https://github.com/WICG/turtledove/pull/695
https://github.com/WICG/turtledove/pull/771
https://github.com/WICG/turtledove/pull/774
Protected Audience already supports a mechanism to ensure the authenticity and integrity of information passed into the auction from the seller called directFromSellerSignals. Currently this is implemented by the seller providing subresources in a WebBundle to the browser, which after a year of testing has proved to not be as efficient as originally planned. It either requires an entirely new additional fetch of a WebBundle, or for the seller to rewrite and rework an existing fetch to respond instead with only a WebBundle. This feature is a rewrite of directFromSellerSignals to use an HTTP response header, transferred via HTTPS same-origin with the seller, instead of a WebBundle to optimize performance.
The parent proposal, Protected Audience, is still pending: https://github.com/w3ctag/design-reviews/issues/723
Pending
Interoperability and Compatibility
None as this is an optional new way of providing directFromSellerSignals. It cannot be used jointly with the old mechanism, but there shouldn’t be a need to use the old mechanism.
Gecko & WebKit: No signal on parent proposal, Protected Audience. Asked in the Mozilla forum here, and in the Webkit forum here.
Web developers: Adtech asked for this via this Protected Audience Github issue.
This feature affects values provided to Protected Audience scripts (generateBid(), reportResult(), reportWin()) which are debuggable via Chrome DevTools. This feature also includes console log warnings on parse failures.
It will be supported on all platforms that support Protected Audience, so all but WebView.
We plan to add WPTs to cover this API in the next month.
None
FledgeDirectFromSellerSignalsHeaderAdSlot
False
Shipping on desktop and Android in M117.
None related to this feature.
https://chromestatus.com/feature/5165311598264320
This intent message was generated by Chrome Platform Status.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrkbaAuRoxPUtrQnxyS-W%3DfZjba1JN%2BHCHyLmKCKveHXOg%40mail.gmail.com.
Can you clarify what this does, as the explainer is not very explain-y?IIUC, the current flow to get directFromSellerSignals is to download a response A which contains a link to a WBN, then download the WBN and that contains the signal info.Your proposal is to change that so that the directFromSellerSignals information would be embedded in a response header on response A?
The original directFromSellerSignals worked by downloading a response A, from the seller’s origin, that is a WBN containing several subresources that represent signals from the seller to various auction participants -- no linking was involved.
If so, any more details on that header? What would be the header name? What payload sizes should we expect for the header's value? In what conditions will it actually be processed?
The name of the header is Ad-Auction-Signals, as mentioned here in the explainer: [0]. Currently, the payload size is limited to 1kb [1], but we’re considering increasing that to 10kb based on feedback. When Chrome conducts a Protected Audience auction, it processes any received Ad-Auction-Signals headers whose adSlot matches that of the auction. The header contains JSON that dictates which signals are sent to which auction participants.
Thanks,
-Caleb
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
On 9/7/23 6:00 PM, Caleb Raitto wrote:
Hi Yoav, some responses inline:
On Wednesday, September 6, 2023 at 12:15:45 PM UTC-4 Yoav Weiss wrote:
Can you clarify what this does, as the explainer is not very explain-y?
IIUC, the current flow to get directFromSellerSignals is to download a response A which contains a link to a WBN, then download the WBN and that contains the signal info.Your proposal is to change that so that the directFromSellerSignals information would be embedded in a response header on response A?
The original directFromSellerSignals worked by downloading a response A, from the seller’s origin, that is a WBN containing several subresources that represent signals from the seller to various auction participants -- no linking was involved.
You’re correct about this header-based version of directFromSellerSignals -- when Chrome downloads a response, from the seller’s origin, with fetch(..., {adAuctionHeaders: true}), the Ad-Auction-Signals header gets parsed as JSON to provide the signals.
If so, any more details on that header? What would be the header name? What payload sizes should we expect for the header's value? In what conditions will it actually be processed?
The name of the header is Ad-Auction-Signals, as mentioned here in the explainer: [0]. Currently, the payload size is limited to 1kb [1], but we’re considering increasing that to 10kb based on feedback. When Chrome conducts a Protected Audience auction, it processes any received Ad-Auction-Signals headers whose adSlot matches that of the auction. The header contains JSON that dictates which signals are sent to which auction participants.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c238b79-7120-4089-a8d7-dc1e67f956fcn%40chromium.org.
On 9/7/23 6:00 PM, Caleb Raitto wrote:
Hi Yoav, some responses inline:Thanks for the explanation - what's preventing https://github.com/WICG/turtledove/pull/695 from landing? It seems rather old (and references stuff that no longer exists, like `X-FLEDGE-Auction-Only`. (It also doesn't seem to define any error-handling for parsing the JSON that a server returns, which would be good to do.)
On Wednesday, September 6, 2023 at 12:15:45 PM UTC-4 Yoav Weiss wrote:
Can you clarify what this does, as the explainer is not very explain-y?
IIUC, the current flow to get directFromSellerSignals is to download a response A which contains a link to a WBN, then download the WBN and that contains the signal info.Your proposal is to change that so that the directFromSellerSignals information would be embedded in a response header on response A?
The original directFromSellerSignals worked by downloading a response A, from the seller’s origin, that is a WBN containing several subresources that represent signals from the seller to various auction participants -- no linking was involved.
You’re correct about this header-based version of directFromSellerSignals -- when Chrome downloads a response, from the seller’s origin, with fetch(..., {adAuctionHeaders: true}), the Ad-Auction-Signals header gets parsed as JSON to provide the signals.
If so, any more details on that header? What would be the header name? What payload sizes should we expect for the header's value? In what conditions will it actually be processed?
The name of the header is Ad-Auction-Signals, as mentioned here in the explainer: [0]. Currently, the payload size is limited to 1kb [1], but we’re considering increasing that to 10kb based on feedback. When Chrome conducts a Protected Audience auction, it processes any received Ad-Auction-Signals headers whose adSlot matches that of the auction. The header contains JSON that dictates which signals are sent to which auction participants.
Hi Mike,
Pull request 695 is the change to update the explainer to describe the new header-based directFromSellerSignals, whereas 771 and 774 are for the spec changes.
The explainer change describes usage of the new API and provides context for the differences between header-based and the prior bundles based versions of directFromSellerSignals, whereas the spec change describes how to implement the header-based version.
We intend to land all 3 pull requests.
Thanks,
-Caleb
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c238b79-7120-4089-a8d7-dc1e67f956fcn%40chromium.org.
Thanks, LGTM1 pending the PRs landing.
Thanks, LGTM1 pending the PRs landing.
On 9/12/23 12:29 AM, Caleb Raitto wrote:
Hi Mike,
Pull request 695 is the change to update the explainer to describe the new header-based directFromSellerSignals, whereas 771 and 774 are for the spec changes.
The explainer change describes usage of the new API and provides context for the differences between header-based and the prior bundles based versions of directFromSellerSignals, whereas the spec change describes how to implement the header-based version.
We intend to land all 3 pull requests.
Thanks,
-Caleb
On Monday, September 11, 2023 at 11:18:26 AM UTC-4 Mike Taylor wrote:
On 9/11/23 12:55 PM, Mike Taylor wrote:
On 9/7/23 6:00 PM, Caleb Raitto wrote:
Hi Yoav, some responses inline:
On Wednesday, September 6, 2023 at 12:15:45 PM UTC-4 Yoav Weiss wrote:
Can you clarify what this does, as the explainer is not very explain-y?
IIUC, the current flow to get directFromSellerSignals is to download a response A which contains a link to a WBN, then download the WBN and that contains the signal info.Your proposal is to change that so that the directFromSellerSignals information would be embedded in a response header on response A?
The original directFromSellerSignals worked by downloading a response A, from the seller’s origin, that is a WBN containing several subresources that represent signals from the seller to various auction participants -- no linking was involved.
You’re correct about this header-based version of directFromSellerSignals -- when Chrome downloads a response, from the seller’s origin, with fetch(..., {adAuctionHeaders: true}), the Ad-Auction-Signals header gets parsed as JSON to provide the signals.
If so, any more details on that header? What would be the header name? What payload sizes should we expect for the header's value? In what conditions will it actually be processed?
The name of the header is Ad-Auction-Signals, as mentioned here in the explainer: [0]. Currently, the payload size is limited to 1kb [1], but we’re considering increasing that to 10kb based on feedback. When Chrome conducts a Protected Audience auction, it processes any received Ad-Auction-Signals headers whose adSlot matches that of the auction. The header contains JSON that dictates which signals are sent to which auction participants.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWyKR0oFkjZqos1SmW1-q5DQajfnjsZDeOPJBRB2j45QA%40mail.gmail.com.
And gentle reminder to please land the spec PRs :)
LGTM3
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c238b79-7120-4089-a8d7-dc1e67f956fcn%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWyKR0oFkjZqos1SmW1-q5DQajfnjsZDeOPJBRB2j45QA%40mail.gmail.com.
LGTM3
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c238b79-7120-4089-a8d7-dc1e67f956fcn%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Thanks for the heads up. It would be nice to write WPTs for these
changes (to the extent that it's possible), rather than just
Chromium unit tests.
Understood, will do.-Caleb
LGTM3
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/5c238b79-7120-4089-a8d7-dc1e67f956fcn%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWyKR0oFkjZqos1SmW1-q5DQajfnjsZDeOPJBRB2j45QA%40mail.gmail.com.
Thanks Caleb!