No Silent Denial

Expectation. The building shall communicate credential state, access system status, and denial reasons to the affected person, proactively and at the point of relevance.

Required.

• When a credential is issued, the holder receives confirmation of which entry points it covers and when it expires, if applicable.
• When entry is denied, the person receives the reason — credential expired, zone not authorized, system offline, credential not recognized, hardware fault — and a next step. No denial is silent.
• Denial information is provided in the language of the resident's configured interface.

Recommended.

• Credentials approaching expiration trigger a notification with sufficient lead time for renewal.
• Planned access system changes are communicated to residents in advance, including affected entry points, duration, and alternative entry instructions.
• If a denial is caused by a system fault rather than a credential fault, the building communicates estimated restoration time.
• The resident can view the current state of all their credentials — active entry points, expiration, scope — at any time.

In practice.

A resident receives a new credential. The confirmation states which entry points are active: lobby, elevator, unit, parking, bicycle storage, gym, rooftop. Expiration: none. The resident knows exactly where their credential works.

A guest credential expires at 6 PM. At noon, the guest receives a notification: access expires today at 6:00 PM, contact your host to extend. The guest contacts the resident before the lapse.

A resident presents their credential at the pool entrance. The response: zone not included in current credential — contact management to add pool access. The resident understands the credential works; the scope needs to change.

A building schedules elevator reader maintenance for Tuesday morning. On Monday evening, residents receive a notification: elevator readers offline 8–10 AM Tuesday, stairs accessible at all floors. At 10:15 AM, a follow-up: elevator access restored.

Failure modes.

Technical denial language. The system provides a denial reason, but it is a system code — "ERR-4031" or "Auth Timeout" — not a human-readable explanation. The person at the entry point cannot interpret it or act on it.

Wrong-channel notification. The system sends a credential expiration warning via email. The resident manages access exclusively through the mobile application and does not see the warning. The credential expires without the resident's awareness.

Accurate but incomplete. The system communicates a planned maintenance window and lists alternative entry instructions — but references a PIN-based method the resident was never shown and does not know how to use.

Test.

1. Issue a new credential. Confirm: the holder receives confirmation of active entry points and expiration.
2. Present an expired credential. Confirm: the system communicates expiration and a next step in human-readable language.
3. Present a credential outside its authorized zone. Confirm: the system communicates the zone restriction.
4. Trigger a system-side denial (simulate a system fault). Confirm: the person receives a message distinguishing it from a credential fault.