conferences | speakers | series

Challenges in open, self-sovereign identity

home

Challenges in open, self-sovereign identity
FOSSY 2023

The promise of the Internet was a federation of cooperative services and users around open protocols. Ironically most of the essential services we use today -- including authenticating identity -- rely on large, proprietary, centralized services. Users ought to be able to share messages and files securely with one another without relying an a third party such as Google or Facebook. Ideally we ought to be able to securely authenticate with service providers anonymously in order to truly prevent becoming the product of surveillance capitalism. The traditional X.509 Public Key Infrastructure (PKI) has demonstrated weaknesses due to centralization. Mitigations such as Certificate Transparency only partially address these weaknesses. The Web of trust based on Pretty Good Privacy (PGP) in theory offers a truly decentralized identity solution. However, in practice, broad success of PGP in identity has been stymied by overwhelming complexity, excruciatingly poor user experience design, and difficulty in integrating the required software with popular email providers. There is promising W3C standards work in the areas of Decentralized Identifiers (DIDs) and Verifiable Credentials, yet implementations often depend on proof-of-work based crypto or token exchanges with asymmetric ownership and control. What's more DID resolution (anchoring in non-repudiation framework) is often either closed or left as an exercise for the reader. The purpose of this talk is to highlight the challenges in open source identity and brainstorm approaches which leverage the best parts of the Web of trust and the W3C standards work while preserving the values the FOSS community holds dear.

Speakers: Tom Marble