Being proactive and vigilant is the best defense against identity theft and the invasion of privacy. This recurrent advice from the public broadcasting attests that security breaches can happen and no identity management system can provide full-proof security. The challenge is even greater in service-oriented architectures where each user has their identities scattered across many services and has no control over management of those identities. Recent research in the area of the user-centric identity management makes user control and consent the key concept for identity management, but there is no consensus on the level of user-centricity. This paper proposes a service-oriented architecture framework called personal identity management that truly puts users in control over the management of their identities. The advantages of this proposal can be demonstrated through a comparison analysis of relevant identity management systems against a set of criteria required for today?s identity management.