OpenModel: Some Limitations
<-- ^ -->
Accuracy (of validation)
will be limited by
-
the inevitability of missing/incorrect
models (see also below)
-
the usual complexity and incompleteness
of validation
-
models must be abstract ==> possibly
important detail left out
-
... but email case study shows
there can be significant heuristic value
"You can have my model but
not my configuration data"
-
Knowing config data constrains
state space ==> validation easier and more likely
-
proprietary and privacy concerns
(e.g. resource allocation, security, user information)
-
... Some config data is more sensitive than other (e.g. crypto keys vs peer addresses)
-
... maybe exposing some config
data will incent users to use (e.g. "convince me its secure")
Hidden agendas and conflicting
goals
-
models may purposely hide
or obfuscate activities/attributes undesirable to one stakeholder
-
e.g. collect personal info to
fill order but secretly use it also for marketing
-
e.g. advertise high quality service
but provide low quality to increase profits
-
Validator must remain aware of underlying game theory (incentive structure)
some cases where this is favorable: Email System, EAI/Reuse, some Web Service scenarios
-
Impossible to fix in general,
but monitoring (behavior sampling) and legislation may help