Sphereon
insight
Meaning Before Wallets
A wallet is just a channel. The real infrastructure question is what the data means, who is trusted, what policy governs each exchange, and how every decision can be proven later. This article makes that argument.
Organizations are deploying digital wallets. But most have not yet solved the governance problem underneath!
If every channel defines data, trust, and policy separately, the organization has not consolidated its compliance logic. It has built as many trust models as it has channels.
The better approach starts earlier: with semantic meaning. One authoritative definition of what each data element is, what it is for, who may use it, under what policy, and with what audit obligation. Wallets, portals, APIs, and agent workflows then become projections of that model, not separate implementations of it.
Wallets are useful. But they are not the strategy.
Wallets basically reduce manual checking: when a person presents a verified credential, the receiving organization gets data that has already been checked at source, carries a cryptographic proof, and does not require a phone call or a document scan. That is a genuine and significant operational improvement.
But organizations do not only interact through wallets. They use portals, web forms, APIs, email, QR flows, documents, and system-to-system integrations. If each channel builds its own identity and compliance logic, the organization ends up with as many trust models as it has channels. Routine audits, regulatory changes, and new business workflows then become expensive remediation projects rather than straightforward updates to a shared model.
The missing layer is meaning.
Take “professional qualification” as an example. A field name is not meaning. Meaning includes: what type of qualification, issued by whom, under which framework, with what expiry logic, for what purpose, with what disclosure constraints, and what audit obligations apply when the data is used. The same principle holds for any significant data element: date of birth, employee role, supplier accreditation status, mandate, or machine authorization.
Without that definition, a wallet credential carries a string. With it, every system that touches that data, whether through a wallet flow, a portal, an API, or a background check, applies the same interpretation, the same retention rule, and the same audit logic.
That consistency is not a technical convenience. It is a governance requirement. Define the attribute once. Render, request, verify, disclose, retain, and audit it consistently everywhere.
When meaning is implicit, compliance and business rules scatter across code, spreadsheets, documents, integrations, and human memory. That creates fragility. When meaning is explicit and authoritative, each channel becomes a projection of the same model: a form labels and validates the field correctly; a credential supports selective disclosure; a retention process knows when data expires; a verifier requests only what is needed; an audit trail shows why the data was used.
From verified data to governed action.
Verification answers one question: is the data authentic? It does not answer what may happen next. After a credential is verified, the organization still needs to decide: does this person or organization meet the policy threshold? What is the legal basis for processing? What access is granted, and under what conditions?
And if a decision is later questioned, the organization must be able to prove what it checked, when, under which version of policy, and with what result. Those are not wallet questions. They are governance questions. Policy enforcement, evidence retention, and structured audit are the operating layer that makes verification useful, not an optional addition to it.
The credential proves the data. The semantic model explains what it means. The policy engine decides what may happen. The audit trail proves what happened.
Where Sphereon fits.
Sphereon provides verifiable data exchange infrastructure. It covers the full scope: defining what data means, establishing who or what is trusted, exchanging verified data across channels, enforcing policy at runtime, retaining secure evidence, and producing structured audit trails.
That infrastructure works across wallets, portals, APIs, web forms, QR flows, documents, and machine-to-machine integrations. As machines and AI agents increasingly act on behalf of people and organizations, the same trust primitives apply: identity, credentials, authority, delegation, policy, and auditability evaluated at runtime. The wallet is one channel in that model. It is not the model itself.
IDK: Build
Open-source building blocks for digital identity and verifiable credential protocols. For teams that want to build with open standards and maintain full control of their own stack.
EDK: Run
Production-grade enterprise capabilities: multi-tenancy, integration, semantic attribute modeling, policy enforcement, telemetry, structured audit, and commercial support.
VDX: Operate and Govern
The API-driven platform for operating verifiable data exchange across person, organisations, and non-human actors, trust relationships, channels, workflows, secure evidence, and runtime governance.
Go deeper.
Five articles that take each layer of the argument further.
A wallet, not a strategy.
Why a wallet-only thinking leaves the policy- and compliance problem unsolved and your organisation at risk.
The semantic attribute model.
How to define data once and govern it consistently across every channel and why this is a necessity.
Runtime trust for AI agents.
Why identity, authority, delegation, and audit must be evaluated continuously as agents act on behalf of organizations.
From governance to runtime enforcement.
How policy, evidence retention, and structured audit turn verification into a governed decision.
IDK, EDK, VDX: build, run, operate and govern.
How Sphereon’s stack is structured: from developer tooling to operational trust platform.
Start with meaning.
Talk to Sphereon about building verifiable data exchange infrastructure across your organization’s wallets, portals, APIs, workflows, and agents.