Auditable privacy policies in a distributed hierarchical identity management system

What is claimed is: 1. A method of obtaining user information, the method comprising: receiving, at a server through a data network from a device associated with a user, a request for access to a service; transmitting, from the server through the data network to the device associated with the user, a request for the user information; receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained; providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained; receiving, at the server through the data network from the device associated with the user, the user information and the session identifier; correlating, at the server, based on the session identifier, the user information to the request for the user information; and fulfilling, by the server, based on the received user information, the request for access to the service. 2. The method of claim 1 further comprising: transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and receiving, at the server from the network location where the user information can be obtained, the certification of the user information. 3. The method of claim 2 further comprising: transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information; receiving, at the server from the root device, verification of the certification of the user information; and verifying, by the server, based on the verification of the certification of the user information, the user information. 4. The method of claim 1 wherein receiving the user information and the session identifier comprises receiving a user identifier and a timestamp. 5. The method of claim 1 wherein the user information comprises user authentication information. 6. The method of claim 1 wherein the link is provided as a redirect that redirects the device associated with the user to the network location where the user information can be obtained. 7. The method of claim 1 wherein the user information provided is an XML block or fragment. 8. A storage medium, comprising hardware and/or a memory, storing instructions that, when executed by a computing system, cause the computing system to perform operations for obtaining user information, the operations comprising: receiving, at a server through a data network from a device associated with a user, a request for access to a service; transmitting, from the server through the data network to the device associated with the user, a request for the user information; receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained; providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained; receiving, at the server through the data network from the device associated with the user, the user information and the session identifier; correlating, at the server, based on the session identifier, the user information to the request for the user information; and fulfilling, by the server, based on the received user information, the request for access to the service. 9. The storage medium of claim 8 wherein the operations further comprise: transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and receiving, at the server from the network location where the user information can be obtained, the certification of the user information. 10. The storage medium of claim 9 wherein the operations further comprise: transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information; receiving, at the server from the root device, verification of the certification of the user information; and verifying, by the server, based on the verification of the certification of the user information, the user information. 11. The storage medium of claim 8 wherein receiving the user information and the session identifier comprises receiving a user identifier and a timestamp. 12. The storage medium of claim 8 wherein the user information comprises user authentication information. 13. The storage medium of claim 8 wherein providing the communication including the session identifier and the link comprises providing a redirect that redirects the device associated with the user to the network location where the user information can be obtained. 14. The storage medium of claim 8 wherein the user information provided is an XML block or fragment. 15. A system for obtaining user information, the system comprising: one or more processors; and a memory storing executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations for obtaining user information, the operations comprising: receiving, at a server through a data network from a device associated with a user, a request for access to a service; transmitting, from the server through the data network to the device associated with the user, a request for the user information; receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained; providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained; receiving, at the server through the data network from the device associated with the user, the user information and the session identifier; correlating, at the server, based on the session identifier, the user information to the request for the user information; and fulfilling, by the server, based on the received user information, the request for access to the service. 16. The system of claim 15 wherein the operations further comprise: transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and receiving, at the server from the network location where the user information can be obtained, the certification of the user information. 17. The system of claim 16 wherein the operations further comprise: transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information; receiving, at the server from the root device, verification of the certification of the user information; and verifying, by the server, based on the verification of the certification of the user information, the user information. 18. The system of claim 15 wherein receiving the user information