Intent to Extend Origin Trial: Trust Token API

88 views
Skip to first unread message

Steven Valdez

unread,
Oct 21, 2020, 11:58:53 AM10/21/20
to blink-dev

Contact emails

sva...@chromium.org, privacy...@chromium.org 


Spec

https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit

https://github.com/WICG/trust-token-api

Summary

This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.

An Origin Trial for Trust Token started in M84 and is scheduled to end in M87. Due to complexities in the initial deployment and changes to the API, we are looking to extend the origin trial to get additional feedback and data. We would like to extend the Origin Trial to M91.


Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/d/msg/blink-dev/X9sF2uLe9rA/1aUxs8mnDgAJ


Goals for experimentation

For the continuation of the origin trial, we still hope to see that token-derived signals can be used for fraud detection without 3P-cookie based schemes. Additionally, we plan on releasing more thorough documentation and a higher-level interface to some of the cryptographic logic; extending the origin trial will give other parties time to participate in this more user-friendly environment.

Experimental timeline

We'd like to extend the Origin Trial to run to M91.


Any risks when the experiment finishes?

As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes.



Reason this experiment is being extended

https://groups.google.com/a/chromium.org/d/msg/blink-dev/UIvia1WwIhk/DuXLKdF7AgAJ


To gather additional feedback and data on the API and new API changes and try to get more participation before moving to shipping the feature.


Ongoing technical constraints

None.


Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

Yes.


Link to entry on the feature dashboard

https://chromestatus.com/feature/5078049450098688


yo...@yoav.ws

unread,
Oct 22, 2020, 11:41:25 AM10/22/20
to blink-dev, Steven Valdez
On Wednesday, October 21, 2020 at 5:58:53 PM UTC+2 Steven Valdez wrote:

Contact emails

sva...@chromium.org, privacy...@chromium.org 


Spec

https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit

https://github.com/WICG/trust-token-api

Summary

This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.

An Origin Trial for Trust Token started in M84 and is scheduled to end in M87. Due to complexities in the initial deployment and changes to the API, we are looking to extend the origin trial to get additional feedback and data. We would like to extend the Origin Trial to M91.


That would be a long running trial. Would it make sense to create a gap in the API support now, to avoid burn-in concerns later on?

Steven Valdez

unread,
Oct 22, 2020, 1:44:39 PM10/22/20
to yo...@yoav.ws, blink-dev
Some of the API changes we're making (landing hopefully in M88) is switching the major Trust Token protocol version in Chrome from V1 to V2 (which includes some crypto protocol changes and changes to the APIs (names/parameters/headers). That might be sufficient to avoid the burn-in concern since from M88 onward, anyone who is using Trust Token V1 would not work with clients using the V2 of the protocol/APIs.


yo...@yoav.ws

unread,
Oct 22, 2020, 3:30:12 PM10/22/20
to blink-dev, Steven Valdez, blink-dev, yo...@yoav.ws
Thanks! A breaking change from V1 seems like a good mitigation for the burn-in risk.

LGTM to experiment till M91

Reply all
Reply to author
Forward
0 new messages