interacting with Computers Social network Quantitative (online survey)
TAM Security, Trust, Privacy
57 Usoro 2010 Journal of Economic Development, Management, IT, Finance and Marketing
e-tourism Quantitative (online survey)
TTF,TAM Trust
58 Yen et al . 2010 Computers in Human Behavior Wireless technology Quantitative (survey)
TAM,TTF NA
59 Zhou, Lu and Wang
2010 Computers in Human Behavior Mobile banking Quantitative (survey)
TTF, UTAUT NA
60 Behrend et al.
2011 Behaviour & Information Technology Cloud Computing Mix methods (online survey and focus group)
TAM3 Access to software ,Ease of travel, Future usefulness, Reliability ,Instructor support , Personal innovativeness ,Technology anxiety
61 Corrocher 2011 Technological Forecasting & Social Change
Video sharing, Social networking, Social bookmarking
Quantitative (online survey)
TAM NA
62 Im, Hong and Kang
2011 Information & Management MP3 player ,Internet banking
Quantitative (survey)
UTAUT NA
63 Gwebu and Wang
2011 Decision Support Systems Open Source Software (OSS)
Quantitative (online survey)
TAM Personal innovativeness, Social identification
64 Lessa, Negash and Donald
2011 Americas Conference on Information Systems
WoredaNet E government services
Quantitative (case study survey)
UTAUT NA
65 Saeed
2011 Americas Conference on Information Systems
Mobile banking services
Quantitative (survey)
UTAUT, IDT
Accessibility ,Alertness ,Personalization, Service compatibility, Ease of navigation, Device compatibility, Facilitating conditions
66 Wu et al.
2011a Computer Standards & Interfaces Wireless technology Quantitative (survey)
TAM
NA
67 Schilke and Wirtz 2012 Information & Management Broadband triple play
Quantitative (Survey)
TAM Service characteristics
Appendices
338
68 Chong, Chan and Ooi
2012 Decision Support Systems Mobile Commerce Quantitative (Survey)
TAM+IDT Trust, Cost, Social influence, Variety of services
69 Lee et al. 2012 Journal of Business Research Mobile financial services
Quantitative (Survey)
TAM,TFF Personal innovativeness, Absorptive capacity
70 Venkatesh et al. 2012 MIS Quarterly Mobile Internet Quantitative (Survey)
UTAUT NA
71 Yang et al. 2012 Computers in Human Behavior Mobile payment service
Quantitative (Survey)
TRA,IDT Subjective norms, Personal innovativeness, Perceived risk, Perceived fee.
Studies that are not based on technology adoption models
1 Koufaris and Hampton-Sosa
2004 Information & Management Web-based company
Quantitative (online survey)
NA Trust
2 Malhotra et al. 2004 Information Systems Research E-commerce Quantitative (experiment design)
NA Risk beliefs, Trust beliefs, Information privacy concern
3 Metzeger 2004 Journal of Computer-Mediated Communication
E-commerce Quantitative (Experiment)
NA Trust , Privacy, past Information disclosure
4 Pavlou and Gafen
2004 Information Systems Research Online market place Quantitative (survey)
NA Trust ,Risk
5 Liu et al.
2005 Information &Management E-commerce Quantitative (experiment)
NA Privacy ,Trust
6 Breward
2006 Eighth World Congress on the Management of eBusiness
Online shopping Conceptual NA Risk ,Trust , Privacy
7 Dinev and Hart
2006 International Journal of Electronic Commerce
E-commerce , Online transaction
Quantitative (survey)
NA Social awareness, Internet literacy
8 Littler and Melanthiou
2006 Journal of Retailing and Consumer Services
Internet banking Mix method (interview-survey)
NA Risk
9 Buchanan et al.
2007 Journal of the ASIST Internet Quantitative (survey)
NA Privacy
10 Hui , Teo and Lee
2007 MIS Quarterly Website Qualitative NA Privacy statement, Monetary incentive, Information request
11 Lee , Choi et al. 2007b International Journal of Electronic Commerce
Mobile Internet Quantitative
(online survey) NA
Uncertainty, Avoidance, Perceived usefulness , Individualism , Perceived
Appendices
339
Enjoyment, Context ,Perceived Ease of use, Time perception, Perceived monetary value
12 Mallat 2007 Journal of Strategic Information Systems
Mobile payments Qualitative (interview)
NA
Relative advantage Compatibility , Complexity , Costs Network externalities , Critical mass , Security , Trust
13 Be´langer and Carter
2008 Journal of Strategic Information Systems
E- government services
Quantitative (survey)
NA Trust on the Internet, Perceived risk
14 Junglas, Johnson, et al
2008 European Journal of Information Systems
Location Based Services (LBS)
Quantitative (scenario-based survey approach)
NA Personality traits (agreeableness, conscientiousness, emotional stability, extraversion, openness), Concern for privacy
15 Li et al.
2008 Journal of Strategic Information Systems
IS national identity system (NID)
Quantitative (post survey)
NA Trusting bases, Personality , Technology institutional
16 Sheng, Nah and Siau
2008 Journal of the AIS Ubiquitous commerce
Quantitative (survey)
NA Privacy concern, Personalization , Context
17 Fogel and Nehad
2009 Computers in Human Behavior Social network Quantitative (survey)
NA Trust , Privacy , Risk
18 Bansal et al. 2010 Decision Support Systems Healthcare services Quantitative (experiment)
NA Personal dispositions, Personality traits, Information sensitivity, Health status, Prior privacy invasions, Risk beliefs, Experience
19 Lee and Cranage 2010 Tourism Management Travel- Web sites Quantitative (factorial experiment)
NA Privacy concern ,Personalization ,Perceived usefulness
20 Luo et al.
2010 Decision Support Systems Mobile banking Quantitative (survey)
NA Structural assurance, Perceived risk, Self-efficacy, Performance expectancy
21 Liao, Liu & Chen
2011 Electronic Commerce Research and Applications
Online transactions ,Online shopping
Quantitative (survey)
NA Internet literacy, Social awareness, Perceived risk, Disposition to trust ,Privacy concerns
22 Lowry, Cao and Everard
2011 Journal of Management Information Systems
Social computing technology
Quantitative NA self-disclosure ,online awareness ,Privacy concerns
23 Xu et al.
2011 Decision Support Systems location aware marketing(M)
Quantitative (experimental study)
NA
Privacy Calculus (Perceived benefits, perceived risk , Perceived benefits of Info disclosure ), Willingness to have personal information, Interpersonal differences, Personalization
24 Zhou 2011 Industrial Management & Data Systems
location-based services
Quantitative (survey)
NA Privacy, Trust ,Risk
25 Al-Omoush, Yaseen and
2012 Computers in Human Behavior Social networking Quantitative (Survey)
NA cultural values, trust, Credibility, and Strength of ties
Appendices
340
Alma’aitah
26 Chen, Yen and Hwang
2012 Computers in Human Behavior Web 2.0 Quantitative (Survey)
NA Satisfaction, Subjective norms, Image, Critical mass, electronic word-of-mouth
27 Ding and Lin 2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Experiment)
NA Pleasure , Trust
28 Hwang and Lee 2012
2012 Information & Management e-commerce Quantitative (Survey)
NA Trust beliefs (integrity and ability)
29 Kim, Xu and Gupta
2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Survey)
NA Perceived price, Perceived value ,Trust
30 Kim et al. 2012 Electronic Commerce Research and Applications
Online shopping Quantitative (Survey)
NA Satisfaction, Hedonic and utilitarian shopping value
31 Moore and McElroy
2012 Computers in Human Behavior Social networking Quantitative (Survey)
NA Personality, Extraversion, Agreeableness, Openness to experience
32 Shiau and Luo 2012
2012 Computers in Human Behavior Online group buying
Quantitative (Survey)
NA Satisfaction, Trust, Creativity
Literature Review/Commentary studies
Author year Journal /conference Number of articles Publication appearing
Focus Type of review
1 Lee, Kozar and Larsen
2003 Communications of the AIS NA 1986 -June, 2003 TAM Meta-analysis and survey
2 Legris, Ingham and Collerette
2003 Information & Management NA 1980 -2001 TAM Meta-analysis
3 Choudrie and Dwivedi
2005 Journal of Research Practice 48 1985 - 2003 General Research approaches
4 Jeyaraj, Rottman and Lacity
2006 Journal of Information Technology 99 1993 - 2003 General Meta-analysis
5 King and He 2006 Information & Management 140 NA TAM Meta-analysis
6 Sun and Zhang 2006 Int. J. Human-Computer Studies NA NA General Systematic analysis
7 Gefen ,Benbasat and Pavlou
2008 Journal of Management Information Systems
NA NA Trust Future Agenda
8 Dwivedi et al. 2008 European Conference of IS 345 1985 - 2007 General Systematic review
9 Cane and McCarthy
2009 The Journal of Computer Information Systems
NA NA TTF Meta-analysis
10 Williams et al. 2009 Journal of Information Technology 345 1985 - 2007 General Systematic review
11 Turner et al. 2010 Information and Software Technology
79 1989– 2006 TAM Systematic review and vote-counting meta-analysis
12 Williams, Rana and Dwivedi
2011 European Conference of IS 450 NA UTAUT Citation analysis and systematic review
Appendices
341
13 Wu et al. 2011b International Journal of Information Management
136 NA Trust-TAM Meta-analysis
14 Li 2012 Decision Support Systems NA 1996-2011 Online information privacy
Systematic review
15 Zhang,Zhou and Liu
2012 Computers in Human Behavior 58 2002-2010 Mobile Commerce
Meta-analysis
Appendices
342
Appendix 3.2: Studies According to Publications Distribution
Journal/Conference Name No. % Information & Management 14 11.9 Decision Support Systems 12 10.2 IS/IT Conference 10 8.5 Computers in Human Behavior 10 8.5 Electronic Commerce Research and Applications 7 5.9 MIS Quarterly 5 4.2 Journal of Management Information Systems 5 4.2 Int. J. Human-Computer Studies 5 4.2 Journal of the Association for Information Systems 4 3.4 Information Systems Research 4 3.4 Journal of the American Society for Information Science and Technology 4 3.4 Journal of Strategic Information Systems 4 3.4 International Journal of Electronic Commerce 4 3.4 Behaviour & Information Technology 3 2.5 Communications of the Association for Information Systems 4 3.4 Journal of Information Technology 3 2.5 Journal of Business Research 3 2.5 European Journal of Information Systems 2 1.7 Information and Software Technology 2 1.7 Journal of Computer Information Systems 2 1.7 Database for Advances in Information Systems 2 1.7 Communications of the ACM 1 0.8 Computer Standards & Interfaces 1 0.8 Journal of High Technology Management Research 1 0.8 Internet research 1 0.8 Journal of Economic Development, Management, IT, Finance and Marketing 1 0.8 Information Technology, Learning, and Performance Journal 1 0.8 Technological Forecasting & Social Change 1 0.8 Scandinavian Journal of Information Systems `1 0.8 Journal of Computer-Mediated Communication 1 0.8 Tsinghua Science & Technology 1 0.8
Total 118 100
Appendices
343
Appendix 5: Prevalent Common Method Bias (CMB) Techniques
According to Chin Thatcher and Wright (2012, p.A2), the following table summarizes and
reviews common method bias techniques:
Technique Descriptions Limitations Literature
Harman’s Single-Factor Test
Load all the items into an exploratory factor analysis and examines the unrotated solution. If CMB is present a single-factor will emerge from the factor analysis.
Does not control for method effects. It is unlikely a single factor will emerge from the data.
(Podsakoff, MacKenzie & Lee 2003)
Partial Correlation Technique
Technique used to control for effects of method variance. There are several variations but typically a factor with a specific meaning (e.g., social desirability) is used to partial CMB.
Assumes the CMB is only shared with the predictor factor and the dependent factor. Also, prevents examining the effects of the relative impact of distinct antecedents.
(Podsakoff, MacKenzie & Lee 2003)
Multitrait- Multimethod (MMTM)
Procedure whereby multiple methods are used to evaluate CMB by comparing the convergent and discriminant properties of the construct using a matrix.
MTMM requires several methods to collect data. It is more of a procedure than a statistical technique.
(Shadish, Cook & Campbel 2002)
Correlation Marker Technique
Controlling for CMB by partialing out the shared variance in correlations. A marker variable is best chosen a priori based on it being theoretically unrelated to the nomological network. Similar to other variables this marker variable may be contaminated by CMB.
Typically used post hoc and often concludes no CMB.
(Lindell and Whitney 2001; Richardson, Simmering & Sturman 2009; Williams, Hartman & Cavazotte 2010)
CFA Marker Technique
Adapted from the correlation marker technique for use in covariance based SEM whereby a theoretically unrelated marker construct is used to model CMB with paths to each of its own unique indicators as well as paths to the other constructs in the nomological network. The shared variance between the marker and the other constructs is representative of CMB.
Relatively underutilized and unproven.
(Lindell & Whitney 2001; Richardson, Simmering & Sturman 2009; Williams et al. 2010)
Unmeasured Latent Marker Construct (ULMC)
A latent variable used to represent and partial out the CMB. This variable is an aggregate of all manifest variables used in the study with no unique observed indictors
Does not accurately detect common method bias in PLS.
(Liang et al. 2007; Podsakoff, MacKenzie & Lee 2003; Richardson, Simmering & Sturman 2009)
Source: Chin Thatcher & Wright 2012, p.A2
Appendices
344
Appendix 6.1: Initial Questionnaire Draft and Expert Form
Factors Affecting User Adoption of Identity Management Systems: An Empirical Study
Thank you for agreeing in participating in this phase of my research.
The goal of this stage is to develop categories of individual perceptions of the factors that influence the adoption of Web-based Identity Management Systems (IdMS). It aims to confirm the face validity of the questions and items as well as give feedback on the introduction. We ask you to to complete the instrument and then comment on matters such as clarity, length, wording, flow, and timing. Please point out items that you found to be improved. Please tick on the ’problem indicator box’ “□” located on the right of each question if you perceive a potential problem. Space (text box) is provided below each question for notes and suggestions about suspected problems.
Thank you for contributing to this phase of my research.
*Please complete this form, save the changes and kindly email it back to: [email protected]
Introduction
Identity Management Systems (IdMS) are services available on the Web that enable you to create and manage your online identity. In the offline world you carry multiple forms of identification in your wallet, such as driver's licence, health insurance card, credit cards, affinity cards such as frequent flyer and loyalty cards. Similarly IdMS enable you to create a number of digital cards which you use to identify yourself with Web services that accept them. Every day Web transactions become easier, faster and safer: login, payment, form filling and information sharing. With IdMS you do not need to manage multiple usernames and passwords.
IdMS - like the Web itself - are open, neutral industry standard for safer digital identity supported by some of the world’s largest companies.
The information that you provide and manage for an IdMS can include: your name; address; phone numbers; e-mail address; birth date; gender and a web site specific key for each site where you may use the card to identify yourself.
Examples of IdMS including: password-management tools and software, Microsoft Passport, OpenID, InformationCard (CardSpace), Facebook Connect, etc.
Feedback
Part1: Usage, Experience and Influence
Appendices
345
1. How long have you been using the Internet? □ o less than 1 year o between 1 and 3 years o between 4 and 7 years o between 8 and 10 years o 10 years or more
2. Approximately, how many hours per week you use each of the following online services and applications: □
Do not use
<1 h
1 - 4 h
4 - 10 h
10 - 30 h
30 - 60 h
>60 h
Internet
Online shopping
Online payment *If you use the online shopping/payment service:
Which of the following online payments methods do you use? □ O Credit Card O PayPal O Online banking O Others: specify _____
3. I often disclose my personal information and access my online data for: □
O Non-financial transactions O Financial transactions
4. Have you used any identity management service or technology (e.g. single sign-on system)?
O Yes O No □
If so which one? ____________
Appendices
346
5. How would you rate your knowledge of IdMS? □
o know nothing o little knowledgeable o somewhat knowledgeable o knowledgeable o very knowledgeable
6. Do you know anyone who is using an identity management system? O Yes O No □
If Yes What percentage of the people you know are using an identity management system? ____ %
----------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------------
Part2: Behaviour Intentions
Please indicate to what extent you agree with the following statements:
Intention to use (1-3); intention to disclose identity information (4-8)
Strongly disagree
Disagree Somewhat disagree
Neutral Somewhat agree
Agree Strongly agree
1. I will definitely consider using an IdMS
O O O O O O O □
2. I predict I would use an IdMS to manage my online identity.
O O O O O O O □
3. I am willing to use an IdMS in the future.
O O O O O O O □
4. I would not hesitate to provide my identity information to an online service provider.
O O O O O O O □
5. It is important to me to protect my online identity.
O O O O O O O □
6. I am concerned with the consequences of sharing my identity information online.
O O O O O O O □
7. I am likely to share my identity information online in the future.
O O O O O O O □
8. I believe my identity information is well-protected online.
O O O O O O O □
---------------------------------------------------------------------------------------------------------------------------------------------
Appendices
347
Part 3: Technology perceptions
Please indicate to what extent you agree with the following statements:
Perceived usefulness (1-5); Perceived ease of use (6-10)
Strongly disagree
disagree Somewhat disagree
Neutral Somewhat agree
Agree Strongly agree
1. If I were to adopt an IdMS, it would enable me to improve the ability of managing my online identity in online transactions.
O O O O O O O □
2. If I were to adopt an IdMS, it would enhance my efficiency managing my online identity.
O O O O O O O □
3. If I were to adopt an IdMS, managing and controlling my online identity would improve.
O O O O O O O □
4. If I were to adopt an IdMS, it would make managing of my online identity easier.
O O O O O O O □
5 Overall, it will be useful using an IdMS.
O O O O O O O □
6. Learning how to use an IdMS would be easy for me.
O O O O O O O □
7. I will find using an IdMS easy for me. O O O O O O O □8. It will be easy to manage and control my online identity using an IdMS.
O O O O O O O □
9. I will be skillful in using an IdMS. O O O O O O O □10. Overall, it will be easy to use an IdMS.
O O O O O O O □
----------------------------------------------------------------------------------------------------------------
Part 4: Risk Perceptions
Please indicate to what extent you agree with the following statements:
Strongly disagree
disagree Somewhat disagree
Neutral Somewhat
agree Agree
Strongly agree
1. Using an IdMS to manage and control my online identity would be risky.
O O O O O O O □
2. Using an IdMS subjects my online identity to potential fraud.
O O O O O O O □
3. Using an IdMS would add great uncertainty to my online transactions.
O O O O O O O □
4.Using an IdMS exposes me to an overall risk O O O O O O O □
Part 5: Trust
Appendices
348
Part 5: Trust
Please indicate to what extent you agree with the following statements:
Strongly disagree
disagree Somewhat disagree
Neutral Somewhat
agree Agree
Strongly agree
Trust in Identity Management System Providers Competence (1-4); Integrity (5-8); Benevolence (9-11).
