Social Identities
In the past, applications owners would add a "new user registration" process to their site, and would issue userids and passwords to these "outsiders". This created a burden for both sides -- the user would have to remember yet another set of credentials, and the site would have to institute business processes to deal with forgotten passwords, etc.
A growing number of these applications, though, are looking to "outsource" the identity problem by leveraging the authentication and Web Single SignOn (SSO) functionality provided by the big internet identity providers (e.g., google, yahoo, facbook, etc). The outside users of these sites now authenticate at one of those sites, and those sites provide the local application with information about the browser user.
Since the mid-1990s commercial Internet-based Service Providers have allowed people visiting their sites to "sign up" and obtain an account. Almost always these accounts have the user supplying a userid (which must be unique within the site) and a password (which sometimes must meet certain strength requirements). Sometimes the userid is actually the user's email address at some other site. Oftentimes, the site asked the user to provide other information as part of their "profile". Several of these items would usually be classified as PII (eg name).
...