Data Architecture¶
Status: UPDATE NEEDED Migrated from: Notion (managed-trust.com workspace) Migration date: 2026-02-12 Review required: Yes
Purpose¶
Overview of COOWN's data architecture on the Internet Computer Protocol (ICP), including canister structure, data flows, and key design decisions.
Architecture Overview¶
COOWN operates across two main environments — Main (Production) and Beta (Testing) — each containing frontend and backend canisters. An additional shared Signer Canister provides cryptographic services for cross-chain transactions.
See Canister Configurations for specific canister IDs and deployment details.
Key Diagrams¶
The following diagrams are maintained on Google Drive (links below). Source files are in draw.io format.
- Activity Diagram: Google Drive
- Entity Relationship Diagram: Generated via PlantText
- Backend Overview: Google Drive
- Use Case Diagram: Google Drive
- Revenue Allocation & Staking Rewards: Google Drive
- Platform Activity Matrix: Google Drive
Canister Architecture¶
In the prototyping phase, a simplified architecture with few canisters is used. This may change for production.
Canister Types and Responsibility¶
| Canister Type | Level | Responsible (Prototype/MVP) | Responsible (Alpha/Beta) | Responsible (Later Releases) |
|---|---|---|---|---|
| Frontend Canister | Global | Software Developer | Platform Provider | Platform Provider |
| Global Governance Canister | Global | Software Developer | Platform Provider | Platform Provider |
| Global User Array | Global | Software Developer | Platform Provider | Platform Provider |
| Global User-Group Array | Global | Software Developer | Platform Provider | Platform Provider |
| Global Parent Canisters | Global | Software Developer | Platform Provider | Platform Provider |
| IPFS Storage Container | Global | Platform Provider | Platform Provider | Platform Provider |
| Regional CRM Canister | Regional | Software Developer | Platform Provider | Regional Operator |
| National AML Canister | National | Software Developer | Platform Provider | Regional Operator |
| National Markets | National | — | Platform Provider | Regional Operator |
| User Canisters (Ledger) | Personal | Software Developer | Platform Provider | Platform Provider |
| Enterprise User-group Canister | Personal | Software Developer | Platform Provider | Regional Operator |
| Community User-group Canister | Personal | Software Developer | Group Admins | Group Admins |
| Marketplace Item Canisters | Personal | — | — | Group Admins |
Frontend Communication¶
The frontend app interacts with the backend canister through ic0, enabling communication and data transfer. User profile data is encrypted using SHA-256 with a unique per-user key. The app is hosted on ICP with SSL/TLS certificates issued by Let's Encrypt.
Data Management on ICP¶
For detailed ICP data management concepts, see the external documentation: - Data Management on ICP (Google Doc) - Data Architecture Description (Google Doc)
DAO Concept for Group Canisters¶
Core Approaches¶
- Multi-Signature (MultiSig) Canisters — Configurable threshold signatures from a set of principals for administrative actions.
- Custom DAO Governance Canister — Dedicated canister managing proposals, voting, and execution; acts as controller of application canisters.
- Scheduled Upgrade Canisters — Time-locked upgrades with DAO member review period.
Group Canister Lifecycle¶
| Stage | Controller(s) | Data Access | Asset Spending Trigger | Asset Spending Approval |
|---|---|---|---|---|
| Creation | Founder | Users (limited), Foundation | Founder | Founder and delegated users, Regional AML Officer |
| Shareholder Control | Shareholder Assembly (DAO); multi-sig | Users (limited), Foundation | Group Users (not Foundation, not AML Officers) | Shareholder Assembly (DAO) and delegated users, Regional AML Officer |
Key Security Principles¶
- Private keys are generated and stored on user devices via Internet Identity (WebAuthn). Keys never leave the device.
- All sensitive actions (asset transfers, upgrades) require on-chain DAO approval.
- Confidential data is encrypted client-side and only accessible to authorized parties via canister logic.
- Regional Operators can freeze accounts for compliance but never access private keys.
- System administrators are never controllers and cannot access user keys or assets.
Actor Summary¶
| Actor | Canisters Controlled | Private Key Access | Main Actions |
|---|---|---|---|
| System Admin | Front-end, Main Backend, Parent Group | Deployment keys only | Deploy/upgrade; no access to group assets |
| Regional Operator | None | No | KYC/AML review, freeze accounts/transactions |
| Customer (Founder) | Child Group Canister (initially) | Device-bound | Create group, set rules, approve transactions |
| User (Member) | None | Device-bound | Participate, spend within limits, vote in DAO |
| DAO (Shareholders) | Child Group Canister (after switch) | Collective, device-bound | Vote, approve, manage group collectively |