1. IdMS providers are competent and effective in managing my online identity.
O O O O O O O □
2. IdMS providers would perform its role of managing my online identity very well.
O O O O O O O □
3. Overall, IdMS providers would be a capable and proficient Internet online identity provider.
O O O O O O O □
4. In general, IdMS providers are very knowledgeable about the online identity.
O O O O O O O □
5. IdMS providers are truthful in their dealings with me.
O O O O O O O □
6. I would characterize IdMS providers as honest.
O O O O O O O □
7. IdMS providers keep their commitments.
O O O O O O O □
8. IdMS providers would be sincere and genuine.
O O O O O O O □
9. I believe that IdMS providers would act in my best interest.
O O O O O O O □
10. If I required help, IdMS providers do their best to help me.
O O O O O O O □
11. IdMS providers are/would be interested in my well-being, not just their own.
O O O O O O O □
Trust in Identity Management System Artifact Competence (1-4); Integrity (5-8); Benevolence (9-11).
1. An IdMS would be competent and effective in managing my online identity.
O O O O O O O □
2. An IdMS would perform its role of managing my online identity very well.
O O O O O O O □
3. Overall, an IdMS would be a capable and proficient Internet online identity provider.
O O O O O O O □
4. In general, an IdMS would be very knowledgeable about the online identity.
O O O O O O O □
5. An IdMS would be truthful in its dealings with me.
O O O O O O O □
6. I would characterize an IdMS as honest.
O O O O O O O □
7. An IdMS would keep its commitments.
O O O O O O O □
8. An IdMS would be sincere and genuine.
O O O O O O O □
9. I believe that an IdMS would act in my best interest.
O O O O O O O □
10. If I required help, an IdMS would do its best to help me.
O O O O O O O □
11. An IdMS would be interested in my well-being, not just its own.
O O O O O O O □
Appendices
349
Trust in Internet Situational Normality- Benevolence(1-3); Integrity (4-6); Competence (7-9);
1. I feel that most Internet providers would act in a customers’ best interest.
O O O O O O O □
2. If a customer required help, most Internet providers would do their best to help.
O O O O O O O □
3. Most Internet providers are interested in customer well-being, not just their own wellbeing.
O O O O O O O □
4. I am comfortable relying on Internet providers to meet their obligations.
O O O O O O O □
5. I feel fine doing different transactions including business on the Internet since Internet providers generally fulfill their agreements.
O O O O O O O
□
6. I always feel confident that I can rely on Internet providers to do their part when I interact with them.
O O O O O O O □
7. In general, most Internet providers are competent at serving their customers.
O O O O O O O □
8. Most Internet providers do a capable job at meeting customer needs.
O O O O O O O □
9. I feel that most Internet providers are good at what they do.
O O O O O O O □
Trust in Internet Structural Assurance
1. The Internet has enough safeguards to make me feel comfortable using it to perform different transactions.
O O O O O O O □
2. I feel assured that legal and technological structures adequately protect me from problems on the Internet.
O O O O O O O
□
3. I feel confident that encryption and other technological advances on the Internet make it safe for me to do transaction there.
O O O O O O O
□
4. In general, the Internet is now a robust and safe environment in which to perform online transactions.
O O O O O O O □
---------------------------------------------------------------------------------------------------------------------------------------------
Appendices
350
Part 6: Privacy Concerns
Please indicate to what extent you agree with the following statements:
Collection(1-4);Error(5-7); Secondary Use(8-10); Improper Access(11,12); Control(13,14); Awareness (15-18);Choice(19-21).
Strongly disagree
disagree Somewhat disagree
Neutral Somewhat
agree Agree
Strongly agree
1. It bothers me when an online service provider asks me for identity information.
O O O O O O O □
2. When an online service provider asks me for identity information, I sometimes think twice before providing it.
O O O O O O O □
3. It bothers me to give my identity information to so many online service providers.
O O O O O O O □
4. I'm concerned that online service providers are collecting too much identity information about me.
O O O O O O O □
5. IdMS providers should take more steps to make sure that the identity information in their files is accurate.
O O O O O O O □
6. IdMS providers should have better procedures to correct errors in identity information.
O O O O O O O □
7. IdMS providers should devote more time and effort to verifying the accuracy of the identity information in their databases.
O O O O O O O □
8. When people give identity information to an IdMS provider, the provider should never use the information for any other reason.
O O O O O O O □
9. IdMS providers should never sell the identity information in their databases to other companies.
O O O O O O O □
10. IdMS providers should never share identity information with other companies unless it has been authorized by the individuals who provided the information.
O O O O O O O □
11. IdMS providers should devote more time and effort to preventing unauthorized access to identity information.
O O O O O O O □
12. IdMS should take more steps to make sure that unauthorized people cannot access identity information in their computers databases.
