sva...@chromium.org, privacy-s...@chromium.org
Design Doc
https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit
Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Experimental timeline
This experiment is intended to run through Chrome M84 to M87.
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
Contact emails
sva...@chromium.org, privacy-s...@chromium.org
Design Doc
https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit
Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Experimental timeline
This experiment is intended to run through Chrome M84 to M87.
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANduzxAHqCKWRz9o8uJeAtcE2cMGeKmYoDG1wPsTeiSTA_MRJQ%40mail.gmail.com.
Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Experimental timeline
This experiment is intended to run through Chrome M84 to M87.
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
--
Thanks for working on this. This seems like an important problem to solve!
On Tue, May 5, 2020 at 4:31 PM Steven Valdez <sva...@chromium.org> wrote:
Would've been good to also add a link to the explainer.Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Do you have partners lined up?What would the experiment look like? Who would need to sign up for an OT? The issuer? The redeemer 1P? The redeemer 3P?
--Experimental timeline
This experiment is intended to run through Chrome M84 to M87.
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Would love to understand if there are specific questions y'all want to answer with this experiment. If you could perhaps just outline those here, that would be great.With that nit, LGTM!Regards
On Wednesday, May 6, 2020 at 11:22:16 PM UTC-7, Yoav Weiss wrote:
Thanks for working on this. This seems like an important problem to solve!
On Tue, May 5, 2020 at 4:31 PM Steven Valdez <sva...@chromium.org> wrote:
Would've been good to also add a link to the explainer.Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Do you have partners lined up?What would the experiment look like? Who would need to sign up for an OT? The issuer? The redeemer 1P? The redeemer 3P?
--Experimental timeline
This experiment is intended to run through Chrome M84 to M87.
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Thanks for working on this. This seems like an important problem to solve!On Tue, May 5, 2020 at 4:31 PM Steven Valdez <sva...@chromium.org> wrote:Would've been good to also add a link to the explainer.Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
Initially this API will be available via an Origin Trial so that we can measure the usability and speed of this API.
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Goals for experimentation
For an initial origin trial we hope to see that token-derived signals can be used by third parties, captcha providers, DoS protection, ad networks, CDNs, for fraud detection without 3P-cookie based schemes. Additionally we'll be checking third-party latency metrics and Chrome heartbeat metrics to ensure that this API is not blocking user visible load.
Do you have partners lined up?
What would the experiment look like? Who would need to sign up for an OT? The issuer? The redeemer 1P? The redeemer 3P?