Presented by

  • Tom Marble

    Tom Marble

    Tom Marble is best known for being the first "OpenJDK Ambassador" on the Sun Microsystems core team that open sourced the Java programming language. He continues to apply his community experiences in open source projects and his interest in intellectual property by co-organizing the legal and policy issues track at Europe's largest open source conference, FOSDEM as well as being a member of the Software Freedom Conservancy's Evaluation Committee. Marble is the founder of Informatique, Inc., a consultancy which leverages his hardware, software and legal engineering background for client projects as diverse as Enterprise IoT services, coaching Dojo immersive learning experiences, automated mobile/web testing, autonomous cyber defense, AI prompt engineering, and open source business strategy.


The promise of the Internet was a federation of cooperative services and users around open protocols. Ironically most of the essential services we use today -- including authenticating identity -- rely on large, proprietary, centralized services. Users ought to be able to share messages and files securely with one another without relying an a third party such as Google or Facebook. Ideally we ought to be able to securely authenticate with service providers anonymously in order to truly prevent becoming the product of surveillance capitalism. The traditional X.509 Public Key Infrastructure (PKI) has demonstrated weaknesses due to centralization. Mitigations such as Certificate Transparency only partially address these weaknesses. The Web of trust based on Pretty Good Privacy (PGP) in theory offers a truly decentralized identity solution. However, in practice, broad success of PGP in identity has been stymied by overwhelming complexity, excruciatingly poor user experience design, and difficulty in integrating the required software with popular email providers. There is promising W3C standards work in the areas of Decentralized Identifiers (DIDs) and Verifiable Credentials, yet implementations often depend on proof-of-work based crypto or token exchanges with asymmetric ownership and control. What's more DID resolution (anchoring in non-repudiation framework) is often either closed or left as an exercise for the reader. The purpose of this talk is to highlight the challenges in open source identity and brainstorm approaches which leverage the best parts of the Web of trust and the W3C standards work while preserving the values the FOSS community holds dear.