SLATE Application Reviewer Obligations

VersionCommentEffective Date
1.0Initial VersionSeptember 25, 2020
2.0Updated review proceduresMarch 23, 2021

In order to safely operate the SLATE Platform, the SLATE Platform Administrators require that SLATE Application Reviewers agree to the following:

The SLATE Platform Administrators may deny applications or remove them from the catalog out of urgent concern for the security or interoperability of the overall platform.

To support Application Reviewers’ observance of these obligations, SLATE Platform Administrators will:

  • Offer consultation, answer questions, and work to resolve any ambiguities with the overall process as described in the SLATE Application Development and Review Procedures document.
  • Provide information about Trusted Image Sources.

For the safety of participating sites in the SLATE federation, Application Reviewers will ensure that applications in the SLATE catalog:

  • Do not contain knowingly malicious software.
  • Do not contain knowingly vulnerable versions of application software or dependencies.
    • Reviewers will make reasonable efforts to check the version of the application against organizations such as the NIST National Vulnerability Database (NVD).
  • Are not configured by default to allow unrestricted network proxying or tunneling.

This document is a policy of the SLATE (Services Layer at the Edge) project, supported by the National Science Foundation Office of Advanced Cyberinfrastructure: “CIF21 DIBBs: EI: SLATE and the Mobility of Capability”, award number OAC-1724821