Thanks Paul. Glad to hear there isn't a compat risk across cloud platforms.
Erik, could you also confirm that there shouldn't be a technical reason the Edge implementation won't be compatible with AWS and GCP over time? LGTM3 (not blocking on the above question). On Fri, Nov 8, 2024 at 10:59 AM Paul Jensen <pauljen...@chromium.org> wrote: > Hi OWNERS, > Regarding compatibility between Chrome and Edge, as you can see from the > above, the browser API and the wire protocol are aligned, and both browsers > are working to maintain that. The difference here is on policy questions > about a choice of what cryptographic keys to use, but implementations are > compatible across cloud platforms. > > On Thu, Oct 31, 2024 at 4:19 PM Erik Anderson <erik.ander...@microsoft.com> > wrote: > >> Hi everyone, >> >> Re: Ad Selection API and how it relates to Protect Audience API. As we’ve >> discussed in various forums, while there are important differences in our >> proposal vs. Bidding & Auction Services, we have a general goal to minimize >> the amount of work a developer needs to do in order to target both APIs. As >> a result, yes, the APIs are currently very closely aligned and we will >> proactively raise concerns via the associated GitHub repos and public calls >> if/where we think that is no longer possible. >> >> At the same time, there is one very large difference: the cloud TEE >> provider matrix. Microsoft is continuing to listen to feedback from the >> ecosystem about cloud execution environments for these TEE-based APIs. Our >> preview of the Ad Selection API currently supports Azure while Bidding & >> Auction Services supports AWS and GCP. >> >> My understanding is that the Azure team has been talking with the Bidding >> & Auction Services team for approximately the past year in the hopes of >> getting onboarded as a cloud provider. The Azure team believes they have >> met all of the criteria defined by Google for supporting public clouds and >> is actively maintaining a fork that includes Azure support. While that >> conversation is ongoing, we are deeply concerned that there is still no >> concrete timeline for support. Furthermore, Azure support is now being >> coupled to other longer-term milestones in the design of B&A. As a result, >> the Microsoft Ads team has been unable to broadly test this API in large >> part due to the dependency on Azure support. The Microsoft Azure team is >> open to feedback about how they can help accelerate things. >> >> Re: the request and response encoding in Ad Selection API. Yes, Ad >> Selection API leverages the same encryption as Bidding & Auction services. >> >> Re: the location and format of the coordinator keys that Chrome fetches. >> From a client browser perspective, it looks the same—Microsoft Edge >> provides a public key endpoint and uses the same key list schema. On the >> key management service side, Azure’s implementation looks a little >> different than what I believe you’re doing with AWS and GCP, but I believe >> that detail is out of scope here. >> >> Thanks, >> >> Erik >> >> >> >> *From:* Yoav Weiss (@Shopify) <yoavwe...@chromium.org> >> *Sent:* Wednesday, October 30, 2024 3:10 AM >> *To:* blink-dev <blink-dev@chromium.org> >> *Cc:* Mike Taylor <miketa...@chromium.org>; blink-dev < >> blink-dev@chromium.org>; Manny Isu <manny...@google.com>; >> beham...@google.com <behamil...@google.com>; Yoav Weiss < >> yoavwe...@chromium.org>; Erik Anderson <erik.ander...@microsoft.com>; >> Paul Jensen <pauljen...@chromium.org> >> *Subject:* Re: [blink-dev] Intent to Ship: Protected Audience Bidding & >> Auction Services >> >> >> >> LGTM2 >> >> On Tuesday, October 29, 2024 at 7:27:52 PM UTC+1 Mike Taylor wrote: >> >> Thanks - >> >> LGTM1 >> >> On 10/29/24 10:33 AM, Paul Jensen wrote: >> >> On a related note, we requested a TAG review of Bidding and Auction >> Services here <https://github.com/w3ctag/design-reviews/issues/1009>, >> and updated our standards-positions-asks to mention Bidding and Auction >> Services here >> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >> and here >> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085> >> . >> >> >> >> On Wed, Oct 23, 2024 at 12:29 PM Paul Jensen <pauljen...@chromium.org> >> wrote: >> >> Erik, >> >> >> >> Edge recently started an Origin Trial for the Ad Selection API >> <https://blogs.windows.com/msedgedev/2024/10/08/ad-selection-api-limited-preview/>, >> and I had three questions about its compatibility with Protected Audience >> Bidding & Auction Services: >> >> 1. The Ad Selection API details >> >> <https://github.com/WICG/privacy-preserving-ads/blob/main/API%20Details.md> >> says it “aims to maximize syntactic compatibility with the Protected >> Audience API”. Can you confirm that the Ad Selection API uses nearly the >> same web API as specified in the Protected Audience API specification >> <https://wicg.github.io/turtledove/>? >> 2. Is the Ad Selection API also using similar request and response >> encoding and encryption as specified in the Bidding and Auction >> Services specification >> >> <https://privacysandbox.github.io/draft-ietf-bidding-and-auction-services/draft-ietf-bidding-and-auction-services.html> >> ? >> 3. We recently posted the location and format of the coordinator keys >> that Chrome fetches >> <https://github.com/WICG/turtledove/pull/1309/files>. Does the Ad >> Selection API use a similar mechanism? >> >> >> >> On Fri, Oct 18, 2024 at 4:09 PM Paul Jensen <pauljen...@chromium.org> >> wrote: >> >> Yoav, our IETF service spec repository >> <https://github.com/privacysandbox/draft-ietf-bidding-and-auction-services> >> is already public and we verified anyone can file issues there. We also >> verified with more experienced standardization folks that its IPR settings >> look right. >> >> >> >> On Wed, Oct 16, 2024 at 10:23 AM Yoav Weiss (@Shopify) < >> yoavwe...@chromium.org> wrote: >> >> >> >> On Wednesday, October 16, 2024 at 4:00:00 PM UTC+2 Mike Taylor wrote: >> >> On 10/7/24 10:30 AM, 'Russ Hamilton' via blink-dev wrote: >> >> Contact emails >> >> pauljen...@chromium.org, behamil...@google.com >> >> >> Explainer >> >> Chrome: >> https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md >> >> Thanks - this was helpful to read. >> >> >> >> Services: >> https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_api.md >> >> Given that this service spec defines the protocols browsers and services >> would need to implement, could you move this to a more public venue? (where >> non-Google employees can comment, and files issues and PRs) >> >> >> >> Specification >> >> The web platform portion of the specification >> (navigator.getInterestGroupAdAuctionData() and the server response changes >> to navigator.runAdAuction()) is part of the Protected Audience spec >> <https://wicg.github.io/turtledove/>. >> >> The interface to the Bidding & Auction Services endpoint is described in >> https://privacysandbox.github.io/draft-ietf-bidding-and-auction-services/draft-ietf-bidding-and-auction-services.html >> >> >> Summary >> >> The Protected Audience API (formerly known as FLEDGE) is a Privacy >> Sandbox proposal to serve remarketing and custom audience use cases, >> designed so third parties cannot track user browsing behavior across sites. >> This proposal, the Protected Audience Bidding & Auction Services API, >> outlines a way to allow Protected Audience computation to take place on >> cloud servers in a Trusted Execution Environment (TEE), rather than running >> locally on a user's device. Moving computations to cloud servers can help >> optimize the Protected Audience auction, to free up computational cycles >> and network bandwidth for a device. >> >> >> Blink component >> >> Blink>InterestGroups >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >> >> >> TAG review >> >> For Protected Audience: >> https://github.com/w3ctag/design-reviews/issues/723 >> >> >> TAG review status >> >> Completed for Protected Audience, resolved unsatisfied. >> >> >> Risks Interoperability and Compatibility >> >> None. This is an optional new feature of the Protected Audience API. Ad >> techs can use this new feature by calling >> navigator.getInterestGroupAdAuctionData() and specifying values for new >> fields in the auction config. Without invoking the new function or explicit >> values for those new fields, there's no functional behavioral change as a >> result of this feature. >> >> >> >> *Gecko & WebKit*: No signal on parent proposal, Protected