O O O O O O O □
13. Consumer online privacy is really a matter of consumers’ right to exercise control and autonomy over decisions about how their information is collected, used and shared.
O O O O O O O □
14. I believe that online privacy is invaded when control is lost or unwillingly reduced as a result of an online transaction.
O O O O O O O □
15. IdMS providers should disclose the way the data are collected, processed,
O O O O O O O □
Appendices
351
and used.
16. It is very important to be aware and be knowledgeable about how my identity information will be used.
O O O O O O O □
17. IdMS providers should explain why they would collect identity information.
O O O O O O O □
18. IdMS providers should explain how they would use the information collected about me.
O O O O O O O □
19. IdMS providers should give me a clear choice before disclosing identity information about me to third parties.
O O O O O O O □
20. IdMS providers have a mechanism to review and change incorrect identity information.
O O O O O O O □
21. IdMS should give me a choice to alter and delete my online identity.
O O O O O O O □
---------------------------------------------------------------------------------------------------------------------------------------------
Part 7: Attitudes toward IdMS
Please indicate to what extent do you agree with the following statements:
IdMS Task (1, 2 ,3,4,5) ; IdMS functions(6,7,8,9,10,11,12,13,14,15,16)
Strongly disagree
Disagree Somewhat disagree
Neutral Somewhat agree
Agree Strongly agree
1. By using an IdMS I can create my online identity.
O O O O O O O □
2. By using an IdMS I can update my online identity.
O O O O O O O □
3. By using an IdMS I can delete my online identity.
O O O O O O O □
4. By using an IdMS I can control my online identity.
O O O O O O O □
5. By using an IdMS I have complete choice over what a particular online identity I release to a particular online service provider.
O O O O O O O □
6. By using an IdMS I would avoid going to an agency (such as bank) to update my identity information.
O O O O O O O □
7. By using and IdMS I would control and manage my online identity anytime and anywhere.
O O O O O O O □
8. By using and IdMS I can identify myself online.
O O O O O O O □
9. By using and IdMS getting authentication to access my online identity would be easy.
O O O O O O O □
10. By using and IdMS getting authorization to access my online identity would be easy.
O O O O O O O □
11. By using an IdMS I would gain access to multiple resources.
O O O O O O O □
Appendices
352
12. By using an IdMS I would register and enrol myself to multiple service providers.
O O O O O O O □
13. By using and IdMS I would disclose the least amount and type of identity information.
O O O O O O O □
14. IdMS would enable my online identity to be used by systems based on different technologies.
O O O O O O O □
15. I can use IdMS in different operating systems with multiple Internet browsers.
O O O O O O O □
16. IdMS would provide a consistent user experience for the management of identity information.
O O O O O O O □
----------------------------------------------------------------------------------------------------------------
Part8: Situational Variables
Please indicate to what extent you agree with the following statements:
Facilitating Conditions (1-4); Cost (5-7)
Strongly disagree
Disagree Somewhat disagree
Neutral Somewhat
agree Agree
Strongly agree
1. I can easily access the Internet.
O O O O O O O □
2. I am confident about using the Internet.
O O O O O O O □
3. I have the resources necessary to use an IdMS.
O O O O O O O □
4. I have the knowledge necessary to use an IdMS.
O O O O O O O □
5. I think the implementation cost of using an IdMS is high.
O O O O O O O □
6. I think the access cost of using an IdMS is high.
O O O O O O O □
7. I think the transaction fee for using an IdMS is high.
O O O O O O O □
---------------------------------------------------------------------------------------------------------------------
Appendices
353
Part9: Demographic Information
Age: O 18-30 O 31 -40 O 41-50 O 51-60 O >60 □
Sex: O Female O Male □
Education: O High school O Certificate or Diploma O Bachelor’s Degree O Master’s Degree or higher. □
General comments
Appendices
354
Appendix 6.2: Survey Questionnaire Modification After Expert Panel Feedback The following table lists the changes that were added to, deleted or modified in the questionnaire in the expert panel review phase.
Part/Construct Statement/item Action Reason Introduction “If a user subscribes to an identity management service, they can
access web sites affiliated with the identity management service. The user can manage their identity information among various web sites in an integrated way through this service.”
Added How the IdMS work provides more background and features about IdMS.
Information disclosure
I often disclose my personal information and access my online data for:
o Non-financial transactions o Financial transactions
How often do you disclose your personal information online for non-financial transactions? How often do you disclose your personal information online for financial transactions?
Modified Added Added
The respondents may disclose his/her personal information for both transactions. In addition, “access my online data” was deleted because it could be interpreted in many different ways by the respondents. For example, an individual could disclose his/her personal information once a year but he/she accesses his/her online data once a week. Therefore, the question was then split into two new questions. Items were developed to be used with a seven-point Likert scale ranging from “never” to “more than once a day.”
