Registry Notary · Verify

Registry facts become proofs people and systems can trust.

Registry Notary answers a precise question against a registry and returns a signed answer: a yes or no, a bounded value, or a credential a person can hold in a wallet. The service gets its proof; the record stays with the registry.

Try the wallet demo View on GitHub

The live lab issues a real signed proof of life into a hosted wallet, on synthetic data, with nothing to install.

What is new here

Verification as a service the registry owner controls.

Today, proving a fact usually means handing over a record or a paper certificate. Registry Notary makes the proof itself the product, and keeps the registry in charge of what each proof may say.

Answers, not records

A pension system asks "is this person alive?" and receives exactly that answer, signed by the authority. No date of birth, no address, no record dump to store and protect.

Proofs people can carry

An answer can be issued as a digital credential in open wallet standards. A person collects a proof once and presents it to another service themselves, instead of asking two administrations to talk to each other.

The data stays home

A notary can delegate a question to the authority that owns the registry and pass back only the signed answer. Registries cooperate on proofs without pooling their data.

How it works

A governed question in, a signed answer out.

A governed question

A service, wallet, or workflow asks a configured question, under an agreed purpose and access rule.

Registry Notary

Check the claim against the registry
Apply the disclosure policy
Sign the answer or issue the credential
Record the audit event

A signed answer

A yes or no, a bounded value, an attestation, or a wallet credential, with a reviewable trail.

FHIR support

Prove health and service claims without sharing sensitive records.

Registry Notary can connect to FHIR APIs and turn structured health data into narrow, purpose-bound claim results. FHIR stays the source interface. Notary becomes the proof interface.

What it can read from

FHIR-compatible electronic medical records, health information exchanges, and case-management systems.
Patient, Encounter, Observation, Condition, Immunization, Coverage, Organization, and Practitioner records.
Test and pilot deployments using public FHIR servers before connecting a production system.

What it lets others prove

A verifier receives the smallest useful answer: a yes or no, a bounded value, or a signed credential. They do not need direct database access, and they do not receive a copy of the source FHIR resources.

Eligibility and coverage

Confirm that a person is registered, over a threshold age, actively covered, or linked to a program without exposing the full patient record.

Care delivery

Verify that an encounter, immunization, observation, referral, or diagnosis exists for the purpose and period the verifier is allowed to ask about.

Program assurance

Let partner systems, funders, or registries receive narrow signed claim results from health data while source systems keep control.

Read the FHIR adapter guide →

Worked scenario

Proof of life, without the queue at the counter.

The question is agreed

The civil registration authority configures one claim: "is this person alive?". The disclosure policy says only the answer leaves the registry.

The proof is collected

A pensioner signs in and receives a signed proof of life into a wallet, valid for a bounded time. The pension agency can also ask the notary directly, under its own access rule.

The service accepts it

The pension agency verifies the signature and pays. What it learns is "alive, said the civil registry, ten minutes ago", and the audit trail shows exactly that request.

Run this exact flow in the live lab →

Open by design

Open source, on the standards wallets already speak.

Proofs are only useful if other systems can verify them. Registry Notary builds on the credential standards governments and wallet vendors are adopting, so nothing it issues locks anyone in.

Credentials follow open standards: SD-JWT VC issued over OpenID4VCI, signed with Ed25519, valid for a bounded time.
Issues to any wallet that implements these standards; there is no proprietary wallet to roll out.
Answers from the registries you already run; the registry owner decides what each proof may say.
Reports what the registry says; entitlement and policy decisions stay with the institution.

In the stack

Where Registry Notary sits.

The answering point runs three checks on every request. Registry Notary owns the last one, and signs what goes back: the case met the criteria, says the registry, and nothing more. Each product runs on its own; together they share one answering point.

The asker

Program · caseworker · AI agent

Never sees the record

asks a precise question →

← signed, minimized answer

One per registry · run by the registry’s own steward

The answering point

✓ May this service ask, for this purpose?
✓ Do the fields mean the same thing?
✓ Does the case meet the criteria? Registry Notary

Every check, every request

The registry

Records stay where they are

The record never leaves

For your technical team

The contracts, connectors, and conformance profile live in the docs.

Read the Notary docs Request pilot scope