Skip to main content
Log in

Users’ willingness to pay for web identity management systems

  • Empirical Research
  • Published:
European Journal of Information Systems

Abstract

Electronic services such as virtual communities or electronic commerce demand user authentication. Several more or less successful federated identity management systems have emerged to support authentication across diverse service domains in recent years. In this paper, we explore the determinants for success and failure of such systems with a focus on Germany representing one of the largest markets in Europe. To achieve this goal, we analyze the preferences and willingness to pay of prospective users by conducting a choice-based conjoint analysis. Our results indicate that users prefer simple systems where an intermediary takes care of their data. An additional market analyses confirms these findings and contradicts the assumptions of many researchers, especially in the fields of engineering and computer science, supporting systems with higher and higher levels of privacy and security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1

Similar content being viewed by others

Notes

  1. Because of the different study setup, the reasons for which are given in (2) and (3), we cannot directly compare our results with those of Mueller and colleagues. Our findings only represent the German case.

  2. Translated from German.

References

  • Acquisti A (2008) Identity management, privacy and price discrimination. IEEE Security & Privacy 6 (2), 46–50.

    Article  Google Scholar 

  • ARD; ZDF. (2010) ARD – ZDF – onlinestudie: Internetnutzer in Prozent. [WWW document] http://www.ard-zdf-onlinestudie.de/index.php?id=onlinenutzungprozen (accessed 20 December 2010).

  • Auty S (1995) Using conjoint analysis in industrial marketing: the role of judgement. Industrial Marketing Management 24 (3), 191–206.

    Article  Google Scholar 

  • Backhouse J, Hsu C and McDonnell A (2003) Toward public-key infrastructure interoperability: lessons from an information security standard accreditation scheme. Communications of the ACM 46 (6), 98–100.

    Article  Google Scholar 

  • Bakos Y (1991) Information links and electronic marketplaces: the role of interorganizational information systems in vertical markets. Journal of Management Information Systems 8 (2), 31–52.

    Article  Google Scholar 

  • Barker RM, Dos Santos BL, Holsapple CW, Wagner WP and Wright AL (2007) Tools for building information systems. In Handbook of Industrial Engineering: Technology and Operations Management, Third Edition (Salvendy G, Ed), pp 65–109, John Wiley & Sons, Inc, Hoboken, NJ.

    Google Scholar 

  • Berendt B, Günther O and Spiekermann S (2005) Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM 48 (4), 101–106.

    Article  Google Scholar 

  • Bhatti R, Bertino E and Ghafoor A (2007) An integrated approach to federated identity and privilege management in open systems. Communications of the ACM 50 (2), 81–87.

    Article  Google Scholar 

  • BITKOM. (2011) Datenschutz im Internet. Whitepaper, BITKOM, Berlin. Available from [WWW document] http://www.bitkom.org/files/documents/BITKOM_Publikation_Datenschutz_im_Internet.pdf.

  • Boyd D (2008) Facebook’s privacy trainwreck: exposure, invasion, and social convergence. Convergence: The International Journal of Research into New Media Technologies 14 (1), 13–20.

    Google Scholar 

  • Brazell JD, Diener CG, Karniouchina E, Moore WL, Séverin V and Uldry P (2006) The no-choice option and dual response choice designs. Marketing Letters 17 (4), 255–268.

    Article  Google Scholar 

  • Burgess L (2007) Discrete Choice Experiments (Computer Software), Department of Mathematical Sciences, University of Technology, Sydney. Available from [WWW document] http://crsu.science.uts.edu.au/choice/.

  • Camenisch J and Van Herreweghen E (2002) Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security (ACM CCS'02) (Atluri V, Ed), pp 21–30, ACM, Washington, D.C.

    Chapter  Google Scholar 

  • Cameron K (2006) Windows live ID whitepaper. [WWW document] http://www.identityblog.com/?p=509 (accessed 19 September 2013).

  • Cameron K and Jones MB (2007) Design rationale behind the identity metasystem architecture. In ISSE/SECURE 2007 Securing Electronic Business Processes (Pohlmann N, Reimer H and Schneider W, Eds), pp 117–129, Vieweg+Teubner, Wiesbaden.

    Chapter  Google Scholar 

  • Chapman CN, Love E and Alford JL (2008) Quantitative early-phase user research methods: hard data for initial product design. In Proceedings of the 41st Hawaii International Conference on System Sciences. 37. IEEE (Sprague RH, Ed) IEEE, Waikoloa, HI.

    Google Scholar 

  • Childers TL (1986) Assessment of the psychometric properties of an opinion leadership scale. Journal of Marketing Research 23 (2), 184–188.

    Article  Google Scholar 

  • Cloninger CR (1994) The Temperament and Character Inventory (TCI): A Guide to its Development and Use. Center for Psychobiology of Personality, Washington University, St. Louis, MO.

    Google Scholar 

  • Costa PT and McCrae RR (1992) Revised NEO Personality Inventory (NEO-PI-R) and NEO Five-Factor Inventory (NEO-FFI) Professional Manual. Psychological Assessment Resources, Odessa, FL.

    Google Scholar 

  • CrowdVine. (2009) OpenID: CrowdVine blog [WWW document] http://blog.crowdvine.com/tag/openid/ (accessed 16 october 2009).

  • Cummings R and Taylor L (1999) Unbiased value estimates for environmental goods: a cheap talk design for the contingent valuation method. American Economic Review 89 (3), 649–665.

    Article  Google Scholar 

  • Day J and Venkataramanan M (2006) Profitability in product line pricing and composition with manufacturing commonalities. European Journal of Operations Research 175 (3), 1782–1797.

    Article  Google Scholar 

  • De Clerq J (2002) Single sign-on architectures. In Infrastructure Security. (Davida G, Frankel Y and Rees O, Eds), pp 40–58, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Dhamija R and Dusseault L (2008) The seven flaws of identity management: usability and security challenges. IEEE Security & Privacy 6 (2), 24–29.

    Article  Google Scholar 

  • Dinev T, Xu H, Smith JH and Hart P (2013) Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts. European Journal of Information Systems 22 (3), 295–316.

    Article  Google Scholar 

  • European Commission. (2011) SPECIAL EUROBAROMETER 359 – Attitudes on Data Protection and Electronic Identity in the European Union. Wave 74.3. TNS Opinion & Social [WWW document] http://ec.europa.eu/public_opinion/archives/ebs/ebs_359_en.pdf (accessed 19 September 2013).

  • Evans D (2003) Some empirical aspects of multi-sided platform industries. Review of Network Economics 2 (3), 191–209.

    Article  Google Scholar 

  • Facebook for web developers. (2012) Facebook for websites. [WWW document] https://developers.facebook.com/docs/web/ (accessed 19 September 2013).

  • Fu K, Sit E, Smith K and Feamster N (2001) Dos and don’ts of client authentication on the web. In Proceedings of the 10th Conference on USENIX Security Symposium (Wallach DL, Ed), USENIX Association, Washington DC.

    Google Scholar 

  • Gajek S, Schwenk J, Steiner M and Xuan C (2009) Risks of the cardspace protocol. In Information Security (Samarati P, Yung M, Martinelli F and Ardagna C, Eds), pp 278–293, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Gelman A, Carlin JB and Hal SS (2004) Bayesian Data Analysis. Chapman & Hall/CRC, Boca Raton.

    Google Scholar 

  • Gensler S, Hinz O, Skiera B and Theysohn S (2012) Willingness-to-pay estimation with choice-based conjoint analysis: addressing extreme response behavior with individually adapted designs. European Journal of Operational Research 219 (2), 368–378.

    Article  Google Scholar 

  • Green PE and Krieger AM (1991) Segmenting markets with conjoint analysis. The Journal of Marketing 55 (4), 20–31.

    Article  Google Scholar 

  • Greenwald S, Olthoff K, Raskin V and Ruch W (2004) The user non-acceptance paradigm: INFOSEC’s dirty little secret. In Proceedings of the 2004 Workshop on New Security Paradigms (Hempelmann C and Raskin V, Eds), pp 35–43, ACM, Nova Scotia.

    Google Scholar 

  • Haeusel HG (2000) Der Umgang mit Geld und Gut in seiner Beziehung zum Alter, Dissertation. Technical University of Munich, Munich, Germany.

    Google Scholar 

  • Hansen M, Berlich P, Camenisch J, Clauß S, Pfitzmann A and Waidner M (2004) Privacy enhancing identity management. Information Security Technical Report 9 (1), 35–44.

    Article  Google Scholar 

  • Hinz O, Hann IH and Spann M (2011) Price discrimination in e-commerce? An examination of dynamic pricing in name-your-own-price markets. Management Information Systems Quarterly 35 (1), 81–98.

    Google Scholar 

  • Hornung G and Schnabel C (2009) Data protection in Germany I: the population census decision and the right to informational self-determination. Computer Law & Security Review 25 (1), 84–88.

    Article  Google Scholar 

  • Hühnlein D, Roßnagel H and Zibuschka J (2010) Diffusion of federated identity management. In Sicherheit 2010 (Freiling FC, Ed), pp 25–36, Köllen Druck+Verlag, Bonn.

    Google Scholar 

  • Ives B, Walsh KR and Schneider H (2004) The domino effect of password reuse. Communications of the ACM 47 (4), 75–78.

