Add trusted key-value server options #1264
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmdabbs
reviewed
Aug 27, 2024
|
|
||
| Either trusted server may optionally include a numeric `Data-Version` header on the response to indicate the state of the data that generated this response, which will then be available in bid generation/scoring and reporting. This version number should not depend on any properties of the request, only the state of the server. Ideally, the number would only increment and at any time would be identical across all servers in a fleet. In practice a small amount of skew is permitted for operational reasons, including propagation delays, staged rollouts, and emergency rollbacks. The version number should be formatted with only the digits `[0-9]` with no leading `0`s and fit in a 32-bit unsigned integer. | ||
| If `trustedBiddingSignalsCoordinator` or `trustedScoringSignalsCoordinator` is presented, the request will be sent to a trusted key-value-type server. Because the server is trusted, there is no k-anonymity constraint on this request. The browser needs to trust that the server's return value for each key will be based only on that key and the hostname, and that the server does no event-level logging and has no other side effects based on these requests. |
There was a problem hiding this comment.
Because the server is trusted, there is no k-anonymity constraint on this request.
Does opting into the TEE model enable more granular trusted bidding fetch info (e.g. full page url versus simply the top-level domain as mentioned here), or is this remnant wording? Reviewing the KV Server API the schema references hostname (versus page url or similar):
"properties": {
"hostname": {
"description": "The hostname of the top-level frame calling runAdAuction().",
"type": "string"
},
There was a problem hiding this comment.
This is remnant wording here, but I suspect the answer to your question is in #1105.
There was a problem hiding this comment.
Yep, I linked to @itaysharfi's comment in #1105.
JensenPaul
reviewed
Aug 27, 2024
FLEDGE.md
Outdated
| @@ -26,9 +26,11 @@ See [the Protected Audience API specification](https://wicg.github.io/turtledove | |||
| - [2.5 Additional Trusted Signals (directFromSellerSignals)](#25-additional-trusted-signals-directfromsellersignals) | |||
| - [2.5.1 Using Subresource Bundles](#251-using-subresource-bundles) | |||
| - [2.5.2 Using Response Headers](#252-using-response-headers) | |||
| - [3. Buyers Provide Ads and Bidding Functions (BYOS for now)](#3-buyers-provide-ads-and-bidding-functions-byos-for-now) | |||
| - [3. Buyers Provide Ads and Bidding Functions](#3-buyers-provide-ads-and-bidding-functions-byos-for-now) | |||
There was a problem hiding this comment.
This link looks broken by the change in section name below.
|
|
||
| Either trusted server may optionally include a numeric `Data-Version` header on the response to indicate the state of the data that generated this response, which will then be available in bid generation/scoring and reporting. This version number should not depend on any properties of the request, only the state of the server. Ideally, the number would only increment and at any time would be identical across all servers in a fleet. In practice a small amount of skew is permitted for operational reasons, including propagation delays, staged rollouts, and emergency rollbacks. The version number should be formatted with only the digits `[0-9]` with no leading `0`s and fit in a 32-bit unsigned integer. | ||
| If `trustedBiddingSignalsCoordinator` or `trustedScoringSignalsCoordinator` is presented, the request will be sent to a trusted key-value-type server. Because the server is trusted, there is no k-anonymity constraint on this request. The browser needs to trust that the server's return value for each key will be based only on that key and the hostname, and that the server does no event-level logging and has no other side effects based on these requests. |
There was a problem hiding this comment.
This is remnant wording here, but I suspect the answer to your question is in #1105.
FLEDGE.md
Outdated
| @@ -736,7 +744,7 @@ The `perInterestGroupData` dictionary contains optional data for interest groups | |||
|
|
|||
| The `updateIfOlderThanMs` optional field specifies that the interest group should be updated via the `updateURL` mechanism (see the [interest group attributes](#12-interest-group-attributes) section) if the interest group hasn't been joined or updated in a duration of time exceeding `updateIfOlderThanMs` milliseconds. Updates that ended in failure, either parse or network failure, are not considered to increment the last update or join time. An `updateIfOlderThanMs` that's less than 10 minutes will be clamped to 10 minutes. | |||
|
|
|||
| Similarly, sellers may want to fetch information about a specific creative, e.g. the results of some out-of-band ad scanning system. This works in much the same way as [`trustedBiddingSignalsURL`](#31-fetching-real-time-data-from-a-trusted-server), with the base URL coming from the `trustedScoringSignalsURL` property of the seller's auction configuration object. The parameter `experimentGroupId` comes from `sellerExperimentGroupId` in the auction configuration if provided. However, the URL has two sets of keys: "renderUrls=url1,url2,..." and "adComponentRenderUrls=url1,url2,..." for the main and adComponent renderURLs bids offered in the auction. Note that the query params use "Urls" instead of "URLs". It is up to the client how and whether to aggregate the fetches with the URLs of multiple bidders. | |||
| Similarly, sellers may want to fetch information about a specific creative, e.g. the results of some out-of-band ad scanning system. This works in much the same way as [`trustedBiddingSignalsURL`](#311-trusted-signals-server-with-byos-model). If `trustedScoringSignalsCoordinator` is not presented, it will send the trusted scoring signals fetch request to BYOS server, with the base URL coming from the `trustedScoringSignalsURL` property of the seller's auction configuration object. The parameter `experimentGroupId` comes from `sellerExperimentGroupId` in the auction configuration if provided. However, the URL has two sets of keys: "renderUrls=url1,url2,..." and "adComponentRenderUrls=url1,url2,..." for the main and adComponent renderURLs bids offered in the auction. Note that the query params use "Urls" instead of "URLs". It is up to the client how and whether to aggregate the fetches with the URLs of multiple bidders. | |||
There was a problem hiding this comment.
This needs to be reworded so it doesn't sound like the base URL only comes from trustedScoringSignalsURL when trustedScoringSignalsCoordinator is not presented, as the base URL only comes from trustedScoringSignalsURL always.
FLEDGE.md
Outdated
|
|
||
| For detailed specification and explainers of the trusted key-value server, see also the following: | ||
| As [noted in the key value trust model](https://github.com/privacysandbox/fledge-docs/blob/main/key_value_service_trust_model.md), the key value service is publicly queryable, so to prevent potentially leaking user information, keys should be either: not individually identifying (e.g. applying to many people, perhaps to all people who visited an advertiser page and that an ad campaign might show to) or unguessable (e.g. using random identifiers that are assigned at interest group join time and known only to the caller of joinAdInterestGroup). They should not be uniquely identifying and use guessable keys (e.g. hashed email address, name, or phone number). |
There was a problem hiding this comment.
This paragraph does not belong in the TEE-only section as it applies to both BYOS and TEE KV servers. Perhaps we could move it up to section 3.1
Add trustedBiddingSignalsCoordinator and trustedScoringSignalsCoordinator description.
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Aug 29, 2024
Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Aug 29, 2024
Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <[email protected]> Reviewed-by: Caleb Raitto <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Cr-Commit-Position: refs/heads/main@{#1348785}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Aug 29, 2024
Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <[email protected]> Reviewed-by: Caleb Raitto <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Cr-Commit-Position: refs/heads/main@{#1348785}
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Aug 31, 2024
…auction config, a=testonly Automatic update from web-platform-tests Add trustedScoringSignalsCoordinator to auction config Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <[email protected]> Reviewed-by: Caleb Raitto <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Cr-Commit-Position: refs/heads/main@{#1348785} -- wpt-commits: c215b3a6ed4c09185d8d60e0e0d16a11463b5f9b wpt-pr: 47865
i3roly
pushed a commit
to i3roly/firefox-dynasty
that referenced
this pull request
Sep 3, 2024
…auction config, a=testonly Automatic update from web-platform-tests Add trustedScoringSignalsCoordinator to auction config Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <[email protected]> Reviewed-by: Caleb Raitto <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Cr-Commit-Position: refs/heads/main@{#1348785} -- wpt-commits: c215b3a6ed4c09185d8d60e0e0d16a11463b5f9b wpt-pr: 47865
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Sep 6, 2024
…auction config, a=testonly Automatic update from web-platform-tests Add trustedScoringSignalsCoordinator to auction config Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <xtlsheepgoogle.com> Reviewed-by: Caleb Raitto <caraittochromium.org> Reviewed-by: Ken Buchanan <kenrbchromium.org> Cr-Commit-Position: refs/heads/main{#1348785} -- wpt-commits: c215b3a6ed4c09185d8d60e0e0d16a11463b5f9b wpt-pr: 47865 UltraBlame original commit: bf0b117d97126ec3d851e73edbe525cd3242bbc8
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Sep 6, 2024
…auction config, a=testonly Automatic update from web-platform-tests Add trustedScoringSignalsCoordinator to auction config Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <xtlsheepgoogle.com> Reviewed-by: Caleb Raitto <caraittochromium.org> Reviewed-by: Ken Buchanan <kenrbchromium.org> Cr-Commit-Position: refs/heads/main{#1348785} -- wpt-commits: c215b3a6ed4c09185d8d60e0e0d16a11463b5f9b wpt-pr: 47865 UltraBlame original commit: bf0b117d97126ec3d851e73edbe525cd3242bbc8
jamienicol
pushed a commit
to jamienicol/gecko
that referenced
this pull request
Sep 9, 2024
…auction config, a=testonly Automatic update from web-platform-tests Add trustedScoringSignalsCoordinator to auction config Add trustedScoringSignalsCoordinator to auction config for trusted scoring signals KVv2 fetching. Also add `maxTrustedBiddingSignalsURLLength` case for interest groups in `devtools_serialization.cc`. Explainer update: WICG/turtledove#1264 Bug: 337917489 Change-Id: I0061c914862513069658921a245b91c6e7958b08 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5805217 Commit-Queue: Tianyang Xu <[email protected]> Reviewed-by: Caleb Raitto <[email protected]> Reviewed-by: Ken Buchanan <[email protected]> Cr-Commit-Position: refs/heads/main@{#1348785} -- wpt-commits: c215b3a6ed4c09185d8d60e0e0d16a11463b5f9b wpt-pr: 47865
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add trustedBiddingSignalsCoordinator and trustedScoringSignalsCoordinator description.