Every civilization has faced the same problem: how do you prove who you are to someone who's never met you? For centuries, we solved it with wax seals, letters of introduction, and the chain of "I know someone who knows someone who can vouch for you."

Then computers arrived, and we had sixty years to figure it out all over again.

In 1961, MIT needed to keep users' files private on their shared mainframe. Passwords were the answer. In 1988, X.509 gave us certificates and the Morris Worm showed us what happens when trust fails. OAuth appeared decades later because we'd somehow normalized asking users to give their Gmail passwords to strangers.

Each fix solved one problem and left assumptions buried in the foundation. Identity meant human. Networks had edges. Trust could be delegated. Sessions ended.

Now the assumptions are surfacing. Machines hold more identities than people. The network edge dissolved. AI agents act in our name, call APIs, and we're still authenticating them like it's 1988.

This talk tells the story of how we got here: the people, the problems, the compromises that became standards, and how we can build a more resilient foundation for what comes next.