    Article  Google Scholar 

  • Jackson DN (1994) Jackson Personality Inventory: Revised Manual. Research Psychologists Press, Port Huron.

    Google Scholar 

  • Jøsang A, Zomai M and Suriadi S (2007) Usability and Privacy in Identity Management Architectures. In Proceedings of the fifth Australasian Symposium on ACSW Frontiers (Brankovic L, Coddington PD, Roddick JF, Steketee C, Warren JR and Wendelborn AL, Eds), Australian Computer Society, Ballarat.

    Google Scholar 

  • Karniouchina E, Moore WL, van der Rhee B and Verma R (2009) Issues in the use of ratings-based versus choice-based conjoint analysis in operations management research. European Journal of Operations Research 197 (1), 340–348.

    Article  Google Scholar 

  • Katz ML and Shapiro C (1994) Systems competition and network effects. Journal of Economic Perspectives 8 (2), 93–115.

    Article  Google Scholar 

  • Kohli R and Krishnamurti R (1989) Optimal product design using conjoint analysis: computational complexity and algorithms. European Journal of Operations Research 40 (2), 186–195.

    Article  Google Scholar 

  • Kormann D and Rubin A (2000) Risks of the passport single signon protocol. Computer Networks 33 (1–6), 51–58.

    Article  Google Scholar 

  • Krieger AM and Green PE (1996) Modifying cluster-based segments to enhance agreement with an exogenous response variable. Journal of Marketing Research 33 (3), 351–363.

    Article  Google Scholar 

  • Krolo J, Silic M and Srbljic S (2009) Security of web level user identity management. In MIPRO 2009 – Proceedings of the Information Systems Security (Čišić D, Hutinski Ž, Baranović M, Mauher M and Dragšić V, Eds), Croatian Society for Information and Communication Technology, Electronics and Microelectronics, Opatija.

    Google Scholar 

  • Lancelot Miltgen C and Peyrat-Guillard D (forthcoming) Cultural and generational influences on privacy concerns: a qualitative study in seven European countries. European Journal of Information Systems. advance online publication, 30 July 2013; doi: 10.1057/ejis.2013.17.

  • Landau S and Moore T (2011) Economic tussles in federated identity management. In The Tenth Workshop on Economics of Information Security (WEIS 2011) (Moore T and Friedman A, Eds), George Mason University, Fairfax, VA.

    Google Scholar 

  • Lichtenstein DR, Ridgway NM and Netemeyer RG (1993) Price perceptions and consumer shopping behavior: a field study. Journal of Marketing Research 30 (2), 234–245.

    Article  Google Scholar 

  • Liebermann Y and Stashevsky S (2002) Perceived risks as barriers to internet and e-commerce usage. Qualitative Market Research 5 (4), 291–300.

    Article  Google Scholar 

  • Lopez J, Oppliger R and Pernul G (2004) Authentication and authorization infrastructures (AAIs): a comparative survey. Computers & Security 23 (7), 578–590.

    Article  Google Scholar 

  • Maler E and Reed D (2008) The venn of identity: options and issues in federated identity management. IEEE Security & Privacy 6 (2), 16–23.

    Article  Google Scholar 

  • Mannan M and Van Oorschot PC (2007) Using a personal device to strengthen password authentication from an untrusted computer. In Proceedings of the 11th international Conference on Financial Cryptography and 1st international Conference on Usable Security (Dietrich S and Dhamija R, Eds), pp 88–103, Springer, Scarborough, Trinidad and Tobago.

    Google Scholar 

  • McKnight DH, Choudhury V and Kacmar C (2002) Developing and validating trust measures for e-commerce: an integrative typology. Information Systems Research 13 (3), 334–359.

    Article  Google Scholar 

  • Miller K, Hofstetter R, Krohmer H and Zhang J (2011) How should we measure consumers’ willingness to pay? An empirical comparison of state-of-the-art approaches. Journal of Marketing Research 48 (1), 172–184.

    Article  Google Scholar 

  • Moorthy S, Ratchford B and Talukdar D (1997) Consumer information search revisited: theory and empirical analysis. Journal of Consumer Research 23 (4), 263–277.

    Article  Google Scholar 

  • Mueller ML, Park Y, Lee J and Kim T (2006) Digital identity: how users value the attributes of online identifiers. Information Economics and Policy 18 (4), 405–422.

    Article  Google Scholar 

  • Natter M and Feurstein M (2002) Real world performance of choice-based conjoint models. European Journal of Operations Research 137 (2), 448–458.

    Article  Google Scholar 

  • Neumann PG (1994) Risks of passwords. Communications of the ACM 37 (4), 126.

    Article  Google Scholar 

  • Ozment A and Schechter SE (2006) Bootstrapping the adoption of internet security protocols. In Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 06) (Anderson R, Ed), University of Cambridge, Cambridge.

