Wallet-based presentation is the act of sharing a verifiable credential from a digital wallet or identity app to satisfy a verifier's request. The control challenge is not just the wallet itself, but how presentation policy, device trust, and fallback handling are governed across the full lifecycle.
Expanded Definition
Wallet-based presentation is a verifier-facing action in which a digital wallet or identity app releases a verifiable credential, or a selected subset of claims, in response to a request. In NHI and agentic identity contexts, the focus is not only on possession of the wallet, but on presentation policy, device assurance, consent capture, and fallback paths that preserve trust when the primary device is unavailable.
Definitions vary across vendors because some products treat presentation as a simple disclosure event, while others include consent checks, attestation signals, and selective disclosure. NHI Management Group treats the term more narrowly: a presentation is only trustworthy when the wallet, the credential, and the verifier policy are all governed as part of one lifecycle. That lifecycle should align with the risk principles in the NIST Cybersecurity Framework 2.0 and the identity governance emphasis in the Ultimate Guide to NHIs.
The most common misapplication is treating wallet-based presentation as proof of identity by itself, which occurs when organisations accept any successful wallet response without validating policy, device trust, or replay resistance.
Examples and Use Cases
Implementing wallet-based presentation rigorously often introduces user-friction and policy complexity, requiring organisations to weigh fast verification against stronger assurance and better auditability.
- A contractor presents a verifiable credential from a mobile wallet to enter a regulated workspace, while the verifier checks freshness, issuer trust, and device posture before granting access.
- An AI agent uses a wallet-backed credential to authenticate to a partner API, but only after policy confirms the agent’s execution scope and the credential’s presentation window.
- A university or enterprise accepts a selective disclosure presentation that reveals age or employment status without exposing the full credential, reducing unnecessary data sharing.
- A recovery workflow allows a user to re-establish access after device loss, but only through a governed fallback that preserves issuer revocation and re-issuance checks.
- An organisation standardises verifier policy across apps so the same credential is not accepted in one workflow and rejected in another because of inconsistent assurance rules.
These patterns are consistent with NHI lifecycle thinking in the Ultimate Guide to NHIs and the assurance and control objectives described in NIST Cybersecurity Framework 2.0. In practice, the term applies wherever a verifier needs a bounded claim, not a raw account login.
Why It Matters in NHI Security
Wallet-based presentation matters because it can become a trust bottleneck for both human and non-human identities. If presentation policy is weak, attackers may replay credentials, exploit overbroad disclosure, or abuse fallback flows after device compromise. If policy is too rigid, legitimate users and agents can be locked out, forcing unsafe workarounds.
NHI Management Group research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, and 79% of organisations have experienced secrets leaks, with 77% causing tangible damage. Those patterns show why presentation governance cannot be treated as a cosmetic wallet feature; it sits on the access path and affects how trust is established, revoked, and audited across the estate.
Practitioners should map presentation rules to verifier risk, issuer trust, and revocation handling, then monitor exceptions as closely as primary access. The underlying governance logic is reinforced in the Ultimate Guide to NHIs and operationalised through the identity and access controls in NIST Cybersecurity Framework 2.0. Organisations typically encounter the failure mode only after a credential is lost, replayed, or accepted by the wrong verifier, at which point wallet-based presentation becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Wallet presentation depends on governed credential use and verifier-side trust checks. |
| NIST CSF 2.0 | PR.AA | Identity verification and access control map directly to presentation assurance decisions. |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification of the presenting entity and device. |
Require policy, assurance, and revocation checks before accepting any wallet-presented credential.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 20, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
