On a related note, we requested a TAG review of Bidding and Auction
Services here <https://github.com/w3ctag/design-reviews/issues/1009>,
and updated our standards-positions-asks to mention Bidding and
Auction Services here
<https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278>
and here
<https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>.
On Wed, Oct 23, 2024 at 12:29 PM Paul Jensen <pauljen...@chromium.org>
wrote:
Erik,
Edge recently started an Origin Trial for the Ad Selection API
<https://blogs.windows.com/msedgedev/2024/10/08/ad-selection-api-limited-preview/>,
and I had three questions about its compatibility with Protected
Audience Bidding & Auction Services:
1.
The Ad Selection API details
<https://github.com/WICG/privacy-preserving-ads/blob/main/API%20Details.md>says
it “aims to maximize syntactic compatibility with the
Protected Audience API”. Can you confirm that the Ad
Selection API uses nearly the same web API as specified in the
Protected Audience API specification
<https://wicg.github.io/turtledove/>?
2.
Is the Ad Selection API also using similar request and
response encoding and encryption as specified in the Bidding
and Auction Services specification
<https://privacysandbox.github.io/draft-ietf-bidding-and-auction-services/draft-ietf-bidding-and-auction-services.html>?
3.
We recently posted the location and format of the coordinator
keys that Chrome fetches
<https://github.com/WICG/turtledove/pull/1309/files>. Does
the Ad Selection API use a similar mechanism?
On Fri, Oct 18, 2024 at 4:09 PM Paul Jensen
<pauljen...@chromium.org> wrote:
Yoav, our IETF service spec repository
<https://github.com/privacysandbox/draft-ietf-bidding-and-auction-services>
is already public and we verified anyone can file issues
there. We also verified with more experienced standardization
folks that its IPR settings look right.
On Wed, Oct 16, 2024 at 10:23 AM Yoav Weiss (@Shopify)
<yoavwe...@chromium.org> wrote:
On Wednesday, October 16, 2024 at 4:00:00 PM UTC+2 Mike
Taylor wrote:
On 10/7/24 10:30 AM, 'Russ Hamilton' via blink-dev wrote:
Contact emails
pauljen...@chromium.org, behamil...@google.com
Explainer
Chrome:
https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md
<https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md>
Thanks - this was helpful to read.
Services:
https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_api.md
<https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_api.md>
Given that this service spec defines the protocols
browsers and services would need to implement, could you
move this to a more public venue? (where non-Google
employees can comment, and files issues and PRs)
Specification
The web platform portion of the specification
(navigator.getInterestGroupAdAuctionData() and the
server response changes to navigator.runAdAuction())
is part of the Protected Audience spec
<https://wicg.github.io/turtledove/>.
The interface to the Bidding & Auction Services
endpoint is described in
https://privacysandbox.github.io/draft-ietf-bidding-and-auction-services/draft-ietf-bidding-and-auction-services.html
<https://privacysandbox.github.io/draft-ietf-bidding-and-auction-services/draft-ietf-bidding-and-auction-services.html>
Summary
The Protected Audience API (formerly known as FLEDGE)
is a Privacy Sandbox proposal to serve remarketing
and custom audience use cases, designed so third
parties cannot track user browsing behavior across
sites. This proposal, the Protected Audience Bidding
& Auction Services API, outlines a way to allow
Protected Audience computation to take place on cloud
servers in a Trusted Execution Environment (TEE),
rather than running locally on a user's device.
Moving computations to cloud servers can help
optimize the Protected Audience auction, to free up
computational cycles and network bandwidth for a device.
Blink component
Blink>InterestGroups
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups>
TAG review
For Protected Audience:
https://github.com/w3ctag/design-reviews/issues/723
<https://github.com/w3ctag/design-reviews/issues/723>
TAG review status
Completed for Protected Audience, resolved unsatisfied.
Risks Interoperability and Compatibility
None. This is an optional new feature of the
Protected Audience API. Ad techs can use this new
feature by calling
navigator.getInterestGroupAdAuctionData() and
specifying values for new fields in the auction
config. Without invoking the new function or explicit
values for those new fields, there's no functional
behavioral change as a result of this feature.
Gecko & WebKit: No signal on parent proposal,
Protected Audience. Asked in the Mozilla forumhere
<https://github.com/mozilla/standards-positions/issues/770>,
and in the Webkit forum here
<https://github.com/WebKit/standards-positions/issues/158>.
Edge: Microsoft has proposed their Ad Selection API
<https://github.com/WICG/privacy-preserving-ads/tree/main>as
a similar TEE on-server auction API. That API looks
like it would have a near identical Web Platform API
as the Bidding and Auction Services API. We have
biweekly meetings with Microsoft, and are open to
collaborating on specifying the API.
Can you elaborate more on "near identical"? Would it
be possible to have an interoperable server-bidding
API between the two proposals in the near term?
Web developers: Extensive interest in this feature
from adtechs, evidenced by the myriad of discussions
on Protected Audience’s issue tracker
<https://github.com/WICG/turtledove/issues>,
Protected Audience’s weekly WICG calls
<https://github.com/WICG/turtledove/issues/88>, and
theProtected Auction Services WICG calls
<https://github.com/WICG/protected-auction-services-discussion/issues/27>.
Debuggability
On-device API surfaces should be debuggable in Chrome
DevTools, and we’ve added extensive mechanisms for
debugging
<https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md>Bidding
and Auction services
<https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#related-documents>.
Will this feature be supported on all six Blink
platforms (Windows, Mac, Linux, Chrome OS, Android,
and Android WebView)?
It will be supported on all platforms that support
Protected Audience, so all but WebView.
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Lots of
<https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/get-interest-group-auction-data.https.window.js>WPT
tests
<https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/server-response.https.window.js>.
Remaining test coverage to be completed soon.
Can you comment on what tests (or types of tests) are
missing, and when you expect them to be done?
Flag name on chrome://flags
Overall control is not possible via chrome://flags,
though the consented debugging support
<https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md#adtech-consented-debugging>is
controlled via
chrome://flags/#protected-audience-debug-token
Finch feature name
FledgeBiddingAndAuctionServer
Requires code in //chrome?
Only for UI for the consented debugging support
<https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md#adtech-consented-debugging>.
Just the chrome://flags UI, right? Or is there some
other debugging UI that gets enabled when flipping
that on?
Anticipated spec changes
No web-visible changes expected.
Just to confirm, you're adding a new web-visible API
(and have specced that) but are not changing any other
PA APIs, correct?
Estimated milestones
Shipping to all applicable platforms in M130.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/4649601971257344
<https://chromestatus.com/feature/4649601971257344>
Links to previous Intent discussions
Intent to prototype:
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnSdvf7RgK2wxsmC6rWc8eRoqDZOvgwVFuEx1r2nqmAJg%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnSdvf7RgK2wxsmC6rWc8eRoqDZOvgwVFuEx1r2nqmAJg%40mail.gmail.com>
Intent to Experiment:
https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I
<https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/BwMKwPP6GQAJ>
Intent to Extend Experiment:
https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/xaJHFJ_uAAAJ
<https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/xaJHFJ_uAAAJ>
Intent to Extend Experiment 2:
https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/RigQFZilAgAJ
<https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/RigQFZilAgAJ>
--
You received this message because you are subscribed
to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving
emails from it, send an email to
blink-dev+unsubscr...@chromium.org
<mailto:blink-dev+unsubscr...@chromium.org>.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU3H_eSNfb7gzNn-OTbdvqsatiZMP53m1pN_3TpyNrzoeA%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU3H_eSNfb7gzNn-OTbdvqsatiZMP53m1pN_3TpyNrzoeA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
