Site icon Spherical Cow Consulting

Kill the Wallet? Rethinking the Metaphors Behind Digital Identity

Heather Flanagan
Many leather wallets on a colored pastel background. Top View

“Much like ‘the cloud’ (really just someone else’s computer) or ‘the superhighway’ (I never have figured that one out), the metaphor of a ‘wallet’ has become a convenient shorthand for a tangle of technical, policy, and usability decisions.”

But as we keep building out digital identity ecosystems, complete with verifiable credentials, identity wallets, and cross-jurisdictional trust models, I want to ask:

Is the metaphor still helping us? Or is it time to kill the wallet?

(Apologies to everyone who suddenly got stuck with a Bugs Bunny earworm.)

A Digital Identity Digest
Kill the Wallet? Rethinking the Metaphors Behind Digital Identity
https://episodes.castos.com/681522ece1a7b2-97033376/2089981/c1e-w36mzu3v9o8f891xx-9jqnxo1nip09-kk3g7v.mp3
/

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

Why metaphors matter

Basically, a digital wallet is a secure container for digital credentials. But metaphors are powerful: They shape user expectations, influence system design, and carry emotional and cultural baggage.

Say “wallet,” and people conjure different things:

This matters because the assumptions baked into that metaphor directly affect how systems are designed and how people trust (or don’t) them.

One word, too many meanings

Consider Google Wallet. It assumes it can store just about anything, provided protocols and formats are supported. Apple Wallet is similarly broad in scope but imposes a more curated, policy-heavy experience; credentials often go through approval workflows, and Apple maintains tight control over what gets displayed.

Then you have purpose-built wallets like the SIROS Foundation’s wwWallet, which explicitly aim for neutrality and open standards. In that case, “wallet” is just the delivery mechanism: Credentials come from many issuers, and the wallet doesn’t try to second-guess the user’s intent.

So far, so good. But many users still assume they’ll only need one wallet. After all, they only carry one physical one, right?

Well… not exactly.

Surprise: you’re already carrying multiple wallets

A growing number of users already interact with multiple wallet-like experiences; they just don’t recognize them as such.

Take a gym app with a scannable membership barcode. That’s not a digital wallet; it’s just displaying an unprotected credential. But a university app that stores a student ID, enables cryptographic access to campus systems, or lets students securely share transcripts? That’s starting to behave like a wallet. These apps issue, hold, and present credentials, but often without using open standards, secure storage mechanisms, or user-centric consent flows. In practice, they’re wallet-adjacent without meeting the formal definitions found in standards like ISO/IEC 18013-5 or NIST guidance.

This distinction matters when issuers or verifiers only trust credentials handled within their own apps. If every organization builds its own closed-loop container, users end up juggling multiple apps that can’t talk to each other. That may be good for organizational control, but it’s bad for user experience, portability, and interoperability.

To make sense of this ambiguity, researchers Lukkiena, de Reuver, and Bharosa offer a taxonomy of digital wallets that identifies 10 core characteristics across three levels: wallet architecture, functional capabilities, and governance model. (Thanks, Henk Marsman, for pointing me to this article!) For example, wallets can be custodial or self-sovereign, anchored to a specific platform or OS-agnostic, and focused on narrow single-issuer use cases or broader cross-domain ecosystems. Their conclusion? There’s no universal definition of “wallet,” and that’s a problem when different actors use the same word but mean fundamentally different things. When it takes this much effort to explain what we mean by “wallet,” maybe it’s time to admit the metaphor is no longer fit for purpose.

The wallet metaphor also glosses over deeper architectural questions like who’s in charge of permission and consent.

When you hand someone your physical wallet, no pop-up asks if you’re sure. You’ve already decided what to share. Digital systems, though, are expected to do better. They support selective disclosure (I hope), enforce access policies, and (ideally) prompt you when data is about to be shared.

But when the wallet is mediated by a browser or embedded in a platform you don’t control, who’s responsible for enforcing that consent? The wallet? The issuer? The verifier? The browser? Even people deeply involved don’t agree on the answers here.

The NIST blog on digital wallets offers a definition, and that definition sets the stage for various assumptions:

“A digital wallet is a native application on your mobile device—though in the future, may also be stored in the cloud—that holds and secures your VDCs… Depending on the entity issuing the VDC, users may need to download a wallet application supported by the credential issuer before a VDC can be issued to their phone.”

This is useful, but it also normalizes a model where wallets are tied to issuers, not users. If every credential needs its own issuer-approved container, we’re not talking about wallets anymore. We’re talking about app-specific credential lockers. That’s a very different interaction model and one that may undermine user control.

When regulation and design don’t talk to each other

In Europe, things get even murkier. The EU’s data protection frameworks (GDPR, eIDAS 2.0) layer in consent requirements that assume a clear user interface and intentional disclosure. A 2023 study published in the Harvard Journal of Law & Technology, however, highlighted just how far the actual UX has drifted from those principles.

In “Two Worlds Apart! Closing the Gap Between Regulating EU Consent and User Studies,” researchers Bielova, Santos, and Gray examined real consent flows and found a minefield of “dark patterns” and manipulation. Decline buttons are hidden or misleading, options are presented in confusing hierarchies, and “Accept All” is given visual prominence over granular choices.

If we’re now building digital wallets that insert themselves into this consent process, we have to ask: are we replicating these same patterns? Are we genuinely improving user control or just rebranding old manipulations?

Designing for privacy: lessons from Kantara

The Kantara Initiative’s Privacy-Enhancing Mobile Credentials (PEMC) Implementers Report offers a different and possibly more practical perspective. It doesn’t try to define “wallet” from a metaphorical standpoint. Instead, it focuses on capabilities that put the user back in charge:

“The wallet SHALL be designed to facilitate user understanding and control over what data is being shared and for what purpose. User consent SHALL be explicit, contextual, and revocable.”

