Useability: Addressing the click - click - click problem

Issue/Topic: Useability: Addressing the click – click –click problem (T2B)

Convener: Vikas Mahajan

Conference: IIW-East September 9-10, 2010 in Washington DC Complete Set of Notes

Notes-taker(s): Vikas Mahajan

Tags for the session - technology discussed/ideas considered:

Usability

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


 * Discussed the “conditioning” of users to click-through and ignore prompts and security screens. When instructions, warnings, Terms, etc., are constantly prompted for or given to you, they get “tuned out” and ignored because they effectively become a hindrance and stand between you and what it is you are trying to do.


 * It’s therefore important for user-centric identity solutions to avoid introducing barriers between the user what they are trying to do or the security/privacy protections will get ignored


 * Avoid constantly prompting users about what data is to be sent and making them approve it. People EXPECT privacy as part of using the user-centric identity service, but that doesn’t mean they want to be constantly asked or told about it and have to make decisions at each transaction.


 * The organizations participating in the identity “ecosystem” all need to come up with some “agreement” or “bill-of-rights” or something that states all the orgnazations (ID proofers, IDPs, RPs, APs, etc) agree to data they will by default share or have access to, agree to only get the minimum data they need, and delete the data when asked to or when the user no longer belongs to that ecosystem.


 * Consistent User Sign-on experience


 * IT will be important to give users a consistent experience when signing in with user-centric idm ecosystems. IDPs must agree to some common and consistent experience so users can get conditioned to expecting that experience and can intuitively sense when something is different so it raises a concern to them (fraud detection).


 * When users do need to agree to something, highlight those items in bold and make it in “plain English”


 * Use a click box agree system rather than a scroll-through dialogue box since people are likely to blindly scroll through and ignore/bypass the important information.


 * There will be important discussions to be had with web designers, marketing and product developers, since they may want to control the “look-and-feel” of the sign-on process and UI elements, as well as use the user’s data in ways that were not clear to the user


 * Who can lead/drive the usability charge?
 * There are many people and groups interested in this, but no one seems to have stepped forward to say they will lead this effort
 * With such an impass, can the government step in and facilitate? NIST, maybe?