Subscribe to the Non-Human & AI Identity Journal

Who is accountable when a wallet-based verification flow is used incorrectly?

The relying party remains accountable for the verification design, data handling, and business decision that follows. Wallets and browsers can transport proofs, but the organisation requesting them must justify the claim set, validate the response, and govern what happens next.

Why This Matters for Security Teams

Wallet-based verification can make trust look simple, but accountability does not move with the credential. The relying party decides which claims matter, what risk it is accepting, and whether the resulting business action is defensible. That is why incorrect use is usually a governance failure, not a wallet failure. The organisation requesting the proof owns the control objective, just as it would under NIST SP 800-53 Rev 5 Security and Privacy Controls.

For NHI and agentic environments, the same pattern shows up when proofs, tokens, and assertions are consumed without clear policy. NHIMG’s Ultimate Guide to NHIs notes that 97% of NHIs carry excessive privileges, which is a reminder that access problems often persist because teams trust artifacts more than governance. A wallet can present a claim, but it cannot decide whether that claim should trigger onboarding, access, payment, or a high-risk workflow. In practice, many security teams encounter misuse only after a proof has already been accepted and downstream decisions have already been made.

How It Works in Practice

In a wallet-based flow, the wallet or browser acts as a presentation layer for verifiable claims. The relying party defines the verification policy, asks for specific attributes, checks signatures and freshness, and then applies its own business rules. That means the accountable party is the one that chose the claim set, the trust anchors, the acceptance criteria, and the post-verification decision.

Operationally, good designs separate transport from trust:

  • The wallet packages proofs, but does not own the relying party’s legal or security obligations.
  • The verifier checks issuer trust, schema validity, revocation status, and replay resistance.
  • The application decides whether to approve, deny, step up, or route for review.
  • The organisation logs the verification event, retention basis, and downstream use of the data.

This is especially important where claims are reused across systems or where proofs are linked to automation. If a wallet presents an assertion that is too broad, the relying party still owns the decision to accept it. NIST’s control guidance on least privilege and access enforcement is relevant here, and NHIMG’s Ultimate Guide to NHIs is explicit that over-privilege remains a systemic issue across identity programmes. For teams implementing wallet verification, policy should be written first and claims should be requested only after the necessary justification is documented.

These controls tend to break down in federated ecosystems with weak issuer governance, because the relying party can validate a proof yet still lack assurance that the underlying claim was appropriate for the decision being made.

Common Variations and Edge Cases

Tighter verification often increases user friction and operational overhead, so organisations must balance assurance against adoption and response time. Current guidance suggests treating that tradeoff as a policy decision, not a technical inevitability. The most common edge case is selective disclosure: a relying party asks for more data than it truly needs, then inherits unnecessary privacy and compliance exposure when that data is stored or forwarded.

Another variation appears when wallets are used for delegated or automated actions. If a browser, agent, or service consumes the proof and then acts on it, accountability expands to include the party that defined the automation boundary and the party that approved the decision rule. The wallet is still not the accountable decision-maker. The relying party remains responsible for access governance, auditability, and safe failure behaviour when claims are missing, stale, or ambiguous.

There is no universal standard for this yet across all wallet formats and assurance models, so teams should align issuer trust, claim minimisation, retention limits, and incident response before rollout. For broader identity governance context, NHIMG’s Ultimate Guide to NHIs is useful because it frames identity risk as lifecycle management, not just authentication. Organisations that treat wallet verification as a plug-in security layer usually discover the accountability gap only after a disputed approval, a privacy complaint, or a downstream access mistake.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-01 Misuse often comes from weak identity governance and over-trusting presented claims.
OWASP Agentic AI Top 10 A-04 Automated consumers of wallet proofs need clear authorization boundaries and accountability.
CSA MAESTRO GOV-2 Agentic workflows need governance over claim acceptance and downstream decisions.
NIST AI RMF AI RMF supports accountable governance for systems making or using claims at runtime.
NIST CSF 2.0 PR.AC-1 Access control must be tied to a defined policy, not just a successfully presented proof.

Define who owns each verification claim, then enforce lifecycle controls for any identity that presents or consumes it.