Wednesday, May 27, 2009

A Mathematical Model for Risk Scaling

We posit that the risk (R) for identity leakage from some authority is proportional to both the volume (V) of identity data held and the surface area (A) by which identity can leak.
Therefore, we can deduce

Figure 1: Risk as function of size

where r is a measure of size as determined by number of users.


We can therefore see that risk scales with the fifth power of size. As an example, an OP with twice as many users as another is 32 times more vulnerable to identity leakage.


This research was made possible by generous financial assistance from TAPPOP (The Association of Pure Play OpenID Providers).

No comments: