On Wed, Jun 28, 2023 at 11:53 AM Rick Byers <rby...@chromium.org> wrote:
> On Mon, Jun 26, 2023 at 12:32 PM Yoav Weiss <yoavwe...@chromium.org> > wrote: > >> I wanted to comment on this intent with my spec mentor hat on. I reviewed >> this specification and provided feedback to its authors. >> >> My main point of feedback was around its layering and how it relates to >> the other 2 specifications (Shared Storage and Protected Audience) that use >> the infrastructure that it defines. My feedback was properly addressed, and >> the specification was re-written such that it's unaware of its users, and >> its users are calling its algorithms, rather than the other way around. >> There's still work to be done to move the user algorithms from >> monkeypatch sections in this spec to their respective specifications, but I >> wouldn't consider that a blocker and I trust the team to do that soon. >> Beyond that, feedback around naming >> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >> was addressed and I believe that ergonomics feedback >> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/70> >> can be addressed in a backwards compatible manner. >> >> As is, I believe the specification is in good shape to be implemented >> interoperably. I also believe the team is committed to improve it further >> on the (non-blocking) points that are still outstanding. >> > > Thanks Yoav for the spec mentorship summary. > > On Wed, Jun 21, 2023 at 5:33 PM Alex Turner <ale...@chromium.org> wrote: >> >>> >>> >>> On Tue, Jun 20, 2023 at 5:39 PM Rick Byers <rby...@chromium.org> wrote: >>> >>>> >>>> On Tue, Jun 20, 2023 at 4:51 PM Alex Turner <ale...@chromium.org> >>>> wrote: >>>> >>>>> Contact emailsale...@chromium.org >>>>> >>>>> Explainer >>>>> https://github.com/patcg-individual-drafts/private-aggregation-api >>>>> >>>>> Specification >>>>> https://patcg-individual-drafts.github.io/private-aggregation-api >>>>> >>>>> Summary >>>>> >>>>> A generic mechanism for measuring aggregate, cross-site data in a >>>>> privacy preserving manner. The potentially identifying cross-site data is >>>>> encapsulated into "aggregatable reports". To prevent leakage, this data is >>>>> encrypted, ensuring it can only be processed by the aggregation service. >>>>> During processing, this service will add noise and impose limits on how >>>>> many queries can be performed. >>>>> >>>>> Blink componentBlink>PrivateAggregation >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> >>>>> >>>>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/846 >>>>> >>>>> TAG review statusPending >>>>> >>>>> Risks >>>>> >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> >>>>> >>>>> *Gecko*: No signal specific to Private Aggregation ( >>>>> https://github.com/mozilla/standards-positions/issues/805). However >>>>> the Gecko position on Shared Storage (one of the ways Private Aggregation >>>>> is exposed) is negative. >>>>> >>>>> *WebKit*: No signal ( >>>>> https://github.com/WebKit/standards-positions/issues/189) >>>>> >>>>> *Web developers*: Developers have shown interest in the API both for >>>>> cross-site use cases through Shared Storage and for Protected Audience >>>>> aggregate reporting and have engaged on GitHub[1]. For Shared Storage, >>>>> multiple testers have publicly flagged their interest via the public >>>>> Shared >>>>> Storage Testers List [2]. >>>>> >>>>> [1] >>>>> https://github.com/patcg-individual-drafts/private-aggregation-api/issues >>>>> [2] >>>>> https://github.com/WICG/shared-storage/blob/main/shared-storage-tester-list.md >>>>> >>>>> *Other signals*: >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> No >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> The proposal includes a temporary debugging mechanism to facilitate >>>>> testing and integration. An internals page >>>>> (chrome://private-aggregation-internals) is also available to view the >>>>> status of pending and sent reports. >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>> >>>>> All but WebView >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> Reports sent through the API are subject to large delays and require >>>>> overriding a public key endpoint. Some end-to-end tests >>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/private-aggregation/shared-storage-sends-report.https.html> >>>>> are currently internal web tests. Where possible, tests are external >>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/private-aggregation/> >>>>> and we are proposing new WebDriver APIs >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> >>>>> to support testing via web-platform-tests. Tests for the integration with >>>>> Protected Audience are in-progress <http://crbug.com/1456401> and >>>>> should land soon. >>>>> >>>> >>>> Thanks for working to enable more automation here, and putting what you >>>> can in WPT today. I think it's reasonable to pursue this in parallel. Are >>>> you looking for approval for the WebDriver API addition now too (still a >>>> PR), or happy to send a separate I2S for that when you're ready to ship it? >>>> +math...@chromium.org <math...@chromium.org> and team can advise on >>>> extending webdriver. >>>> >>> >>> Yeah, I think it makes sense to consolidate these together unless there >>> are concerns with that approach. Thanks! >>> >> > Ok. Just discussed in the API owners meeting. Can you please get someone > with webdriver spec experience (eg. @math...@chromium.org > <math...@chromium.org>) to review the PR? If the PR lands with such a > review, then we can include it here. But if that ends up taking too long, > then we suggest splitting it out for a follow-up - it doesn't need to block > this feature overall. > Sounds good to me! I'll start that process now. > Flag nameprivacy-sandbox-ads-apis >>>>> >>>>> Requires code in //chrome?False >>>>> >>>>> Tracking bughttps://crbug.com/1316659 >>>>> >>>>> Launch bughttps://crbug.com/1292756 >>>>> >>>>> Estimated milestonesWe intend to start an incremental ramp towards >>>>> 100% in Stable starting with M115. >>>>> >>>>> Anticipated spec changes >>>>> >>>>> A few changes to current behavior are expected including tying debug >>>>> mode to third-party cookie eligibility (issue >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/57>) >>>>> and padding the encrypted payload (issue >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/56>). >>>>> Extensions to the API to support multiple aggregation services, enable >>>>> Protected Audience report verification >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md>, >>>>> and allow arrays of contributions (issue >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44>) >>>>> are also expected and are purely additive. The JS interface for all of >>>>> these changes will be backwards compatible with the current API. >>>>> >>>> >>>> Thanks. Skimming the open issues I see at least one >>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >>>> which >>>> sounds like it would be a non-trivial breaking change. Are there others? Do >>>> you want to drive such issues to resolution (one way or the other) prior to >>>> shipping or make the case for why a breaking change will be doable (eg. a >>>> practical v2 migration strategy)? >>>> >>> > Can you do a quick pass over open issues looking for any others with > future compat risk (i.e. potential future breaking changes) and label them > as such? > Just did a pass and added labels. I've also added a brief comment to each issue marked "compat" with some detail on the risk/possible mitigations. Thanks! > Link to entry on the Chrome Platform Status >>>>> https://chromestatus.com/feature/5743412790689792 >>>>> >>>>> Links to previous Intent discussionsIntent to prototype: >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com >>>>> Intent >>>>> to Experiment: >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com >>>>> >>>>> >>>>> This intent message was generated by Chrome Platform Status >>>>> <https://chromestatus.com/>. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFn3ctDjASZteECdF2ckn8HOPGXsn4x43w2cG7beu9Hgaw%40mail.gmail.com.
