General Usability Considerations NIST Special Publication 800-63B
F
EDERATION
A
SSERTIONS
31
T hi
s pub
lic at
ion i s
a v
ai lab
le f re
e of c
har g
e f ro
m : h
ttp s
: d
oi .or
g 10.
6 028
N IS
T.S P
.8 -6
3c
10 Usability Considerations
This section is informative. ISOIEC 9241-11
defines usability as the “extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency and satisfaction in a specified
context of use.” This definition focuses on users, goals, and context of use as key elements necessary for achieving effectiveness, efficiency and satisfaction. A holistic approach
considering these key elements is necessary to achieve usability.
From the usability perspective, one of the major potential benefits of federated identity systems is to address the problem of user fatigue associated with managing multiple authenticators. While
this has historically been a problem with usernames and passwords, the increasing need for users to manage many authenticators — whether physical or digital — presents a usability challenge.
While many other approaches to authentication have been researched extensively and have well- established usability guidelines, federated identity is more nascent and, therefore, lacks the depth
and conclusiveness of research findings. As ongoing usability research matures, usability guidelines for federated identity systems will have stronger supporting data. For example,
additional data is needed to support guidance on the translation of technical attribute names and values into user-friendly language.
As stated in the usability sections in 800-63A and 800-63B, overall user experience is critical to the success of any authentication method. This is especially true for federated identity systems as
federation is a less familiar user interaction paradigm for many users. Users’ prior authentication experiences may influence their expectations.
The overall user experience with federated identity systems should be as smooth and easy as possible. This can be accomplished by following usability standards such as the ISO 25060
series of standards and established best practices for user interaction design.
ASSUMPTIONS In this section, the term “users” means “claimants” or “subscribers.” The terms “entity” and
“entities” refer to the parties of federated systems. Guidelines and considerations are described from the users’ perspective.
Accessibility differs from usability and is out of scope for this volume. Section 508
was enacted to eliminate barriers in information technology and requires federal agencies to make their
electronic and information technology public content accessible to people with disabilities. Refer to Section 508 law and standards for accessibility guidance.