Wednesday, May 27, 2009

A Mathematical Model for Risk Scaling

We posit that the risk (R) for identity leakage from some authority is proportional to both the volume (V) of identity data held and the surface area (A) by which identity can leak.
Therefore, we can deduce

Figure 1: Risk as function of size

where r is a measure of size as determined by number of users.

Conclusions

We can therefore see that risk scales with the fifth power of size. As an example, an OP with twice as many users as another is 32 times more vulnerable to identity leakage.

Acknowledgements

This research was made possible by generous financial assistance from TAPPOP (The Association of Pure Play OpenID Providers).

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)