AffixIO AFFIXIO
Contact

Physical and digital gates

Signed allow or deny at every access boundary

Attribute-based policy checks with zero-knowledge selective disclosure. Same verification packet for turnstiles, API gates, and hybrid physical-digital access, with ML-DSA post-quantum proofs.

Open sandbox Integration patterns Evaluate
Diagram showing physical turnstile and API gate both receiving signed allow or deny from AffixIO verification
Access request arrives. AffixIO returns signed allow or deny before the gate opens or the API responds.

Where teams deploy access verification

The same verification packet applies to physical turnstiles, logical API boundaries, and hybrid campus deployments. Integrate once at the policy gate, not per surface.

Physical turnstiles

Offline-capable edge verify at gate controllers. Signed allow or deny without a live call to central identity stores during network outages.

surface: edge | offline_verify

Logical API gates

OpenAPI stateless boundary checks before downstream services execute. One binary outcome per request, not a confidence score.

surface: api | openapi

Hybrid campuses

One policy layer across building access, application APIs, and visitor flows. ABAC attributes evaluated once, deployed everywhere.

policy: abac | unified

Integrate once across surfaces

Integration patterns
Map of physical turnstile, API middleware, and campus app all connected to a single AffixIO policy layer
One policy layer spanning physical gates, API middleware, and campus applications

Same verification packet, every boundary

  1. Define ABAC policies once in AffixIO
  2. Deploy verification to edge controllers, API middleware, and mobile gates
  3. Receive signed allow or deny with selective disclosure, not standing profiles

Physical and digital gates share one attestation format. Auditors replay proofs without raw PII at the verifier. FIDO-bound credentials can feed the same policy layer.

edge_verify openapi_gate abac_policy selective_disclosure

Built for access control buyers

PQC verification

ML-DSA attestation under NIST FIPS 204 for access proofs that must still verify years from issue. PQC guide

GDPR Article 25

Data minimisation by design. Verifiers receive signed yes or no with selective disclosure, not full credential payloads or standing profiles.

Proof not log

No standing profile stored at the gate. Each decision is a replayable cryptographic proof, not a persistent identity record at the boundary.

Common questions

Full FAQ
How is AffixIO different from IAM?

IAM provisions identity and assigns roles. AffixIO verifies attribute-based policy at the access boundary and returns a signed allow or deny that gate hardware, API middleware, and audit systems consume independently.

Can turnstiles verify access offline?

Yes. Proofs validate at the edge without a live call to central identity stores. Gate controllers cache verification keys and policy roots so allow or deny decisions hold during network outages.

Why use post-quantum attestation for access control?

Access badges and long-lived credentials must still verify years from issue. ML-DSA signatures under NIST FIPS 204 protect signed allow packets stored at gates and in audit logs against harvest-now-decrypt-later attacks.

What is selective disclosure in access control?

The holder proves specific attributes satisfy policy (clearance level, membership, time window) without exposing the full credential or standing profile to the verifier. The gate receives yes or no with cryptographic proof, not PII.