What Makes a Web Wallet Possible?

The Architecture Behind SIROS

Digital identity is at a turning point. Many governments, enterprises, and standards bodies are working toward trusted digital identity ecosystems, but the dominant assumption is still that identity wallets must be mobile applications tied to specific device vendors. This assumption is now limiting what the identity ecosystem can achieve. Platform-dependent wallet architectures behave differently across devices, constrain developers with proprietary APIs, and prevent regulators from enforcing predictable compliance. They also exclude people who do not own modern smartphones or cannot rely on them in critical scenarios.

SIROS is built on a different premise: identity must work wherever the Internet works. A digital identity wallet should not depend on a user’s phone model, operating system, or vendor ecosystem. It must be secure, private, interoperable, and accessible to anyone with a browser. This post explains how the SIROS architecture—and the wwWallet reference implementation—make this possible today, and why a web-first wallet is strategically necessary for the next decade of digital trust.

Platform-Dependent Wallets Cannot Scale to Internet-Level Identity

Over the past decade, operating systems have increasingly limited access to security-sensitive capabilities. Mobile identity wallets now rely on platform-controlled APIs for secure storage, credential presentation, and cryptographic operations. While this improves safety within each platform, it introduces deep systemic issues when applied to cross-border identity systems.

Platform-level wallet APIs behave differently across devices, and those differences cannot be corrected purely through standards. The result is that a credential presented on one device may behave differently on another, even when both comply with the same technical specification. For governments responsible for regulated deployments—identity cards, age checks, occupational credentials—this creates an untenable compliance problem. And for developers, it introduces an unpredictable patchwork of SDKs and device-specific constraints.

A digital identity ecosystem that depends on device-specific wallet capabilities will always inherit the complexity and fragmentation of those vendor ecosystems. SIROS’s solution is to bypass these constraints entirely by building identity on the web.

What Actually Makes a Web Wallet Possible Today

For many years, building a high-assurance wallet in the browser would have been impossible. Key storage, secure cryptography, credential isolation, and cross-device migration are all required capabilities that the browser could not provide. That has changed. Modern browsers and WebAuthn now offer three essential primitives:

1. FIDO passkeys and WebAuthn PRFs
Passkeys provide hardware-backed private keys that never leave the authenticator. WebAuthn’s PRF (Pseudo-Random Function) extension allows those keys to derive strong symmetric keys used to encrypt the wallet’s credential container entirely client-side.

2. Mature web cryptography
The Web Crypto API now reliably supports authenticated encryption, asymmetric verification, and other operations wallets require—without needing platform-specific libraries or native code.

3. Robust, standardised issuance and presentation protocols
OpenID4VCI, OpenID4VP, and ISO/IEC 18013-5 provide interoperable, cross-jurisdiction flows for issuing and presenting verifiable credentials directly in the browser.

These primitives allow wwWallet to perform all wallet-critical operations—key derivation, encryption, credential storage, proof creation, and selective disclosure—within the browser itself, backed by passkey-secured cryptography. This is the technical breakthrough that makes a web wallet not only feasible but advantageous.

Direct Presentation Flow: A Foundation for User-Controlled Identity

SIROS’s architecture follows a direct presentation flow model rather than an account-based model. Credential issuers sign authoritative information, which users store locally in encrypted form, and verifiers check cryptographic proofs without any backend intermediation. This model is grounded in familiar physical-world interactions: presenting a licence at a checkpoint, a diploma at a hiring desk, or an organisational ID at a restricted site.

Digitally, it means the user controls every credential, every presentation, and every cryptographic operation. As the Technical Overview explains, this architecture supports a wide range of identity use cases without creating a surveillance channel or exposing credential usage patterns. It also supports regulated environments where issuers and verifiers must prove compliance with strict privacy and data protection requirements.

Passkeys as the Secure Element for Wallet Operations

The choice to use FIDO passkeys as the root of trust is both technically and strategically essential. More than a decade of research, starting with Google’s 2011–2012 MFA deployment study, demonstrates that users struggle with app-based authentication. Those findings drove the development of hardware-backed, phishing-resistant credentials that became the foundation of the modern FIDO ecosystem.

By basing wwWallet on passkeys, SIROS ensures that:

• the user’s private keys never leave their authenticator,

• cryptographic operations happen in secure, tamper-resistant environments,

• credential containers can be encrypted and decrypted only by the user,

• the wallet can reach high assurance levels (including eIDAS HIGH),

• and developers do not need platform-specific APIs to access secure cryptography.

This design also addresses a key regulatory concern: passkeys are already supported across major browsers and devices, which means wallet behaviour becomes consistent, testable, and platform-independent.

Privacy by Design: Client-Side Encryption and Zero Backend Visibility

In many identity systems, the wallet provider or cloud service sees metadata about where and when credentials are used. This creates correlation risk, even if the content of the credential is never exposed. SIROS avoids this entirely. wwWallet does not create or maintain user accounts, store identifiers, or track credential usage. All user data is encrypted client-side using a symmetric key derived from the user’s passkey via a WebAuthn PRF. The only unencrypted information stored server-side is the credential identifier required to fetch the encrypted container.

