We posit that the risk (R) for identity leakage from some authority is proportional to both the volume (V) of identity data held and the surface area (A) by which identity can leak.
Therefore, we can deduce
Figure 1: Risk as function of size
where r is a measure of size as determined by number of users.
Conclusions
We can therefore see that risk scales with the fifth power of size. As an example, an OP with twice as many users as another is 32 times more vulnerable to identity leakage.
Acknowledgements
This research was made possible by generous financial assistance from TAPPOP (The Association of Pure Play OpenID Providers).
0 comments:
Post a Comment