Validating personal requirements by assisted symbolic behavior browsing

Risks and hazards abound for users of today´s large scale distributed telecommunications and e-commerce systems. Service nodes are documented loosely and incompletely, omitting functional details that can violate stakeholder requirements and thwart high level goals. For example, it is not enough to know that a book finding service locates a book for no more than a set price; does the chosen book vendor use an acceptable delivery mode and service? Does it retain or abuse personal information? The OpenModel paradigm provides the basis for a solution: instead of interface information alone, each node publishes a behavioral model of itself. However, large scale and multi-stakeholder systems rule out the use of traditional validation technologies, because state spaces are far too large and incompletely known to support concrete simulation, exhaustive search, or formal proof. Moreover, high level personal requirements like privacy, anonymity, and task success are impossible to formalize completely. This work describes a new methodology, assisted symbolic behavior browsing, and an implemented tool, GSTVIEW, that embodies it to help the user recognize potential violations of high level requirements. The paper also describes case studies of applying GSTVIEW in the domains of email and Web services.