Technical Overview
Signet Provenance is built on the Internet Computer Protocol — a blockchain that runs software directly, without traditional cloud infrastructure. What follows is how that shapes the platform's data model, storage, and access control.
Data Model & Provenance
Every specimen on Signet Provenance is a canister — a sovereign, addressable unit of computation on the Internet Computer with a stable on-chain identity analogous to a DOI.
A specimen canister holds three things: structured metadata (taxonomy, institution, licensing terms), large binary assets (3D meshes, textures, high-res imagery), and its own provenance ledger.
The ledger is built on ICRC-3, an open ICP standard for transaction records. Every meaningful event in the specimen's digital life — access granted, asset updated, license issued, ownership transferred — is recorded as a structured, hash-chained entry. Any tampering breaks the chain and is immediately detectable.
This creates an auditable lineage: not a claim of provenance, but a cryptographically verifiable record. Because ICRC-3 is an open standard, these records are interoperable and not locked to the Signet Protocol's implementation.
Storage & Certified Delivery
Artifacts live in stable on-chain storage and are delivered with built-in proof of authenticity.
Storage is organized into three logical areas: the provenance ledger, queryable metadata, and binary assets — kept separate so each can be accessed efficiently without touching the others.
Large assets like 3D models support streaming, so a viewer can render progressively without downloading the whole file upfront.
Certified HTTP means every response carries cryptographic proof that what was received matches exactly what the canister committed to. The institution isn't trusting Signet Provenance's word — the network itself attests to the data's integrity.
Access Control & Governance
Access is identity-aware and enforced at the canister boundary — not by convention, but by the platform's structure.
Authentication is handled by Internet Identity — WebAuthn-based, no passwords or seed phrases, anchored to the user's device. Institutions and individuals are assigned distinct principals; the platform distinguishes them at every call.
Role tiers are enforced at the canister level: public viewer, researcher, licensee, and steward. Every request is checked against the specimen's access policy before any data is read or any ledger write occurs. There is no way to bypass this at the application layer — it is enforced in the canister code itself.
The Orchestrator canister manages specimen canister lifecycle: deployment, upgrades, and indexing across the full collection. Institutions interact with the Orchestrator to register artifacts; the Orchestrator provisions and tracks the individual specimen canisters.
On the roadmap: vetKeys, an ICP primitive for threshold key derivation, will enable verified credential delegation — for example, a researcher proving institutional affiliation without the institution managing that manually.