RFC: Trusted Data Providers

325 views
Skip to first unread message

boke...@gmail.com

unread,
Feb 23, 2017, 1:53:34 PM2/23/17
to openrtb-dev
All,

I have been thinking a lot about data leakage (http://bokonads.com/data-is-fallout-not-oil/) and would like to propose a new standard for specifying how data can be used beyond the bid request.

Here's my proposal.

Summarizing the OpenRTB part here... would love feedback!

Thanks,
b

To create a TDP manifest - effectively the whitelist for trusted data partners - the publisher will create a JSON file that lists trusted data partners:
{"trusted_data_partners": [
     {"domain": "adnxs.com", "name": "AppNexus", "comments": "programmatic partner"},
     {"domain": "doubleclick.net", "comments": "trusted ad server"},
     ...
]}

A data partner can be any third party that the publisher works with directly or indirectly. For companies that use multiple domains to deliver content, each domain should be listed in a separate line in the manifest:

     {"domain": "atdmt.com", "name": "Atlas ad serving"},
     {"domain": "atlasbx.com", "name": "Atlas analytics"}

The manifest should be published on a public URL (by default, I propose /tdp.json) so that partners can retrieve it and so that it is easily available to the general public.

The TDP manifest should be sent on every programmatic ad request through a simple extension to the OpenRTB protocol, adding a tdp element to BidRequest with the public TDP manifest URL as the value. (Could also send the full list of domains on every request, but that seems heavyweight as a protocol).

jenn...@iab.com

unread,
Feb 28, 2017, 7:58:06 PM2/28/17
to openrtb-dev
Brian- Great blog post. Glad you're thinking abut this.

TAG-ID should be able to account for authorized resellers, achieving the goal you've outlined in your proposal here. Proposed at TAG: TAG-ID has a lookup for an entities' TAG-ID, and also included in the lookup are the authorized resellers allowed by that entity.

Your concern is more specific to authorized data partners, I imagine that TAG-ID and authorized/trusted partner lookup could be extended to this use case as well.

TAG-ID would then be passed through OpenRTB. We could decide that lookups happen post-transaction for forensics and quality sampling tests OR we could decide to pass the whole list of trusted partners in the request (as you detailed above).

Would love to think through this more with you & group. 


Thanks-
Jennifer Derke

jenn...@iab.com

unread,
Mar 9, 2017, 6:21:53 PM3/9/17
to openrtb-dev
On further consideration, I like the way you've proposed it. Simple and persists without additional identifier systems. 

Would like to hear more folks thought's for bandwidth considerations? Also - would others be interested in adopting this feature? Will give some addtional time for feedback here.


Thanks,
Jennifer

Daniela

unread,
Jul 12, 2017, 12:59:27 PM7/12/17
to openrtb-dev
Hi there,

Assumptions here are:
1. publisher knows all the third parties a bidder/buyer is working with and what exactly they are doing with their data, in order to flag them as trusted (and I presume, have a legal agreement with them?).
2. publisher can keep updated the TDP list when bidders/buyers start working with new partners.

Also, as I see this part of GDPR related actions in the 3.0 draft, from this proposal it seems that the publisher could become liable for actions taken from third parties he doesn't have any direct business relationship with.

How realistic is this? Am I misunderstanding the proposal?

Kindest,
Daniela

Brian O'Kelley

unread,
Jul 12, 2017, 3:48:39 PM7/12/17
to openr...@googlegroups.com
Daniela,

I think that is the point: publishers need to take accountability for everyone they work with directly or indirectly. If a buyer wants to send data to a fourth party, they need the publisher's permission and knowledge. In a sense this parallels ads.txt, where the publisher actually gets control of their intermediaries. Yes, it will be something of a pain (in both cases) for the publisher, but I think it's healthy. If data is the lifeblood of the internet, then it's reasonable to ask for everyone who touches it to be accountable for their actions.

--
You received this message because you are subscribed to the Google Groups "openrtb-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrtb-dev+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages