In　this　paper,　we　propose　a　framework　for　identity　management　in　a　distributed　environment.　In　addition　to　achieving　convenience,　which　is　the　primary　objective　for　identity　management　in　most　related　work,　we　believe　that　user　privacy　and　controlled　information　disclosure　are　equally　important.　Therefore,　we　look　beyond　the　so-called　single-sign-on　(SSO)　suitable　mainly　for　a　federated　environment　because　the　requirement　that　a　trust　relationship　be　established　between　network　applications　and　services　so　that　a　central　authority　can　act　on　behalf　of　the　applications　and　services　in　identity　management　and　access　authorization　is　not　practical　in　the　Internet　where　distributed　control　and　management　is　the　mainstream.　We　show　how　convenience　can　be　achieved　without　the　requirement　for　such　a　central　authority　in　our　framework.　We　also　show　how　multiple　identities　can　be　managed　for　users　to　access　network　applications　and　services　and　how　users　can　control　the　disclosure　of　identity　information　and　hence　ensure　their　privacy.　Consequently,　the　framework　can　serve　as　the　foundation　for　the　development　of　the　next　generation　of　network　identity　management　systems　that　are　both　practical　and　flexible.　©　Springer-Verlag　Berlin　Heidelberg　2005.