Audience. >> Asked in the Mozilla forum here >> <https://github.com/mozilla/standards-positions/issues/770>, and in the >> Webkit forum here >> <https://github.com/WebKit/standards-positions/issues/158>. >> >> *Edge: *Microsoft has proposed their Ad Selection API >> <https://github.com/WICG/privacy-preserving-ads/tree/main> as a similar >> TEE on-server auction API. That API looks like it would have a near >> identical Web Platform API as the Bidding and Auction Services API. We have >> biweekly meetings with Microsoft, and are open to collaborating on >> specifying the API. >> >> Can you elaborate more on "near identical"? Would it be possible to have >> an interoperable server-bidding API between the two proposals in the near >> term? >> >> >> >> *Web developers*: Extensive interest in this feature from adtechs, >> evidenced by the myriad of discussions on Protected Audience’s issue >> tracker <https://github.com/WICG/turtledove/issues>, Protected >> Audience’s weekly WICG calls >> <https://github.com/WICG/turtledove/issues/88>, and the Protected >> Auction Services WICG calls >> <https://github.com/WICG/protected-auction-services-discussion/issues/27> >> . >> >> >> Debuggability >> >> On-device API surfaces should be debuggable in Chrome DevTools, and we’ve >> added extensive mechanisms for debugging >> <https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md> >> Bidding >> and Auction services >> <https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_api.md#related-documents> >> . >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)? >> >> It will be supported on all platforms that support Protected Audience, so >> all but WebView. >> >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Lots of >> <https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/get-interest-group-auction-data.https.window.js> >> WPT tests >> <https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/server-response.https.window.js>. >> Remaining test coverage to be completed soon. >> >> Can you comment on what tests (or types of tests) are missing, and when >> you expect them to be done? >> >> >> >> >> Flag name on chrome://flags >> >> Overall control is not possible via chrome://flags, though the consented >> debugging support >> <https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md#adtech-consented-debugging> >> is controlled via chrome://flags/#protected-audience-debug-token >> >> >> Finch feature name >> >> FledgeBiddingAndAuctionServer >> >> >> Requires code in //chrome? >> >> Only for UI for the consented debugging support >> <https://github.com/privacysandbox/fledge-docs/blob/main/debugging_protected_audience_api_services.md#adtech-consented-debugging> >> . >> >> Just the chrome://flags UI, right? Or is there some other debugging UI >> that gets enabled when flipping that on? >> >> >> >> Anticipated spec changes >> >> No web-visible changes expected. >> >> Just to confirm, you're adding a new web-visible API (and have specced >> that) but are not changing any other PA APIs, correct? >> >> >> Estimated milestones >> >> Shipping to all applicable platforms in M130. >> >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/4649601971257344 >> >> >> Links to previous Intent discussions >> >> Intent to prototype: >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnSdvf7RgK2wxsmC6rWc8eRoqDZOvgwVFuEx1r2nqmAJg%40mail.gmail.com >> >> Intent to Experiment: >> >> https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/BwMKwPP6GQAJ> >> >> Intent to Extend Experiment: >> >> >> https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/xaJHFJ_uAAAJ >> >> Intent to Extend Experiment 2: >> >> >> https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I/m/RigQFZilAgAJ >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU3H_eSNfb7gzNn-OTbdvqsatiZMP53m1pN_3TpyNrzoeA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU3H_eSNfb7gzNn-OTbdvqsatiZMP53m1pN_3TpyNrzoeA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnbGCS%3D4gw3gtArJk5K4KyZT6g07Zog_aBqQhuj%3Doiz9g%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnbGCS%3D4gw3gtArJk5K4KyZT6g07Zog_aBqQhuj%3Doiz9g%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw964XeBiaV9y7G6nsUtQ2A2mLxHstvc1eOG-zseOWjzAA%40mail.gmail.com.