IdMS knowledge How would you rate your knowledge of IdMS? Which of the following identity management systems technologies and services are you aware of?
□ Microsoft Passport □ Facebook Connect □ Open ID □ Card Space (Information cards) □ Web Single Sign–on □ Password-management tools and software □ Google ID □ PayPal Access □ Cloud identity management software □ Other. Specify _______
Deleted Added
This question was considered to be vague: it was suggested that a list of familiar Web-based IdMS be added as some respondents would not know what an IdMS was. This list of IdMS was recommended by most of the experts. It was also suggested that “awareness” be asked about instead of “knowledge” in terms of familiarity with the concept. Also, it was suggested that this question be moved and that it be asked before questions about the usage of IdMS.
Appendices
355
How long have you been using an identity management system? Please indicate how often you use the following identity management systems technologies and services? The participants were asked about a list of IdMS services and technologies that they are aware of to qualify the type of IdMS users’ use.
Added Respondents would provide more information to further notify the researcher concerning key characteristics of the sample and adding insights into aspects related to IdMS usage which would enrich the interpretation of the data.
Prior use of IdMS (SSO)
Have you used any identity management system service or technology (e.g. single sign-on system)? “Do you use an identity management system to login to different web services that you use (e.g. using Google ID username and password to log in to multiple websites)?”
Modified Added
The trade-off present in the question caused ambiguity. The question was reworded to improve clarity and to fit the study’s purpose.
Experience What is your overall level of computing expertise? Added This question was suggested to improve the ability of the experience variable to capture variance. It was also recommended that this question be put at the beginning of the survey.
Behavioural intentions
INTU1 : I will definitely consider using an IdMS INTD2: It is important to me to protect my online identity. INDT3: I am concerned with the consequences of sharing my identity information online.
Modified Deleted Deleted
To improve its phrasing and to increase the variance in the responses, this question was modified to read: “I intend to use an IdMS in the future”. These items were deleted as they were redundant and similar to other items.
Perceived usefulness Perceived ease of use
PU4: If I were to adopt an IdMS, managing and controlling my online identity would improve. PEOU5: Overall, it will be easy to use an IdMS.
Deleted Deleted
Similar to other items Similar to other items
Trust TAI4: IdMS providers would be sincere and genuine. TPI4: An IdMS would be sincere and genuine.
Deleted Deleted
Redundant and similar to other items Redundant and similar to other items
Appendices
356
Privacy concerns PAWN1: I'm concerned that online service providers are collecting too much identity information about me. PCOL4: IdMS providers should disclose the way the data are collected, processed and used. PCH3: IdMS should give me a choice to alter and delete my online identity.
Deleted Deleted Deleted
Similar to other items Similarity to other items This item was found to be ambiguous and similar to other questions.
Subjective norms Do you know anyone who is using an identity management system? What percentage of the people do you know who are using an identity management system? SN1: Most people who are important to me will think that I should adopt an IdMS. SN2: Most people who are important to me would recommend using IdMS services and technologies.
Deleted Deleted Added Added
These two questions were perceived as vague and confused. As these would measure subjective norms, it was suggested that two clear items be added. It was recommended that these items be used to measure subjective norms instead of the questions that had been deleted.
Demographics Country Added Most of the panel suggested that participants be asked which country they came from as this information would enhance the interpretation of the data and could be useful in future work.
Appendices
357
Appendix 6.3: The Survey Questionnaire Used in this Study
Appendices
358
Appendices
359
Appendices
360
Appendices
361
Appendices
362
Appendices
363
Appendices
364
Appendices
365
Appendices
366
Appendices
367
Appendix 6.4: Human Ethics Approval
ASB HREA Application 126021 Sent: Friday, 27 April 2012 Dear Mr Alkhalifah and Associate Professor D’Ambra, Title: Factors Effecting User Adoption of Identity Management Systems: An Empirical Study Reference No: 126021 Members of the ASB Research Ethics Advisory Panel have reviewed your application and are satisfied that this project now meets the requirements as set out in the National Statement on Ethical conduct in Human Research. Having taken into account the advice of the Panel, the Deputy Vice-Chancellor (Research) has approved the project to proceed. Please note that this approval in valid for 12 months from the date of this e-letter. Yours sincerely, Professor Gary Monroe Convenor Human Research Ethics Advisory (HREA) Panel Australian School of Business [email protected]
Appendiix 6.5: Loadi
368
ing and Cros
8
s-loading Maatrix (Pilot SStudy)
Appendices
3699
Appendices
Appendices
370
Appendix 7.1: Descriptive and ANOVA Statistics
Factor Full Sample (N=332)
LinkedIn users (N=184)
Facebook users (N=148)
ANOVA
Mean Std.Dev Mean Std.Dev Mean Std.Dev t-value p-value
Cost 5.01 1.07 5.02 1.15 4.99 .96 -.288 .773
Facilitating Conditions
5.25 .95 5.27 .98 5.22 .91 -.479 .632
Fit 27.65 8.96 27.56 9.41 27.76 8.39 .212 .832
Information Disclosure
3.44 1.07 3.43 1.06 3.46 1.10 .224 .823
Intention to Disclose Identity Information
5.08 1.01 5.04 1.03 5.12 .99 .753 .452
Intention to Use
5.17 .96 5.16 1.03 5.18 .86 .279 .780
Perceived Ease of Use
5.41 .86 5.43 .92 5.39 .78 .173 .863
Privacy Concerns
5.22 .84 5.24 .87 5.19 .81 -.506 .613
Perceived Usefulness
5.23 1.00 5.22 1.06 5.24 .91 -.436 .663
Perceived Risk 4.38 1.38 4.41 1.43 4.35 1.32 -.425 .671
Subjective Norms
4.72 1.37 4.73 1.29 4.71 1.48 -.140 .889
Task Characteristics
5.15 .97 5.12 1.00 5.20 .92 .349 .727
Technology Characteristics
5.21 .92 5.20 .99 5.23 .84 .825 .410
Trusting Beliefs
5.18 .83 5.15 .89 5.22 .74 .827 .409
Trust in Internet
5.06 .90 5.04 .95 5.09 .82 .547 .585
Note: All structural model variables are mean grouped based on their mean items.
