Intent to Extend Origin Trial: Trust Token API

231 views
Skip to first unread message

Steven Valdez

unread,
Sep 22, 2021, 4:26:13 PM9/22/21
to blink-dev

Contact emails

sva...@chromium.org, privacy...@chromium.org 


Spec

https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit

https://github.com/WICG/trust-token-api

Summary

This is a new API for propagating a notion of user authenticity across sites, without using cross-site persistent identifiers like third party cookies. Trust Token is built on Privacy Pass for anonymous tokens that can't be tracked between issuance and redemption.

An Origin Trial for Trust Token started in M84 and is scheduled to end in M94. Due to the shift in the API from a primarily first-party issuance model to a third-party issuance model, we've gotten feedback from partners that spinning up the complex infrastructure and models for third-party issuance is taking longer than anticipated, in order to give issuers more time to experiment with this model, we'd like to extend the Origin Trial to M101 (April 2022).


Link to “Intent to Prototype” blink-dev discussion

https://groups.google.com/a/chromium.org/g/blink-dev/c/X9sF2uLe9rA/


Previous Intent to Extend:

https://groups.google.com/a/chromium.org/g/blink-dev/c/-W90wVkS0Ks/m/HyICZtuuBAAJ


Goals for experimentation

For the continuation of the origin trial, we hope to continue to get more experimental data on the value of these token-derived signals from issuance schemes that take place in the third-party context, rather than where a strong first-party signal is available. Additionally, we are continuing to iterate on the API shape and modes to bring it more in line with the underlying Privacy Pass work being standardized in the IETF

Experimental timeline

We'd like to extend the Origin Trial again to run to the end of M101 (April 2022).


Any risks when the experiment finishes?

As this feature is only available via Origin Trials and doesn't affect any existing state, we don't believe there will be any risks once the experiment concludes. As we don't maintain backwards compatibility between different versions of Trust Token (https://github.com/WICG/trust-token-api/blob/main/ISSUER_PROTOCOL.md#version-history), as we update it based on ecosystem feedback, we don't expect there to be ecosystem burn-in as the issuers and redeemers are still required to update their implementations to continue functioning in the latest version of Chrome (and the server-side components of the API provided by the component updater maintains minimal compatibility so that older versions of the API will cease to function within a version release or so). As an extra measure of safety, we can also disable the API for a couple weeks to ensure that the ecosystem is not burning in the availability of the API.


Reason this experiment is being extended

https://groups.google.com/a/chromium.org/forum/?oldui=1#!msg/blink-dev/UIvia1WwIhk/DuXLKdF7AgAJ


Due to the complexities of issuance strategies involving purely third-party based issuance, we've seen that issuers are needing a longer time to spin up their infrastructure and experiment logic in order to verify the usefulness of the API. Due to the scope and shape of this API, we'd like to get data from issuers who are using this API before trying to launch it, to help understand the efficacy of the API and the parameters that the shipped version of the API should be using/allowing.


Ongoing technical constraints

None.


Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?

Yes.


Link to entry on the feature dashboard

https://chromestatus.com/feature/5078049450098688


Yoav Weiss

unread,
Sep 23, 2021, 8:14:36 AM9/23/21
to Steven Valdez, blink-dev
As this is an atypical OT, this requires 3 LGTMs.

LGTM1 to extend to M101, conditional on a 2 weeks gap to demonstrate that there's no premature reliance on the API.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANduzxCRQpheUxNs-o4YR_Z-9OoqjUhxMHWd3Lh01%2BTPyoZTgA%40mail.gmail.com.

Daniel Bratell

unread,
Sep 23, 2021, 1:51:29 PM9/23/21
to Yoav Weiss, Steven Valdez, blink-dev

Rick Byers

unread,
Sep 28, 2021, 11:47:56 AM9/28/21
to Daniel Bratell, Yoav Weiss, Steven Valdez, blink-dev

Steven Valdez

unread,
Nov 3, 2021, 12:14:07 PM11/3/21
to Tiago Vargas, blink-dev, rby...@chromium.org, yoav...@chromium.org, Steven Valdez, Daniel Bratell
It can take between 2 to 8 hours for browsers to pick up the new key commitments.

The recommended solution for rotating keys is to serve a key commitment with overlapping keysets.

Chrome will use the oldest 3 (or 3 when using the VOPRF non-private metadata mode) non-expired keys. So if you have a key commitment with your previous keys that expire at 10 PM on Friday and also the new keys that expire next week, clients will keep using the first key set until 10 PM on Friday before dropping those keys and switching over to the new keyset atomically.




On Wed, Nov 3, 2021 at 8:40 AM Tiago Vargas <tcomin...@gmail.com> wrote:
Hi Guys,

We are experimenting with Trust Token and we would like to continue to do so for a little longer.

Currently we do have performance problems whenever we change key commitments. As it takes a while to change key commitments on browsers, we get a lot of old token refresh and issuance error. Until it propagates, our server literally explode.

Do you know if there is a way to know when Key Commitments are updated on the browser?

Regards,

Tiago 


--

Steven Valdez | Chrome Privacy Sandbox | sva...@google.com | 210-692-4742

Tiago Vargas

unread,
Nov 3, 2021, 2:22:38 PM11/3/21
to blink-dev, rby...@chromium.org, yoav...@chromium.org, Steven Valdez, blink-dev, Daniel Bratell
Hi Guys,

We are experimenting with Trust Token and we would like to continue to do so for a little longer.

Currently we do have performance problems whenever we change key commitments. As it takes a while to change key commitments on browsers, we get a lot of old token refresh and issuance error. Until it propagates, our server literally explode.

Do you know if there is a way to know when Key Commitments are updated on the browser?

Regards,

Tiago 
Em terça-feira, 28 de setembro de 2021 às 12:47:56 UTC-3, rby...@chromium.org escreveu:
Reply all
Reply to author
Forward
0 new messages