“Much like ‘the cloud’ (really just someone else’s computer) or ‘the superhighway’ (I never have figured that one out), the metaphor of a ‘wallet’ has become a convenient shorthand for a tangle of technical, policy, and usability decisions.”

But as we keep building out digital identity ecosystems, complete with verifiable credentials, identity wallets, and cross-jurisdictional trust models, I want to ask:

Is the metaphor still helping us? Or is it time to kill the wallet?

(Apologies to everyone who suddenly got stuck with a Bugs Bunny earworm.)

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Why metaphors matter

Basically, a digital wallet is a secure container for digital credentials. But metaphors are powerful: They shape user expectations, influence system design, and carry emotional and cultural baggage.

Say “wallet,” and people conjure different things:

• A tap-to-pay credit card or mobile payment app
• A driver’s license or ID holder
• A catch-all pouch for everything from boarding passes to coffee shop punch cards to loyalty cards

This matters because the assumptions baked into that metaphor directly affect how systems are designed and how people trust (or don’t) them.

One word, too many meanings

Consider Google Wallet. It assumes it can store just about anything, provided protocols and formats are supported. Apple Wallet is similarly broad in scope but imposes a more curated, policy-heavy experience; credentials often go through approval workflows, and Apple maintains tight control over what gets displayed.

Then you have purpose-built wallets like the SIROS Foundation’s wwWallet, which explicitly aim for neutrality and open standards. In that case, “wallet” is just the delivery mechanism: Credentials come from many issuers, and the wallet doesn’t try to second-guess the user’s intent.

So far, so good. But many users still assume they’ll only need one wallet. After all, they only carry one physical one, right?

Well… not exactly.

Surprise: you’re already carrying multiple wallets

A growing number of users already interact with multiple wallet-like experiences; they just don’t recognize them as such.

Take a gym app with a scannable membership barcode. That’s not a digital wallet; it’s just displaying an unprotected credential. But a university app that stores a student ID, enables cryptographic access to campus systems, or lets students securely share transcripts? That’s starting to behave like a wallet. These apps issue, hold, and present credentials, but often without using open standards, secure storage mechanisms, or user-centric consent flows. In practice, they’re wallet-adjacent without meeting the formal definitions found in standards like ISO/IEC 18013-5 or NIST guidance.

This distinction matters when issuers or verifiers only trust credentials handled within their own apps. If every organization builds its own closed-loop container, users end up juggling multiple apps that can’t talk to each other. That may be good for organizational control, but it’s bad for user experience, portability, and interoperability.

To make sense of this ambiguity, researchers Lukkiena, de Reuver, and Bharosa offer a taxonomy of digital wallets that identifies 10 core characteristics across three levels: wallet architecture, functional capabilities, and governance model. (Thanks, Henk Marsman, for pointing me to this article!) For example, wallets can be custodial or self-sovereign, anchored to a specific platform or OS-agnostic, and focused on narrow single-issuer use cases or broader cross-domain ecosystems. Their conclusion? There’s no universal definition of “wallet,” and that’s a problem when different actors use the same word but mean fundamentally different things. When it takes this much effort to explain what we mean by “wallet,” maybe it’s time to admit the metaphor is no longer fit for purpose.

Who controls permission and consent?

The wallet metaphor also glosses over deeper architectural questions like who’s in charge of permission and consent.

When you hand someone your physical wallet, no pop-up asks if you’re sure. You’ve already decided what to share. Digital systems, though, are expected to do better. They support selective disclosure (I hope), enforce access policies, and (ideally) prompt you when data is about to be shared.

But when the wallet is mediated by a browser or embedded in a platform you don’t control, who’s responsible for enforcing that consent? The wallet? The issuer? The verifier? The browser? Even people deeply involved don’t agree on the answers here.

The NIST blog on digital wallets offers a definition, and that definition sets the stage for various assumptions:

“A digital wallet is a native application on your mobile device—though in the future, may also be stored in the cloud—that holds and secures your VDCs… Depending on the entity issuing the VDC, users may need to download a wallet application supported by the credential issuer before a VDC can be issued to their phone.”

This is useful, but it also normalizes a model where wallets are tied to issuers, not users. If every credential needs its own issuer-approved container, we’re not talking about wallets anymore. We’re talking about app-specific credential lockers. That’s a very different interaction model and one that may undermine user control.

