**5. Validation through the industry**

Through the creation of the framework, its adequacy was repeatedly validated using strategies associated to the application of the action-research methodology. Specifically, the validation was ascertained through the realization of an expert panel and the application of case studies. These are detailed in remainder of this section.

#### **5.1 Expert panel**

An expert panel was held in collaboration with five experts from the PSDC that consisted of four sessions with the aim of ascertaining their perceptions regarding an initial draft of the framework, so that it was more adequate to the real requirements observed in a software development environment. The activities during every session of the expert panel are described next.

### *5.1.1 Presentation of the initial draft of the framework*

The first session consisted on the presentation of the initial draft of the framework, with the purpose of helping the experts to have a general notion of the aim of this research.

#### *5.1.2 Validation of comparison and selection criteria*

The preliminary list of criteria, their categorization, their values, and their weights were presented to the experts for their validation. This allowed to discard the least adequate ones and to generalize those that were too specific for the needs of a software development team.

## *5.1.3 Validation of the considered contexts*

The contexts considered by the framework were presented to the experts. Similarly to the previous session, this allowed to make the appropriate modifications to the currently selected contexts. Additionally, the SUV was presented to the experts, who generally agreed to the adequacy of its use.

#### *5.1.4 Validation of the framework's recommendations*

The authentication schemes and methods recommended for every situation were presented to the experts. This allowed to ascertain the adequacy of every recommendation. The experts were generally in agreement with the recommendations.

#### **5.2 Case studies**

After its construction, the validation of the framework's recommendations was realized through the application of a case study methodology in collaboration with *Multifactor Authentication Methods: A Framework for Their Comparison and Selection DOI: http://dx.doi.org/10.5772/intechopen.89876*

the PSDC. Specifically, the framework's recommendations were compared with the authentication schemes or methods implemented in existing applications developed by the PSDC or with the recommendations that their experts would give for hypothetical situations. The case studies are described in detail in [26]. Next, a brief summary of their application is provided.

The case studies are split in three categories: (i) those that were realized by comparing the framework's recommendation against the implemented scheme or method on an existing application, (ii) those that were realized by comparing the framework's recommendation against the recommendations given by experts for hypothetical applications, and (iii) those that were realized by comparing the framework's recommendation against the implemented scheme or method on an existing application and also against the recommendation given by experts for hypothetical applications with nearly the same features as the existing ones. These case studies are presented in **Tables 11–13**, respectively, presenting the implemented scheme or method in the existing application, the framework's recommendation, the most recommended scheme or method by the experts, and the acceptance rate of the framework's recommendation, as appropriate.

In general, the results of the case studies are favorable for the framework. It is important to mention that, where discrepancies are observed, there was often a reasoning behind them. For example, for case study 3 (existing application), the implemented scheme was demanded by the client and not selected by the software development team.


#### **Table 11.**

The tool prototype also has additional features that facilitate its use in software development companies. Specifically, it has a user registration feature which allows maintaining a registry of its usage and a functionality for adapting its preferences

Through the creation of the framework, its adequacy was repeatedly validated using strategies associated to the application of the action-research methodology. Specifically, the validation was ascertained through the realization of an expert panel and the application of case studies. These are detailed in remainder of this

An expert panel was held in collaboration with five experts from the PSDC that consisted of four sessions with the aim of ascertaining their perceptions regarding an initial draft of the framework, so that it was more adequate to the real requirements observed in a software development environment. The activities during

The first session consisted on the presentation of the initial draft of the framework, with the purpose of helping the experts to have a general notion of the aim of

The preliminary list of criteria, their categorization, their values, and their weights were presented to the experts for their validation. This allowed to discard the least adequate ones and to generalize those that were too specific for the needs

The contexts considered by the framework were presented to the experts. Similarly to the previous session, this allowed to make the appropriate modifications to the currently selected contexts. Additionally, the SUV was presented to the experts,

The authentication schemes and methods recommended for every situation were presented to the experts. This allowed to ascertain the adequacy of every recommendation. The experts were generally in agreement with the recommenda-

After its construction, the validation of the framework's recommendations was realized through the application of a case study methodology in collaboration with

based on the software development company's needs.

every session of the expert panel are described next.

*5.1.1 Presentation of the initial draft of the framework*

*5.1.2 Validation of comparison and selection criteria*

of a software development team.

*5.1.3 Validation of the considered contexts*

who generally agreed to the adequacy of its use.

*5.1.4 Validation of the framework's recommendations*

**5. Validation through the industry**

*Computer and Network Security*

section.

**5.1 Expert panel**

this research.

tions.

**100**

**5.2 Case studies**

*Case studies based on existing applications.*


#### **Table 12.**

*Case studies based on hypothetical applications.*


#### **Table 13.**

*Case studies based on existing applications with a hypothetical counterpart.*