That’s a higher bar than most current systems hit.

The report also stresses the importance of:

These aren’t just checkboxes for compliance. They’re structural features that define trust. If your “wallet” can’t support these requirements, maybe it shouldn’t call itself one.

So… do we kill the wallet?

Maybe. Or maybe we reframe it.

The wallet metaphor has done a lot of work. It helped early adopters wrap their heads around verifiable credentials. It gave vendors a way to pitch new apps without diving into crypto protocols.

But now, it’s showing its limitations.

If we’re serious about building systems that scale, interoperate, and respect users, we may need to put the metaphor on pause. Maybe even kill it.

Or at least, give it a long-overdue retirement party.

Bonus question: Got a better metaphor?

I’m genuinely curious: What should we call these things? If “wallet” is too narrow, too payment-focused, or just too confusing, what’s the alternative?

Inbox? Locker? Credential safe? Something new entirely? Or is the ambiguity still worthwhile for a reason I’m missing?

Drop me a note. I promise not to brand it.

📩 Want to stay updated when a new post comes out? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts and their audioblog counterparts go live. No spam, just announcements of new posts. [Subscribe here

Transcript

00:00:04
Welcome to the Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.

If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.

00:00:26
Let’s get into it.

Why Do We Call It a Wallet?

00:00:30
So, have you ever stopped to wonder: why do we call it a wallet?

In digital identity, the term wallet has become so common that we don’t even think twice about it—much like the cloud (air quotes intended), which, as we know, is really just someone else’s computer.

The wallet metaphor has served as convenient shorthand. It wraps up a lot of complex technical, policy, and usability decisions into a single image that feels familiar.

But is it still serving us well? Or is it time to—dare we say—kill the wallet?

And yes, if you’re now hearing Elmer Fudd singing “Kill da Wabbit,” you’re not alone. It’s stuck in my head too.

Why Metaphors Matter

00:01:15
Metaphors help make the abstract more tangible. In digital identity, a wallet conjures up something:

In theory, a digital wallet does exactly that—a secure container for digital credentials.

00:01:34
However, there’s a catch.

Metaphors don’t just explain things—they shape them. They guide system design and influence both user and architect expectations.

And when a metaphor starts to mislead or restrict what’s possible, it’s time to reconsider it.

What Are We Really Talking About?

00:01:54
When we say wallet, what are we actually describing?

Sometimes, we mean a secure application that stores and presents digital credentials. But other times, we’re referring to:

00:02:18
This ambiguity creates confusion.

If you imagine a wallet as an app that lives only on your phone, you might not expect it to:

So, the metaphor starts to limit understanding rather than enhance it.

Physical Wallets vs. Digital Identity

00:02:45
Think about your real wallet. You might carry:

But your work ID might live on a badge you scan at the door.
Your passport is likely in a drawer.
Your vaccine certificate might be in an email or government portal.

00:03:06
Each credential lives in a different place and serves a different function. Yet digital credentials are expected to behave as a single type—all handled the same way.

That’s a problem.

The wallet metaphor reinforces the idea that if you control something, you must physically possess it. But that’s not how real life—or digital systems—work.

Delegation and Flexibility

00:03:32
We delegate trust and control all the time.

00:03:44
Digital identity must support this same flexibility—not just theoretically, but by design.

If the wallet metaphor implies identity is always something you carry and only you carry, it fails to reflect:

Sometimes, you don’t need to carry the credential—you just need to control access to it.

Trust, Adoption, and Governance

00:04:12
Another problem: the wallet metaphor implies that once you have your credentials, you’re done.

But really, that’s just the beginning.

For a credential to matter:

00:04:30
This brings us to:

None of these live inside the wallet. Yet without them, the wallet is just a lonely app with nowhere to go.

Who Are We Building For?

00:04:50
Are we building for everyday users—or for people like us?

The danger in sticking too closely to the wallet metaphor is that we end up designing for:

00:05:08
But most users aren’t in that space. They just want things to work.

They want identity to be seamless—not a side project.
And they certainly don’t want to be blamed for losing access when their private key is wiped in a phone reset—or dropped in a beer.

Rethinking Security and Usability

00:05:32
We need to stop designing for the metaphor. People aren’t all ready to manage their own cryptographic infrastructure—and that’s okay.

Security isn’t one-size-fits-all. Usability isn’t either.

There are cases where:

We shouldn’t cling to the idea that the most secure option is always the only secure option.

Do We Kill the Wallet?

00:06:08
Not necessarily.

The wallet metaphor has brought us this far. It’s familiar, useful, and still works in many settings.

But we should be:

00:06:30
Maybe it’s time for:

Or maybe it’s time to explain what these systems actually do—without relying on metaphor at all.

Language Matters

00:06:48
The user brings their own context. That’s who we’re building for.

So:

We may need a whole basket of metaphors, not just one.

Wrapping Up

00:07:12
As always, if you have questions or want to dive deeper, visit the written blog. I’d love to hear your thoughts.

Thanks for listening.

00:07:22
That’s it for this week’s episode of the Digital Identity Digest. If this made things a little clearer—or at least more interesting—please share it with a friend or colleague.

Let’s keep the conversation going.

Connect with me on LinkedIn @hlflanagan and don’t forget to subscribe and leave a review on Apple Podcasts or wherever you listen.

You’ll find the full written post at sphericalcowconsulting.com.

Stay curious, stay engaged—and I’ll talk to you next time.

Exit mobile version