What is the best way of implementing a provenance system based on nem?


Hello everybody
I’m trying to implement a provenance tracking system based on nem. so far I could’ve used nem-sdk and the apostille system to create apostilles and customized certificates. I know a provenance system like luxtag exists but as I want to implement it myself there are some vague parts in my mind about it that I would be pleased if you can make it clear to me.
The scenario and what is in my mind is as follows:
Suppose that I want to become a blockchain-based notary for some physical assets, the owners of the assets (let’s consider them some artifacts) ask me to provide them with provenance certification. I can confirm the originality and then issue the certificate. Now using nem this is what is in my mind:
I take a picture of the artifact , and then upload it along with the information of its owner as the description using the apostille system(the reason I use the picture is that in the final generated certificate I want to include the picture inside the certificate just for visual reasons), I then have a dedicated HD account, containing the info that can be shared as the provenance certificate. the question is that when we talk about provenance it means that the owner may change and these changes of owners must be trackable. how can I give the ability of changing the provenance owner to the new owner? should I use multisig feature? how can I make the multisig account to work on that special document? how can I use mosaics to create something like colored coin?
I am a bit confused here.
In fact, I create an apostille(and to make it more secure I wanna use a multisig account). now after I have the apostille how I can handle the changing of owner?. The owner must make a request to me to update the apostille info? or I can somehow make it available for the owners to transfer the ownership? What is the best way to make it trackable for the users? cos I am going to have a layer over nem to make things simple for users that are not familiar with blockchain.
I would be pleased if you let me know a more detailed policy and the sdk features that I may use.
Thanks in advance

Well, I have found 2 solutions:
First I create an apostille, then I make the dedicated HD account a multisig one somehow that it has 3 cosigners(I want my root account to have 3 cosigners just for more security), then I create a wallet for every user that wants to use the provenance system (to make it secure I make a simple wallet for the user when they register and then encrypt the private key with their site password so that on every necessary action they enter their password for their private key to be found,that is what nanowallet do when exporting wallets as far as I know). for every hd account to be transferred at least two signatures are necessary so that every time the owner wants to transfer the artifact ownership to another one at least one of the three main owners of system should confirm the ownership transfer(this is necessary in our policy). when it is confirmed the previous owner cosignatory is deleted and the new one is replaced)

another way is to keep the ownership of the hd account for the notary system, but attach a message to the file and encrypt the information of the owner in the message and on every transaction, the notary updates the encrypted message so that the user’s don’t even need to have a nem wallet and etc. then using the private key of the hd account users can track provenance and as the hd account is a multisig one they cannot change anything. I personally prefer this method however I am not sure whether it is possible to send a message along with an apostille or not? I see there is a field for tags, should I use that field?

I really appreciate if you let me know your views on the topic


@r3n3 @jabo38