Requested
A person or organisation has asked for access, but no private capability is active.
CAPPS Chosen Access Registry
Private access is invite-only, role-gated, time-limited and revocable.
This registry records the access model for people you choose without publishing names, contact data, private records, operator notes or internal approval material.
Chosen Access Rule
invite required
role assigned
expiry required
revocation supported
Access States
Every private lane needs an explicit state.
Approved
A chosen role is approved with scope, expiry, evidence hash and operator review.
Limited
Access is reduced to public-safe routes, read-only review or narrow test permissions.
Revoked
Access is removed and future requests require a new review.
Role Gates
Chosen access is scoped by purpose, not broad trust.
Parent PilotPublic-safe pilot intake, aggregate feedback and approved communication lanes.
School PilotInstitution review, safeguarding workflow review and non-clinical evidence gates.
Cyber ReviewerSecurity review scope, public route checks and responsible disclosure workflow.
Developer PartnerSDK review, public API testing and signed integration receipts.
OperatorPrivate deployment and admin work only through deliberate authenticated systems.
Audit Boundary
The public registry proves rules, not private people.
Public Proof
Role model, state model, revocation rule, expiry rule and evidence-hash format.
Private Record
Names, contacts, identity evidence, health records, school records and operator notes stay outside the public bundle.
Revocation
Expired, unsafe, unsupported or no-longer-needed access must be removed rather than left open.
Review Loop
Access rights are rechecked when scope changes, routes change, evidence changes or a pilot phase ends.