When regulation and design don’t talk to each other

In Europe, things get even murkier. The EU’s data protection frameworks (GDPR, eIDAS 2.0) layer in consent requirements that assume a clear user interface and intentional disclosure. A 2023 study published in the Harvard Journal of Law & Technology, however, highlighted just how far the actual UX has drifted from those principles.

In “Two Worlds Apart! Closing the Gap Between Regulating EU Consent and User Studies,” researchers Bielova, Santos, and Gray examined real consent flows and found a minefield of “dark patterns” and manipulation. Decline buttons are hidden or misleading, options are presented in confusing hierarchies, and “Accept All” is given visual prominence over granular choices.

If we’re now building digital wallets that insert themselves into this consent process, we have to ask: are we replicating these same patterns? Are we genuinely improving user control or just rebranding old manipulations?

Designing for privacy: lessons from Kantara

The Kantara Initiative’s Privacy-Enhancing Mobile Credentials (PEMC) Implementers Report offers a different and possibly more practical perspective. It doesn’t try to define “wallet” from a metaphorical standpoint. Instead, it focuses on capabilities that put the user back in charge:

“The wallet SHALL be designed to facilitate user understanding and control over what data is being shared and for what purpose. User consent SHALL be explicit, contextual, and revocable.”

That’s a higher bar than most current systems hit.

The report also stresses the importance of:

• Purpose limitation: credentials should only be used for clearly defined, disclosed functions.
• Transparency and auditability: users should be able to review where and how credentials have been used.
• User-managed permissions: ideally, from a central UI that lets users adjust sharing policies without reissuing credentials.

These aren’t just checkboxes for compliance. They’re structural features that define trust. If your “wallet” can’t support these requirements, maybe it shouldn’t call itself one.

So… do we kill the wallet?

Maybe. Or maybe we reframe it.

The wallet metaphor has done a lot of work. It helped early adopters wrap their heads around verifiable credentials. It gave vendors a way to pitch new apps without diving into crypto protocols.

But now, it’s showing its limitations.

• It implies singularity, when reality demands multiplicity.
• It collapses trust boundaries, hiding the difference between issuer-owned and user-controlled containers.
• It blurs accountability, especially when it comes to consent and user agency.
• And it distracts regulators, who often assume the metaphor aligns with actual practice.

If we’re serious about building systems that scale, interoperate, and respect users, we may need to put the metaphor on pause. Maybe even kill it.

Or at least, give it a long-overdue retirement party.

Bonus question: Got a better metaphor?

I’m genuinely curious: What should we call these things? If “wallet” is too narrow, too payment-focused, or just too confusing, what’s the alternative?

Inbox? Locker? Credential safe? Something new entirely? Or is the ambiguity still worthwhile for a reason I’m missing?

Drop me a note. I promise not to brand it.

📩 Want to stay updated when a new post comes out? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts and their audioblog counterparts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

00:00:04
Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.

If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

00:00:26
Let’s get into it.

---

Why Do We Call It a Wallet?

00:00:30
So, have you ever stopped to wonder: why do we call it a wallet?

In digital identity, the term wallet has become so common that we don’t even think twice about it—much like the cloud (air quotes intended), which, as we know, is really just someone else’s computer.

The wallet metaphor has served as convenient shorthand. It wraps up a lot of complex technical, policy, and usability decisions into a single image that feels familiar.

But is it still serving us well? Or is it time to—dare we say—kill the wallet?

And yes, if you’re now hearing Elmer Fudd singing “Kill da Wabbit,” you’re not alone. It’s stuck in my head too.

---

Why Metaphors Matter

00:01:15
Metaphors help make the abstract more tangible. In digital identity, a wallet conjures up something:

• Personal
• Portable
• Secure
• That holds important things we don’t want to lose

In theory, a digital wallet does exactly that—a secure container for digital credentials.

00:01:34
However, there’s a catch.

Metaphors don’t just explain things—they shape them. They guide system design and influence both user and architect expectations.

And when a metaphor starts to mislead or restrict what’s possible, it’s time to reconsider it.

---

What Are We Really Talking About?

