Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Digital credentials in wallets and browsers: what IAM teams need now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Google Wallet, Apple Wallet, Chrome 141, and iOS 26 are converging on the W3C Digital Credentials API while the EU hardens its year-end wallet mandate, creating a standards-based path for selective-disclosure identity claims across consumer and regulated use cases, according to Authsignal. The governance problem is not authentication alone, but verifier adoption, trust alignment, and lifecycle control for claims that now travel outside traditional IAM boundaries.

NHIMG editorial — based on content published by Authsignal: Digital ID is going mainstream in 2026

Questions worth separating out

Q: How should security teams govern digital credential verification in customer journeys?

A: Start by defining the exact claim needed for each journey, then bind that request to a trusted browser and wallet flow.

Q: Why do digital credentials change privacy and IAM design at the same time?

A: Because they move identity proof from central data collection into selective disclosure.

Q: What breaks when organisations ask for full identity data instead of a single claim?

A: They lose the main privacy and security advantage of digital credentials.

Practitioner guidance

  • Define attribute-minimisation rules for verification flows Map every digital ID use case to the minimum claim set needed for the decision.
  • Separate authentication from identity verification in architecture reviews Treat passkeys as account authentication and digital credentials as claim verification.
  • Validate wallet and browser trust assumptions Review how the browser, wallet selection process, and origin validation behave in each supported platform.

What's in the full article

Authsignal's full blog post covers the operational detail this post intentionally leaves for the source:

  • Step-by-step browser flow details for the Digital Credentials API across Chrome and Safari
  • Protocol-level handling of OID4VP, mdoc, and cross-device presentation paths
  • Specific rollout examples for Google Wallet, Apple Wallet, and the EU Digital Identity Wallet
  • Implementation implications for verifier adoption in age checks, onboarding, and KYC flows

👉 Read Authsignal's analysis of digital IDs going mainstream in 2026 →

Digital credentials in wallets and browsers: what IAM teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Digital credentials create a governance shift, not just a new login method. The important change is that identity proof becomes a portable claim, validated through wallets and browsers instead of direct collection into every application. That changes custody, assurance, and consent boundaries for IAM programmes. Teams that treat this as a front-end enhancement will miss the control changes underneath it.

A few things that frame the scale:

  • Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities.

A question worth separating out:

Q: Who is accountable when a wallet-based verification flow is used incorrectly?

A: The relying party remains accountable for the verification design, data handling, and business decision that follows. Wallets and browsers can transport proofs, but the organisation requesting them must justify the claim set, validate the response, and govern what happens next.

👉 Read our full editorial: Digital IDs are becoming mainstream as wallets and browsers converge



   
ReplyQuote
Share: