Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
Jonathan Hoyland <jonathan.hoyland@gmail.com> Thu, 07 September 2023 22:28 UTC
Return-Path: <jonathan.hoyland@gmail.com>
X-Original-To: ufmrg@ietfa.amsl.com
Delivered-To: ufmrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B51CC14CE2E for <ufmrg@ietfa.amsl.com>; Thu, 7 Sep 2023 15:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wjb77ZyMMf6h for <ufmrg@ietfa.amsl.com>; Thu, 7 Sep 2023 15:28:14 -0700 (PDT)
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com [IPv6:2607:f8b0:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DFB9C14CE46 for <ufmrg@ietfa.amsl.com>; Thu, 7 Sep 2023 15:28:14 -0700 (PDT)
Received: by mail-pg1-x52f.google.com with SMTP id 41be03b00d2f7-570a432468bso1899898a12.0 for <ufmrg@ietfa.amsl.com>; Thu, 07 Sep 2023 15:28:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694125693; x=1694730493; darn=ietfa.amsl.com; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mlgxFGnodC8IQaDsEkLZHIkXGZOBwgbYttVybFV9SuY=; b=BtqDhJQFcmmASVMo0B3wCDAZesO2yl74yYMvTw8qslDH3hFGAwJbEFpgPbroqad0u5 C0kYFl00o0A3PFnXz/Bodw+JfUFlMrYab7h/xJYStPzANPauJiVGHZuB3WkFDDJdOvwQ 3xVXJrGrE/iMtU8i+Y1sZ0+riOZBZADA2XuihC5AWv/U7wIEF/jYj3XenwkH1YM3pDQy Hn/M+nuCktESnnNenM1XE+Yd8v32HCbqcBATVlDZgZ7rVBYJqNyzzXZNeoqg7AZ9oYrA +gWjKwBL1fPCGvRM3BoPd+rKgNWstHv1/E1rCtal927waDqYh4iTVtmWagtzsYqQeRj1 9dow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694125693; x=1694730493; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mlgxFGnodC8IQaDsEkLZHIkXGZOBwgbYttVybFV9SuY=; b=SPGdHvUxYrNQJupr07a9t8SfDu81MVLXKNy3wltPuuEb5WRmoMGlGaH6sEye/dKgMi f8KLBwGspjDUXOMdTFRKLLV/JwVLjiKFe/QaZ2sLNUGS8Ez41tdTVHsK0+Lw0SdqRS81 gxgcz+t12gD59Bro4PAxZMNcQ2ui7RP4ldXueb8RXUUnEnXAV6wQaK1aX57Ta0NWD50g b6GYlv5fu72R2cLKZyLb+oKjNRXAsy7w9r7fbnT0XeBIC6kL9mz5pCdc1IBUxeQSiA7q JilU7ihFe5S8W6AA5wxb4hBWEFS5zQZfDVhywBdGXx4XOnQ6sl4ZS9c0SX3EeDa8nGWW ZTRA==
X-Gm-Message-State: AOJu0YzvhGbqqt7ivPkCmqIhwGFUIQDz6IVwXwws9g611FLZA/1ytYxZ FRuS2enoAG6MqlUNSit/ua9dV6WPGcqNvC8DL+HDYP82FBQ=
X-Google-Smtp-Source: AGHT+IFsTV1Bw/i36j0of4vV6esD7fjTGwOTslGiEOX2iMfP2PJj+8F2cvTeFrRjMxjkI14Mzq0BpWgxPdkAWlXJwI4=
X-Received: by 2002:a17:90a:17a8:b0:26b:36a4:feeb with SMTP id q37-20020a17090a17a800b0026b36a4feebmr4842263pja.8.1694125693168; Thu, 07 Sep 2023 15:28:13 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR09MB76899049A294230B248B1428B9E4A@PH0PR09MB7689.namprd09.prod.outlook.com> <9b35faa9-923a-4258-28a4-7577635101df@cs.tcd.ie> <PH0PR09MB7689628541D0ABDCF1FFD05BB9EEA@PH0PR09MB7689.namprd09.prod.outlook.com>
In-Reply-To: <PH0PR09MB7689628541D0ABDCF1FFD05BB9EEA@PH0PR09MB7689.namprd09.prod.outlook.com>
From: Jonathan Hoyland <jonathan.hoyland@gmail.com>
Date: Thu, 07 Sep 2023 23:27:59 +0100
Message-ID: <CACykbs1AUJ2LmDtFxkLkrrZfMnU89AxMXyd4gt5EVneEyPsSRA@mail.gmail.com>
To: Joshua D Guttman <guttman@mitre.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, ufmrg@ietfa.amsl.com
Content-Type: multipart/alternative; boundary="000000000000256ff10604cc6029"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ufmrg/G04YMakXlkYy_NZlth0jxnJqNUA>
Subject: Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
X-BeenThere: ufmrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Usable Formal Methods Research Group <ufmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ufmrg/>
List-Post: <mailto:ufmrg@irtf.org>
List-Help: <mailto:ufmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 22:28:18 -0000
Hi Joshua, One piece of feedback I get when I ask people why they don't use formal methods is that there is no intermediate level training available. There is documentation for some tools, and sometimes YouTube tutorials for the basics, but unless you work with the tool authors, or people experienced in modelling, there isn't somewhere to learn all the tips and tricks necessary to prove complex things. So people get through a very basic tutorial, and then go look at papers that include huge, complex models, and have no idea how to get between those two places. The goal of the training is to hopefully build up a set of recorded pieces of training that help people use the tools as they are. By running multiple trainings the hope is to provide a pathway, along with a place you can go and ask questions of experts. Certainly one of my hopes for this group is that we can provide actionable feedback to tool authors so that they can improve their tools, but starting with the things we can achieve without going outside the group seems like the best way to get started. Another thing I think we can do fairly immediately is provide guidance on which tools might be most appropriate for which tasks, and thus help work out what work needs to be done to prove the properties we want. So overall I agree with Stephen's 1c, and mostly 2c. I think the training (along with making the materials available) does make the tool more useable, even though I agree a proper usability study would