Read Google's Upspin, Overview, Architecture, Access Control, Security.

Would Upspin make a good storage system for decentralized applications?

Assuming clients use encryption, can they view the servers as completely untrusted?

What entity enforces the permissions described in an Access file?

What is the relationship between Access files and encryption?

How does a client verify that it has read the correct data? I.e. that the data is the latest version of the desired file, written by a user who is allowed to write the file, and no-one has tampered with the data.

What happens when an encrypted file's Access file is changed so that fewer users have access to the file?

What happens if a file has Group permissions and is also encrypted?

If Alice's storage server is malicious, what attacks can succeed against Alice even if she uses encryption?

If Alice's directory server is malicious, what attacks can succeed against Alice even if she uses encryption?

If the Upspin name server (key.upspin.io) is malicious, what attacks can succeed against Alice even if she uses encryption?

The Upspin security page mentions Key Transparency as a possible replacement for Upspin's key.upspin.io service. Is Key Transparency less trusted or more decentralized than key.upspin.io? Is it similar to Blockstack?

What happens if two users write the same file at the same time?

How big an application (number of users sharing the same data) could Upspin support?