In considering identity management, the first issue is—What is identity? This is, of course, an issue that has plagued poets, philosophers, and playwrights for centuries. We're concerned with a more prosaic version of the question: How does an entity recognize another entity? This important question occurs when access to resources, such as health or financial records, services, or benefits, is limited to specific entities. The entity in question could be a person, a computer, or even a device with quite limited memory and computational power. In this issue of IEEE Security & Privacy—the first of what we suspect will be several special issues on identity management—we have chosen to focus on identity management in which the entity being identified is a person.