00:01:54
When we say wallet, what are we actually describing?

Sometimes, we mean a secure application that stores and presents digital credentials. But other times, we’re referring to:

• A whole service ecosystem
• Trust registries
• Credential exchanges
• Key management systems

00:02:18
This ambiguity creates confusion.

If you imagine a wallet as an app that lives only on your phone, you might not expect it to:

• Sync across devices
• Backup to the cloud
• Integrate with browsers

So, the metaphor starts to limit understanding rather than enhance it.

---

Physical Wallets vs. Digital Identity

00:02:45
Think about your real wallet. You might carry:

• Credit cards
• A driver’s license
• A photo of your dog
• Maybe some cash (if you’re feeling nostalgic)

But your work ID might live on a badge you scan at the door.
Your passport is likely in a drawer.
Your vaccine certificate might be in an email or government portal.

00:03:06
Each credential lives in a different place and serves a different function. Yet digital credentials are expected to behave as a single type—all handled the same way.

That’s a problem.

The wallet metaphor reinforces the idea that if you control something, you must physically possess it. But that’s not how real life—or digital systems—work.

---

Delegation and Flexibility

00:03:32
We delegate trust and control all the time.

• Browsers remember our passwords
• Apps access our photos
• Others pick up prescriptions or check in for us

00:03:44
Digital identity must support this same flexibility—not just theoretically, but by design.

If the wallet metaphor implies identity is always something you carry and only you carry, it fails to reflect:

• Delegation
• Guardianship
• Enterprise-managed credentials

Sometimes, you don’t need to carry the credential—you just need to control access to it.

---

Trust, Adoption, and Governance

00:04:12
Another problem: the wallet metaphor implies that once you have your credentials, you’re done.

But really, that’s just the beginning.

For a credential to matter:

• It must be accepted
• It must be verifiable
• It must be trusted

00:04:30
This brings us to:

• Trust registries
• Governance frameworks
• Interoperability standards

None of these live inside the wallet. Yet without them, the wallet is just a lonely app with nowhere to go.

---

Who Are We Building For?

00:04:50
Are we building for everyday users—or for people like us?

The danger in sticking too closely to the wallet metaphor is that we end up designing for:

• Tech-savvy users
• Privacy-conscious individuals
• People willing to manage keys and credentials

00:05:08
But most users aren’t in that space. They just want things to work.

They want identity to be seamless—not a side project.
And they certainly don’t want to be blamed for losing access when their private key is wiped in a phone reset—or dropped in a beer.

---

Rethinking Security and Usability

00:05:32
We need to stop designing for the metaphor. People aren’t all ready to manage their own cryptographic infrastructure—and that’s okay.

Security isn’t one-size-fits-all. Usability isn’t either.

There are cases where:

• Cloud-based key management offers better recovery options
• Delegation to trusted devices boosts usability
• Giving users a choice increases adoption

We shouldn’t cling to the idea that the most secure option is always the only secure option.

---

Do We Kill the Wallet?

00:06:08
Not necessarily.

The wallet metaphor has brought us this far. It’s familiar, useful, and still works in many settings.

But we should be:

• More careful in how we use it
• Clearer about what we mean
• Open to other metaphors—or better yet, clearer explanations

00:06:30
Maybe it’s time for:

• Identity lockers
• Digital toolboxes
• Credential dashboards

Or maybe it’s time to explain what these systems actually do—without relying on metaphor at all.

---

Language Matters

00:06:48
The user brings their own context. That’s who we’re building for.

So:

• In specs: our language must be crystal clear
• For users: our explanations must be accurate and inclusive

We may need a whole basket of metaphors, not just one.

---

Wrapping Up

00:07:12
As always, if you have questions or want to dive deeper, visit the written blog. I’d love to hear your thoughts.

Thanks for listening.

00:07:22
That’s it for this week’s episode of the Digital Identity Digest. If this made things a little clearer—or at least more interesting—please share it with a friend or colleague.

Let’s keep the conversation going.

Connect with me on LinkedIn @hlflanagan and don’t forget to subscribe and leave a review on Apple Podcasts or wherever you listen.

You’ll find the full written post at sphericalcowconsulting.com.

Stay curious, stay engaged—and I’ll talk to you next time.