Skip to main content

System Architecture

The GoVote-IO system is built with a microservices architecture that prioritizes security, transparency, and reliability. This document provides an overview of the system's major components and how they interact.

Core Services

The system is composed of the following core services:

1. Election Service

  • Repository: govote_election_service
  • Purpose: Provides CRUD operations for creating and managing elections
  • Features:
    • Election creation and configuration
    • Candidate management
    • Ballot design
    • Results publication

2. Authentication Service

  • Repository: govote_authentication_service
  • Purpose: Handles authentication for voters, poll workers, and administrators
  • Features:
    • Secure identity verification
    • Role-based access control
    • Two-factor authentication for administrators
    • Anonymous voting token generation

3. Voter Service

  • Repository: govote_voter_service
  • Purpose: Manages the voting process and records votes
  • Features:
    • Ballot presentation
    • Vote recording
    • Receipt generation
    • Multi-cloud storage replication

Data Flow

The voting process follows this general flow:

  1. Election Setup: Administrators configure an election through the Election Service
  2. Voter Verification: Voters are verified at polling locations via the Authentication Service
  3. Vote Casting: Voters receive a secure, anonymous token to cast their vote via the Voter Service
  4. Vote Storage: Votes are stored redundantly across multiple cloud providers
  5. Results Publication: Once the election is closed, results are tallied and published

Security Model

Security is built into every layer of the architecture:

  • End-to-End Encryption: All data in transit is encrypted
  • Multi-Cloud Redundancy: Vote data is replicated across AWS, Azure, and Google Cloud
  • Identity Separation: Voter identity verification is completely separated from vote casting
  • Audit Trail: Comprehensive logging and monitoring without compromising voter privacy
  • Geofencing: Voting is restricted to authorized physical locations

Deployment Models

GoVote-IO supports multiple deployment options:

  1. Cloud-Based SaaS: Centrally managed solution for jurisdictions without IT infrastructure
  2. Self-Hosted: Runs on local Kubernetes clusters for jurisdictions that prefer to manage their own infrastructure

Both models maintain identical security features and capabilities.

Technical Stack

  • Backend: Go programming language with Goa framework
  • Data Storage: Distributed database with multi-cloud replication
  • API Design: RESTful APIs with OpenAPI specifications
  • Security: TLS 1.3, multi-factor authentication, hardware security keys

Future Architecture Enhancements

We have plans to extend the architecture with:

  1. Advanced analytics capabilities
  2. Support for additional voting methods (ranked choice, proportional)
  3. Enhanced accessibility features
  4. Additional language support beyond English and Spanish

For more detailed technical specifications, please refer to our GitHub repositories.