Appendiix 7.2: Loadi
371
ng and Cross
1
s-loading Maatrix (Main SStudy)
Appendices
3722
Appendices
Appendices
373
Appendix 7.3: Items and Convergent Validity for Fit Construct
Item Source of Item Mean Std.Dev Loading Std.Err t-value
FIT1 TASK1*TECH1 27.24 10.924 0.874 0.013 69.350
FIT2 TASK1*TECH2 28.69 11.460 0.874 0.013 69.439
FIT3 TASK1*TECH3 28.57 11.282 0.866 0.014 63.472
FIT4 TASK1*TECH7 28.02 11.277 0.888 0.011 80.863
FIT5 TASK1*TECH8 27.15 10.647 0.866 0.012 72.703
FIT6 TASK1*TECH9 27.96 10.428 0.877 0.010 84.374
FIT7 TASK1*TECH10 29.36 10.608 0.896 0.010 91.465
FIT8 TASK2*TECH1 25.82 9.551 0.855 0.016 53.317
FIT9 TASK2*TECH2 27.19 10.053 0.852 0.015 56.974
FIT10 TASK2*TECH3 27.07 9.782 0.849 0.017 49.139
FIT11 TASK2*TECH7 26.62 9.961 0.857 0.015 55.609
FIT12 TASK2*TECH8 25.79 9.168 0.847 0.016 52.475
FIT13 TASK2*TECH9 26.56 8.886 0.857 0.014 61.344
FIT14 TASK2*TECH10 27.90 9.144 0.872 0.015 59.853
FIT15 TASK3*TECH1 26.64 10.173 0.870 0.012 70.272
FIT16 TASK3*TECH2 28.07 11.246 0.853 0.013 65.185
FIT17 TASK3*TECH3 27.87 10.713 0.870 0.014 64.534
FIT18 TASK3*TECH7 27.49 10.966 0.863 0.012 70.204
FIT19 TASK3*TECH8 26.64 9.993 0.853 0.014 61.944
FIT20 TASK1*TECH9 27.52 10.084 0.838 0.017 50.370
FIT21 TASK3*TECH10 28.94 10.499 0.843 0.014 61.403
FIT22 TASK4*TECH1 27.01 10.371 0.857 0.015 56.938
FIT23 TASK4*TECH2 28.17 10.605 0.902 0.010 90.136
FIT24 TASK4*TECH3 28.07 10.551 0.887 0.011 79.484
FIT25 TASK4*TECH7 27.68 10.823 0.884 0.012 75.350
FIT26 TASK4*TECH8 27.00 10.403 0.836 0.017 50.101
FIT27 TASK4*TECH9 27.87 10.403 0.827 0.016 52.161
FIT28 TASK4*TECH10 29.20 10.382 0.859 0.014 62.489
FIT29 TASK5*TECH1 27.35 10.983 0.794 0.020 39.190
FIT30 TASK5*TECH2 28.41 10.865 0.865 0.013 67.175
FIT31 TASK5*TECH3 28.10 10.410 0.889 0.011 78.869
FIT32 TASK5*TECH7 27.71 10.859 0.880 0.013 67.574
FIT33 TASK5*TECH8 26.94 10.054 0.850 0.016 53.491
FIT34 TASK5*TECH9 27.81 10.175 0.840 0.015 55.270
FIT35 TASK5*TECH10 29.30 10.533 0.837 0.017 50.360
Related Documents
