The present invention is directed to a method and system for authorizing access to information of a user. The system includes a first network entity and a second network entity. The first network entity sends a request for information of a user to the second network entity. The second network entity receives the request for information of the user, verifies that the first network entity is authorized to receive the requested information, and generates a response authorizing the request if the first network entity is authorized to receive the information. The verifying may include comparing the first network entity against all non-barred public user identities of the user, comparing the first network entity against all network entities identified in a previous request, and comparing the first network entity against all application servers not belonging to third-party providers outside a network to which the user is connected.