Because SIROS never sees decrypted credentials or presentation activity, it cannot observe which services a user interacts with. This privacy model is structurally resistant to both surveillance and accidental metadata leakage. It also means that credentials can be installed, backed up, and recovered without exposing sensitive information to providers.

A Web-First Wallet Enables Real-World Usability

A core advantage of a web-based wallet is that it operates wherever a browser runs. This includes laptops, desktops, tablets, shared computers, low-cost devices, and mobile phones. Identity becomes independent of device capabilities, which directly supports equity, accessibility, and operational resilience.

A relief worker deployed to a disaster site can use their hardware key on a borrowed laptop to present organisational credentials. A student who loses their phone can access their wallet from a campus computer. An employee working in a secure research facility can use a desktop terminal where mobile phones are prohibited. These are not edge cases, they represent real operational contexts that mobile-only wallets have consistently failed to support.

By making wwWallet a Progressive Web Application (PWA) delivered directly through standard browser mechanisms, SIROS ensures a consistent experience across devices and eliminates the need for app store distribution, platform permissions, or proprietary SDKs.

Key Architectural Contrasts and Guarantees

As digital identity ecosystems evolve, architectural decisions shape whether systems remain open, interoperable, and trustworthy. The following contrasts illustrate why SIROS’s approach is uniquely suited to global, regulated, and cross-platform identity deployments.

1. Cloud-HSM–based wallet considerations

Some jurisdictions have explored storing each user’s private key inside remote hardware security modules as a way to leverage certified hardware and familiar operational models. While the approach has understandable appeal, it also introduces several systemic challenges:

• Centralisation and correlation: Concentrating key operations in shared HSM infrastructure creates correlation vectors and aggregates risk in ways that are difficult to fully mitigate.

• Scalability limits: Cloud-HSM architectures struggle to support the cryptographic throughput required for national-scale, high-frequency wallet operations.

• Vendor dependence: Relying on a specific cloud HSM provider can create long-term operational and sovereignty constraints, especially when jurisdictions require infrastructure independence.

These factors are why some ecosystems, SIROS included, are exploring alternative models that keep keys with users rather than in centralised hardware services.

2. Standards underpinning the SIROS architecture

SIROS is built entirely on open standards used globally:

• FIDO/WebAuthn for authentication and key protection

• OpenID4VCI and OpenID4VP for credential issuance and presentation

• ISO/IEC 18013-5 for mobile document interoperability
  These standards provide a vendor-neutral foundation with a rich ecosystem of test suites, open-source libraries, and regulatory alignment.

3. wwWallet’s architectural guarantees

The combination of passkeys, client-side encryption, and a browser-native wallet delivers:

• a high-assurance security model appropriate for regulated use cases,

• full device independence with no mobile device requirement, and

• privacy-preserving credential flows without backend observability.

Mobile Secure Elements Cannot Support Universal Identity

Mobile secure elements offer strong device-level protection, but they are not a viable foundation for global, inclusive identity systems. They assume universal smartphone access, restrict wallet functionality to what platform vendors choose to expose, and create fragmentation in regulated environments where consistent behaviour is mandatory. Because SIROS is built on passkeys rather than device-specific secure elements, it avoids these constraints entirely and ensures that identity is not tied to particular hardware.

Trust Model and Governance: A Foundation Designed to Evolve

The SIROS trust model begins with curated issuer lists and expands toward more dynamic trust frameworks. This includes adopting mechanisms like OpenID Federation to enable jurisdiction-specific policy layers while preserving cross-border interoperability. The goal is to give governments and enterprises a predictable, auditable, transparent way to understand which credentials meet which assurance levels—and why.

Governance is a central pillar of SIROS’s mission. As the Technical Overview notes, wwWallet and its associated technologies are not tied to any single commercial vendor. This ensures that long-term public-interest infrastructure can develop independently of corporate priorities and market shifts, providing stability for regulators and implementers planning deployments that must remain reliable for decades.

Future Capabilities

SIROS’s architecture is designed to support evolving standards and future cryptographic techniques. Near-term developments include support for SD-JWT-based selective disclosure, upcoming JWP-based credentials, and BBS or ZK-proof–enabled credentials for high-privacy scenarios. As browser and platform capabilities grow, wwWallet will incorporate offline-verification mechanisms, enhanced BLE-based flows, and improved multi-device portability.

By aligning early with the standards communities shaping the next decade of digital identity, including OpenID Foundation, ISO committees, and W3C groups, SIROS ensures that wwWallet remains interoperable, modern, and trustworthy.

A browser-based identity wallet is now technologically feasible because the web has grown to support the cryptographic primitives, authentication mechanisms, and protocol standards required to secure wallet operations. A web wallet is necessary because regulated, cross-border identity ecosystems cannot rely on device vendors to expose consistent capabilities across platforms.

With wwWallet as its reference implementation, SIROS delivers a wallet architecture that is secure, private, interoperable, and accessible anywhere the web runs. It provides regulators with a predictable compliance foundation, developers with a standards-based integration path, and users with control over their identity.

Identity is infrastructure, and infrastructure must be open, governed in the public interest, and free from platform lock-in. SIROS is building that future now.