Omkar & Steve have started on this. Understanding WMS and modeling system as it currently works, what trust boundaries are, what are identities.
Notes from AHM:
What do we trust entities in the WMS to do
-- DECISION: The Pegasus user and Submit Node are assumed not to be malicious.
-- System behavior with malicious user or submit node is undefined.
-- I.e. we do not defend against a user lying about what workflows they ran or when they ran them.
-- I.e. we do not defend against a compromised SN changing the user’s intention.
Initial adversaries:
-- Application-level data errors due to network, storage (bitrot) errors
--- E.g. Globus, XSEDE, UChicago use cases. CERN storage paper.
-- Explicitly not in computation, besides detecting lack of reproducibility.
Other potential adversaries:
-- Active network attacker
-- Active storage/data-at-rest attacker
Steve: How to get signed provenance information from entities? What does it mean for, e.g. Big Red, to sign something? Is there something useful we can do?
Notes from AHM: