Contact emails sval...@chromium.org, privacy-sand...@chromium.org
Spec https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit <https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#> https://github.com/WICG/trust-token-api Summary This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass <https://privacypass.github.io/> for anonymous tokens that can't be tracked between issuance and redemption. An Origin Trial for Trust Token started in M84 and is scheduled to end in M94. Due to the shift in the API from a primarily first-party issuance model to a third-party issuance model, we've gotten feedback from partners that spinning up the complex infrastructure and models for third-party issuance is taking longer than anticipated, in order to give issuers more time to experiment with this model, we'd like to extend the Origin Trial to M101 (April 2022). Link to “Intent to Prototype” blink-dev discussion https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/ Previous Intent to Extend: https://groups.google.com/a/chromium.org/g/blink-dev/c/-W90wVkS0Ks/m/HyICZtuuBAAJ Goals for experimentation For the continuation of the origin trial, we hope to continue to get more experimental data on the value of these token-derived signals from issuance schemes that take place in the third-party context, rather than where a strong first-party signal is available. Additionally, we are continuing to iterate on the API shape and modes to bring it more in line with the underlying Privacy Pass work being standardized in the IETF. Experimental timeline We'd like to extend the Origin Trial again to run to the end of M101 (April 2022). Any risks when the experiment finishes? As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes. As we don't maintain backwards compatibility between different versions of Trust Token ( https://github.com/WICG/trust-token-api/blob/main/ISSUER_PROTOCOL.md#version-history), as we update it based on ecosystem feedback, we don't expect there to be ecosystem burn-in as the issuers and redeemers are still required to update their implementations to continue functioning in the latest version of Chrome (and the server-side components of the API provided by the component updater maintains minimal compatibility so that older versions of the API will cease to function within a version release or so). As an extra measure of safety, we can also disable the API for a couple weeks to ensure that the ecosystem is not burning in the availability of the API. Reason this experiment is being extended https://groups.google.com/a/chromium.org/forum/?oldui=1#!msg/blink-dev/UIvia1WwIhk/DuXLKdF7AgAJ Due to the complexities of issuance strategies involving purely third-party based issuance, we've seen that issuers are needing a longer time to spin up their infrastructure and experiment logic in order to verify the usefulness of the API. Due to the scope and shape of this API, we'd like to get data from issuers who are using this API before trying to launch it, to help understand the efficacy of the API and the parameters that the shipped version of the API should be using/allowing. Ongoing technical constraints None. Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)? Yes. Link to entry on the feature dashboard <https://www.chromestatus.com/> https://chromestatus.com/feature/5078049450098688 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANduzxCRQpheUxNs-o4YR_Z-9OoqjUhxMHWd3Lh01%2BTPyoZTgA%40mail.gmail.com.