    Google Scholar 

  • Punj G and Stewart DW (1983) Cluster analysis in marketing research: review and suggestions for application. Journal of Marketing Research 20 (2), 134–148.

    Article  Google Scholar 

  • Recordon D and Reed D (2006) OpenID 2.0: a platform for user-centric identity management. In Proceedings of the second ACM Workshop on Digital Identity Management (Juels A, Ed), pp 11–16, ACM Press, Alexandria, VA.

    Chapter  Google Scholar 

  • Roßnagel H and Lippmann S. (2005) Geschäftsmodelle für signaturgesetzkonforme trust center. In Wirtschaftsinformatik 2005 (Eckert S, Ferstl OK, Isselhorst T and Sinz E, Eds), pp 1167–1186, Physica Verlag, Heidelberg.

    Google Scholar 

  • Roßnagel H (2006) On diffusion and confusion – why electronic signatures have failed. In Trust and Privacy in Digital Business (Fischer-Hübner S, Furnell S and Lambrinoukdakis C, Eds), pp 71–80, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Schläger C, Sojer M, Muschall B and Pernul G (2006) Attribute-based authentication and authorisation infrastructures for e-commerce providers. In E-Commerce and Web Technologies (Bauknecht K, Pröll B and Werthner H, Eds), pp 132–141, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Schwartz A (2011) Identity management and privacy: a rare opportunity to get it right. Communications of the ACM 54 (8), 22–24.

    Article  Google Scholar 

  • Shapiro C and Varian HR (1999) Information Rules: A Strategic Guide to the Network Economy. Harvard Business School Press, Boston, MA.

    Google Scholar 

  • Shostack A and Syverson P (2004) What price privacy? (And why identity theft is about neither identity nor theft). In Economics of Information Security (Camp LJ and Lewis S, Eds), pp 129–142, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Sovis P, Kohlar F and Schwenk J (2010) Security analysis of OpenID. In Sicherheit 2010 Proceedings (Freiling FC, Ed), pp 329–340, Köllen Druck+Verlag, Bonn.

    Google Scholar 

  • Street DJ and Burgess L (2007) The Construction of Optimal Stated Choice Experiments: Theory and Methods. Wiley-Interscience, New Jersey.

    Book  Google Scholar 

  • Tsang PP, Au MH, Kapadia A and Smith SW (2007) Blacklistable anonymous credentials: blocking misbehaving users without TTPs. In Proceedings of the 14th ACM conference on Computer and Communications Security (Ning P, Ed), pp 72–81, ACM Press, Alexandria, VA.

    Google Scholar 

  • Ward JH (1963) Hierarchical grouping to optimize an objective function. Journal of the American Statistical Association 58 (301), 236–244.

    Article  Google Scholar 

  • Whitley EA (2012) On technology neutral policies for e-identity: a critical reflection based on U.K. identity policy. Journal of International Commercial Law and Technology 8 (2), 134–147.

    Google Scholar 

  • Whitley EA and Hosein IR (2008) Doing the politics of technological decision making: due process and the debate about identity cards in the U.K. European Journal of Information Systems 17 (6), 668–677.

    Article  Google Scholar 

  • Wohlgemuth S and Müller G (2006) Privacy with delegation of rights by identity management. In Emerging Trends in Information and Communication Security (Müller G, Ed), pp 175–190, Springer, Berlin, Heidelberg.

    Chapter  Google Scholar 

  • Wu J and Ayalagaytan EA (2013) The role of online seller reviews and product price on buyers’ willingness-to-pay: a risk perspective. European Journal of Information Systems 22 (4), 416–433.

    Article  Google Scholar 

  • Zibuschka J and Roßnagel H (2008) Implementing strong authentication infrastructure interoperability with legacy systems. In Policies and Research in Identity Management (De Leeuw E, Fischer-Hübner S, Tseng J and Borking J, Eds), pp 149–160, Springer, Boston.

    Chapter  Google Scholar 

  • Zibuschka J and Roßnagel H (2012) On some conjectures in it-security: the case for viable security solutions. In Sicherheit 2012 Proceedings (Suri N and Waidner M, Eds), pp 25–33, Köllen Druck+Verlag, Bonn.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Heiko Roßnagel.

Additional information

Supplementary information accompanies this article on the European Journal of Information Systems website (www.palgrave-journals.com/ejis)

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Cite this article

Roßnagel, H., Zibuschka, J., Hinz, O. et al. Users’ willingness to pay for web identity management systems. Eur J Inf Syst 23, 36–50 (2014). https://doi.org/10.1057/ejis.2013.33

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1057/ejis.2013.33

Keywords

Navigation