Providing consent to users before sharing personal attributes when using federated/external login is hardly new. Most OpenID implementations provide this, InfoCard standard has/had it and even some SAML implementations do this (e.g., the Danish, Norwegian and Swiss higher education identity federations). What we could not find however is statistically significant studies if users actually want this form of control over their privacy, and if so, how and how much control. We (Ruud Janssen, Dirk-Jan van Dijk, Eefje van de Harst a.o.) did a series of smaller scale user study and then a large-scale pilot for SURFnet for the SURFfederatie (Dutch higher education identity federation) on this subject. The outcome is clear: users DO want consent! Or put differently, even for this specific federation where there is probably an above average amount of trust between parties and users, users still prefer control over their privacy over the hassle of having this. The shortest summary on how and how much control users want is that users want a very simple and basic control, some of the more fancy features we came up with were not really appreciated.
Below I copied the synopsis of the report we wrote on the user studies, design, prototype, pilot and survey (in English), and I uploaded the extended summary (5 pages) to here. The complete report will become available on the SURFnet site, this may take some time and for those that cannot wait, just send me an email.
The SURFfederatie is the identity federation for higher education in the Netherlands. This report describes the outcome of research on providing users of the SURFfederatie with user controlled privacy (informed consent) functionality. Focus point of the research was the user perspective: do users actually want to be bothered with consent functionality, and if so, how to deal with the unavoidable trade-offs in the user interaction between obtrusiveness, fine-grained control and understandability. Users were involved through two small-scale in-depth user studies that were input to the design of user interaction, and through two surveys that were done as part of a large-scale pilot. The outcome of the research is three fold: (1) five guidelines on how to design consent for web-redirect based identity federations (SAML, OpenID), (2) an implementation of these guidelines, and (3) a detailed evaluation by a large number of users of this implementation. The conclusion of the research is that users want to have more control over their privacy in the SURFfederatie, and consider the prototype to be a good add-on to do this.
The report also describes our “5 guidelines for web-based consent” for federated logins, and lot’s of details on the outcome of the user studies which may help others to improve their consent functionality. One of the things we implemented is what we called “timed consent”. We do not provide an “always” option for the consent question, only a “allow once” and “allow for some period”. The reason for not providing an “always” option is that users will forget what they consented to. It is noteworthy that although time consent is feature they appreciate, there was no clear preference by users for how long the period for a timed consent should be.
There also was an article on the research in Novay’s magazine KnowHow (February issue, pages 12 and further), that is easy to read (for Dutch speaking …). There are also earlier reports (in Dutch, see my previous posts https://maarten.wegdam.name/2010/10/08/user-consent-pilot-for-surfnet/ and https://maarten.wegdam.name/2010/03/11/user-centric-saml/) , but for convenience for the readers we summarized these in the new report.