be even better. I do think there are a number of easy usability improvements to be had in many tools before we need to go for a usability study, so I don't think we're completely unable to proceed on that front. We are definitely looking for people who have a background in things like user studies to help us make both the training and the group overall a success, so if you have suggestions (or even suggestions of people we can ask) they would be very gratefully received. Regards, Jonathan On Thu, 7 Sept 2023, 23:04 Joshua D Guttman, <guttman@mitre.org> wrote: > I was really impressed by the fast three minute > > response, just before the interim mtg a week ago. > > > > But I'm not sure that the reply really gets to the > > heart of the matter. > > > > You write: > > > > > 1(c) is fine > > > > in response to: > > > > >> 1. I'm a little unsure whether the primary > > >> goal is: > > >> > > >> (a) To determine whether formal > > >> methods are effectively usable for > > >> IETF-type purposes; > > >> > > >> (b) To persuade people that formal > > >> methods are effectively usable for > > >> IETF-type purposes; or > > >> > > >> (c) To cause formal methods to become > > >> more effectively usable for IETF-type > > >> purposes. > > >> > > >> Of course, a possible response is to > > >> give a blend of more or less of these > > >> three components. And maybe > > >> additional components? But what would > > >> be the right characterization? > > > > What makes this a bit askew is the fact that the > > most visible activities -- such as the planned > > tutorials at the Nov 4 Prague meeting -- really > > seem to me closer to 1(b). > > > > I guess the tutorial goal is primarily education. > > Since formal methods are in fact very useful, one > > expects education to be key to "persuading people > > that formal methods are effectively usable for > > IETF-type purposes." ( :- ) > > > > And I suspect that persuading and educating may be > > a more achievable goal for the UFMRG than actually > > causing formal methods to become more effectively > > usable. > > > > That requires instead a lot of research, both with > > a high level of insight into formal modeling and > > proving, and with a bunch of user studies and > > appraising the kinds of people who could benefit > > from specific kinds of FM. > > > > Would the 4 Nov tutorials even give us any insight > > into the latter? > > > > It's conceivable but might require some > > coordination and restructuring. > > > > More on question (2) in a separate msg. I'd be > > eager to know what people think about these > > aspects of question (1). > > > > Joshua > > > > On 9/1/23, 12:01, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote: > > > > 1(c) is fine, 2(c) is closest but not quite right > > > > On 01/09/2023 16:58, Joshua D Guttman wrote: > > > May I ask a few questions about the UFMRG goals? > > > > > > 1. I'm a little unsure whether the primary goal > > > is: > > > > > > (a) To determine whether formal methods are > > > effectively usable for IETF-type purposes; > > > > > > (b) To persuade people that formal methods are > > > effectively usable for IETF-type purposes; > > > or > > > > > > (c) To cause formal methods to become more > > > effectively usable for IETF-type purposes. > > > > > > Of course, a possible response is to give a > > > blend of more or less of these three > > > components. And maybe additional components? > > > But what would be the right characterization? > > > > > > 2. Along another axis, we sometimes have > > > different formal methods that may be useful > > > for different sets of goals (eg establishing > > > that a program respects an inductive invariant > > > vs establishing that a protocol achieves an > > > authentication goal), and maybe also competing > > > formal methods that approach the same goals in > > > different (or similar :- ) ways. > > > > > > Do we aim to: > > > > > > (a) Identify some methods as suitable for some > > > kinds of goals? > > > > > > (b) Grade the usability of some "competing" > > > methods for overlapping goals? > > > > > > (c) Identify combinations of methods for > > > purposes that require several kinds of > > > results? > > > > > > Again, blends may make sense together. > > > > > > Thanks! > > > > > > Joshua > > > > > > > > > -- > Ufmrg mailing list > Ufmrg@irtf.org > https://www.irtf.org/mailman/listinfo/ufmrg >
- [Ufmrg] A few questions about UFMRG goals Joshua D Guttman
- Re: [Ufmrg] A few questions about UFMRG goals Stephen Farrell
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Joshua D Guttman
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Jonathan Hoyland
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Muhammad Usama Sardar
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Nadim Kobeissi
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Hans-Dieter Hiep
- Re: [Ufmrg] [EXT] Re: A few questions about UFMRG… Gergely Buday