Numerous laws impose a duty on a business to verify the identity of a person it is dealing with, while other law regulates the identity systems that seek to provide the needed identity data. What is that law, where does it come from, and how does it affect IdPs, RPs, and others? This session will examine the overall legal framework that in some cases requires, and in other cases governs identity transactions and services. This will include (i) an overview of the existing laws that impose a duty to identify, and the various approaches they take, as well as (ii) a basic overview of the developing legal rules governing identity systems and services, the manner in which they operate, and their impact on the responsibilities and liabilities of the parties. At the same time, it will also consider where those laws come from, and the ways in which they can be modified as necessary. This session will also provide an overview of newly emerging laws and legal initiatives that govern identity at both a domestic and global level, the directions they are taking, and the impact they are likely to have on shaping the identity ecosystem. Finally, the session will examine how the law can be used to facilitate trust in identity transactions and interoperability between identity systems.