There has been notable progress in the landscape of Internet identity in the last year as gaps that have impeded deployment at scale begin to fill in. Technology advances in integrating protocol approaches, addressing attribute release and informed consent, and scaling to the exponential growth in metadata are all critical to moving Internet identity from immaturity into infrastructure. Policy developments such as General Data Protection Regulation (GDPR) and the new National Institute of Standards and Technology (NIST) 800-63 are providing requirements and clarity that mark a better understanding of what needs to be governed and how. Even business models are taking shape, as users and companies begin to understand the economics of security and privacy. This session will cover these and related developments and what the whole cloth may look like.