Intent to Extend Origin Trial: Trust Token API
Steven Valdez
Contact emails
sva...@chromium.org, privacy...@chromium.org
Spec
https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit
https://github.com/WICG/trust-token-api
Summary
This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.
An Origin Trial for Trust Token started in M84 and is scheduled to end in M94. Due to the shift in the API from a primarily first-party issuance model to a third-party issuance model, we've gotten feedback from partners that spinning up the complex infrastructure and models for third-party issuance is taking longer than anticipated, in order to give issuers more time to experiment with this model, we'd like to extend the Origin Trial to M101 (April 2022).
Link to “Intent to Prototype” blink-dev discussion
https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/
Previous Intent to Extend:
https://groups.google.com/a/chromium.org/g/blink-dev/c/-W90wVkS0Ks/m/HyICZtuuBAAJ
Goals for experimentation
For the continuation of the origin trial, we hope to continue to get more experimental data on the value of these token-derived signals from issuance schemes that take place in the third-party context, rather than where a strong first-party signal is available. Additionally, we are continuing to iterate on the API shape and modes to bring it more in line with the underlying Privacy Pass work being standardized in the IETF.
Experimental timeline
We'd like to extend the Origin Trial again to run to the end of M101 (April 2022).
Any risks when the experiment finishes?
As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes. As we don't maintain backwards compatibility between different versions of Trust Token (https://github.com/WICG/trust-token-api/blob/main/ISSUER_PROTOCOL.md#version-history), as we update it based on ecosystem feedback, we don't expect there to be ecosystem burn-in as the issuers and redeemers are still required to update their implementations to continue functioning in the latest version of Chrome (and the server-side components of the API provided by the component updater maintains minimal compatibility so that older versions of the API will cease to function within a version release or so). As an extra measure of safety, we can also disable the API for a couple weeks to ensure that the ecosystem is not burning in the availability of the API.
Reason this experiment is being extended
https://groups.google.com/a/chromium.org/forum/?oldui=1#!msg/blink-dev/UIvia1WwIhk/DuXLKdF7AgAJ
Due to the complexities of issuance strategies involving purely third-party based issuance, we've seen that issuers are needing a longer time to spin up their infrastructure and experiment logic in order to verify the usefulness of the API. Due to the scope and shape of this API, we'd like to get data from issuers who are using this API before trying to launch it, to help understand the efficacy of the API and the parameters that the shipped version of the API should be using/allowing.
Ongoing technical constraints
None.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
Yoav Weiss
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANduzxCRQpheUxNs-o4YR_Z-9OoqjUhxMHWd3Lh01%2BTPyoZTgA%40mail.gmail.com.
Daniel Bratell
With a gap, LGTM2
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfUOO7cudQM4BiLOdGJb8FfQijkXQR2ue6Kd7GynSxDuhw%40mail.gmail.com.
Rick Byers
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/35eac581-24a6-26c6-ea03-560fbe3408e2%40gmail.com.
Steven Valdez
The recommended solution for rotating keys is to serve a key commitment with overlapping keysets.
Chrome will use the oldest 3 (or 3 when using the VOPRF non-private metadata mode) non-expired keys. So if you have a key commitment with your previous keys that expire at 10 PM on Friday and also the new keys that expire next week, clients will keep using the first key set until 10 PM on Friday before dropping those keys and switching over to the new keyset atomically.
Hi Guys,We are experimenting with Trust Token and we would like to continue to do so for a little longer.Currently we do have performance problems whenever we change key commitments. As it takes a while to change key commitments on browsers, we get a lot of old token refresh and issuance error. Until it propagates, our server literally explode.Do you know if there is a way to know when Key Commitments are updated on the browser?Regards,Tiago
| Steven Valdez | | Chrome Privacy Sandbox | | sva...@google.com | | 210-692-4742 |
