Intent to Ship: Private Aggregation API: filtering IDs

15 views
Skip to first unread message

Alex Turner

unread,
4:05 PM (3 hours ago) 4:05 PM
to blink-dev

Contact emails

ale...@chromium.org

Explainer

https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/flexible_filtering.md

Specification

https://github.com/patcg-individual-drafts/private-aggregation-api/pull/123

Summary

Modifies the Private Aggregation API to add a 'filtering ID' to the aggregatable reports' encrypted payloads. This ID allows histogram contributions with different filtering IDs to be processed separately on the aggregation service. A list of filtering IDs could be provided in an aggregation query and any contributions not matching a listed ID will be filtered out, not contributing to the result. To support the new feature, we update the report version to "1.0" (from "0.1"). By the time this is launched to Stable, all valid aggregation service releases will support the new report version, avoiding backwards compatibility concerns. (Old releases are deprecated on a regular schedule.)



Blink component

Blink>PrivateAggregation

TAG review

https://github.com/w3ctag/design-reviews/issues/846 (We have not requested a signal for these changes specifically.)

TAG review status

Pending

Risks



Interoperability and Compatibility

The Aggregation Service (used to process the aggregatable reports) typically allows its releases to be used for up to six months. To reduce the compatibility impact of this change, we are waiting until all current Aggregation Service releases support the new version before rolling to Stable.



Gecko: No signal (https://github.com/mozilla/standards-positions/issues/805) We have not requested a signal for this change specifically. The Gecko position on Shared Storage (one of the ways Private Aggregation is exposed) is negative.

WebKit: No signal (https://github.com/WebKit/standards-positions/issues/189) We have not requested a signal for this change specifically.

Web developers: Positive signals for broad feature (https://github.com/patcg-individual-drafts/private-aggregation-api/issues/92

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

No new debug capabilities beyond the existing internals page (chrome://private-aggregation-internals) and temporary debug mode. These capabilities do support the new filtering IDs.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

All but Webview



Is this feature fully tested by web-platform-tests?

Yes

Flag name on chrome://flags

None

Finch feature name

PrivateAggregationApiFilteringIds

Requires code in //chrome?

False

Tracking bug

https://crbug.com/330744610

Launch bug

https://launch.corp.google.com/launch/4302413

Estimated milestones

Shipping on desktop128
Shipping on Android128


Anticipated spec changes

None


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4793172803977216?gate=5039125582577664

This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages