Registry Stack

Solution · Evidence Gateway

Share verified evidence without sharing records.

Evidence Gateway is the governed path between a service that needs proof and the registry that holds the records. It checks who is asking and why, confirms the answer is current, and returns only what the request is allowed to receive: a single fact, a redacted result, a credential, or a clear no.

Try the live demo Read the docs

Where it fits

A governed path between a request and the records behind it.

Evidence Gateway sits between the systems that ask for evidence and the registries that hold the records. It makes each decision explicit, records why the decision was made, and returns only the answer the request is allowed to receive.

  • A service needs proof of a fact, not the full source record.
  • A workflow in one agency needs a fact from a registry another agency owns.
  • A credential needs to be issued from a registry, after the right checks, not from a copied record.
  • Approvals, refusals, and redactions all need to leave the same audit trail.
  • Evidence needs to move between institutions, across borders, or into a person’s wallet.

How it works

Every answer starts with a governed decision.

Governed evidence path

The source is read only after the request is allowed.

Every outcome leaves an audit record, whether the request was approved, redacted, or refused.

  1. Request

    The request

    A service asks for one fact about one subject, and says what it needs it for.

    purposesubjectrequested fact

  2. Decision

    Who is asking

    The request is checked against policy: is this caller allowed to ask this, for this purpose?

    identityscopepolicy

  3. Source

    Which source, how current

    The allowed source is chosen, and how recently it was updated is checked before it is used.

    sourcefreshness

  4. Disclosure

    What goes back

    Disclosure rules decide whether the answer is a value, a yes or no, a redacted result, a credential, or a clear no.

    redactioncredentialclear no
a single fact redacted result credential clear no audit trail
Evidence Gateway keeps the policy check, the source check, the disclosure rule, and the audit record in one governed path.

What it governs

The checks, the redaction, and the audit trail stay in one place.

The same path handles approvals, redactions, and refusals, so evidence exchange is not split across a policy document, a data connector, and an integration nobody can review.

Purpose and policyWho is askingWhich source answersHow current the answer isWhat may be disclosedA reviewable audit trailA clear reason for a no

How it is built

A solution, not another central system.

Evidence Gateway is delivered through three open-source products. Each keeps a narrow job, and a deployment composes only the pieces it needs.

Registry Notary

Checks the question against the registry and signs the answer, or issues a credential.

Open Registry Notary →

Registry Relay

Provides the safe, read-only reads from the source the answer is based on.

Open Registry Relay →

Interoperability

Built for evidence exchange across institutions, borders, and service channels.

The same governed path can support services in one country, work that crosses agencies, exchange that crosses borders, and answers that land in a person’s wallet. EU once-only and OOTS-style exchanges are one example of it, with each registry’s records staying under the authority that owns them.

See how safe registry reads work →

Where to start

Start with the part closest to the request.

Start with Registry Notary when you need a signed proof or a credential. Start with Protected Registry APIs when your first task is opening an existing registry safely.

Explore Registry Notary See Protected Registry APIs

For your technical team

The Evidence Gateway contract, the policy decisions, and the runtime surfaces live in the docs.

Read the technical docs Request pilot scope