On Fri, Jul 7, 2023 at 3:48 PM Alex Turner <ale...@chromium.org> wrote:
> > > On Thu, Jul 6, 2023 at 8:42 PM Rick Byers <rby...@chromium.org> wrote: > >> On Wed, Jun 28, 2023 at 12:34 PM Alex Turner <ale...@chromium.org> wrote: >> >>> >>> On Wed, Jun 28, 2023 at 11:53 AM Rick Byers <rby...@chromium.org> wrote: >>> >>>> On Mon, Jun 26, 2023 at 12:32 PM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> I wanted to comment on this intent with my spec mentor hat on. I >>>>> reviewed this specification and provided feedback to its authors. >>>>> >>>>> My main point of feedback was around its layering and how it relates >>>>> to the other 2 specifications (Shared Storage and Protected Audience) that >>>>> use the infrastructure that it defines. My feedback was properly >>>>> addressed, >>>>> and the specification was re-written such that it's unaware of its users, >>>>> and its users are calling its algorithms, rather than the other way >>>>> around. >>>>> There's still work to be done to move the user algorithms from >>>>> monkeypatch sections in this spec to their respective specifications, but >>>>> I >>>>> wouldn't consider that a blocker and I trust the team to do that soon. >>>>> Beyond that, feedback around naming >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >>>>> was addressed and I believe that ergonomics feedback >>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/70> >>>>> can be addressed in a backwards compatible manner. >>>>> >>>>> As is, I believe the specification is in good shape to be implemented >>>>> interoperably. I also believe the team is committed to improve it further >>>>> on the (non-blocking) points that are still outstanding. >>>>> >>>> >>>> Thanks Yoav for the spec mentorship summary. >>>> >>>> On Wed, Jun 21, 2023 at 5:33 PM Alex Turner <ale...@chromium.org> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Tue, Jun 20, 2023 at 5:39 PM Rick Byers <rby...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> On Tue, Jun 20, 2023 at 4:51 PM Alex Turner <ale...@chromium.org> >>>>>>> wrote: >>>>>>> >>>>>>>> Contact emailsale...@chromium.org >>>>>>>> >>>>>>>> Explainer >>>>>>>> https://github.com/patcg-individual-drafts/private-aggregation-api >>>>>>>> >>>>>>>> Specification >>>>>>>> https://patcg-individual-drafts.github.io/private-aggregation-api >>>>>>>> >>>>>>>> Summary >>>>>>>> >>>>>>>> A generic mechanism for measuring aggregate, cross-site data in a >>>>>>>> privacy preserving manner. The potentially identifying cross-site data >>>>>>>> is >>>>>>>> encapsulated into "aggregatable reports". To prevent leakage, this >>>>>>>> data is >>>>>>>> encrypted, ensuring it can only be processed by the aggregation >>>>>>>> service. >>>>>>>> During processing, this service will add noise and impose limits on how >>>>>>>> many queries can be performed. >>>>>>>> >>>>>>>> Blink componentBlink>PrivateAggregation >>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> >>>>>>>> >>>>>>>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/846 >>>>>>>> >>>>>>>> TAG review statusPending >>>>>>>> >>>>>>>> Risks >>>>>>>> >>>>>>>> >>>>>>>> Interoperability and Compatibility >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *Gecko*: No signal specific to Private Aggregation ( >>>>>>>> https://github.com/mozilla/standards-positions/issues/805). >>>>>>>> However the Gecko position on Shared Storage (one of the ways Private >>>>>>>> Aggregation is exposed) is negative. >>>>>>>> >>>>>>>> *WebKit*: No signal ( >>>>>>>> https://github.com/WebKit/standards-positions/issues/189) >>>>>>>> >>>>>>>> *Web developers*: Developers have shown interest in the API both >>>>>>>> for cross-site use cases through Shared Storage and for Protected >>>>>>>> Audience >>>>>>>> aggregate reporting and have engaged on GitHub[1]. For Shared Storage, >>>>>>>> multiple testers have publicly flagged their interest via the public >>>>>>>> Shared >>>>>>>> Storage Testers List [2]. >>>>>>>> >>>>>>>> [1] >>>>>>>> https://github.com/patcg-individual-drafts/private-aggregation-api/issues >>>>>>>> [2] >>>>>>>> https://github.com/WICG/shared-storage/blob/main/shared-storage-tester-list.md >>>>>>>> >>>>>>>> *Other signals*: >>>>>>>> >>>>>>>> WebView application risks >>>>>>>> >>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>> applications? >>>>>>>> >>>>>>>> No >>>>>>>> >>>>>>>> >>>>>>>> Debuggability >>>>>>>> >>>>>>>> The proposal includes a temporary debugging mechanism to facilitate >>>>>>>> testing and integration. An internals page >>>>>>>> (chrome://private-aggregation-internals) is also available to view the >>>>>>>> status of pending and sent reports. >>>>>>>> >>>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>> >>>>>>>> All but WebView >>>>>>>> >>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>> ? >>>>>>>> >>>>>>>> Reports sent through the API are subject to large delays and >>>>>>>> require overriding a public key endpoint. Some end-to-end tests >>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/private-aggregation/shared-storage-sends-report.https.html> >>>>>>>> are currently internal web tests. Where possible, tests are >>>>>>>> external >>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/private-aggregation/> >>>>>>>> and we are proposing new WebDriver APIs >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> >>>>>>>> to support testing via web-platform-tests. Tests for the integration >>>>>>>> with >>>>>>>> Protected Audience are in-progress <http://crbug.com/1456401> and >>>>>>>> should land soon. >>>>>>>> >>>>>>> >>>>>>> Thanks for working to enable more automation here, and putting what >>>>>>> you can in WPT today. I think it's reasonable to pursue this in >>>>>>> parallel. >>>>>>> Are you looking for approval for the WebDriver API addition now too >>>>>>> (still >>>>>>> a PR), or happy to send a separate I2S for that when you're ready to >>>>>>> ship >>>>>>> it? +math...@chromium.org <math...@chromium.org> and team can >>>>>>> advise on extending webdriver. >>>>>>> >>>>>> >>>>>> Yeah, I think it makes sense to consolidate these together unless >>>>>> there are concerns with that approach. Thanks! >>>>>> >>>>> >>>> Ok. Just discussed in the API owners meeting. Can you please get >>>> someone with webdriver spec experience (eg. @math...@chromium.org >>>> <math...@chromium.org>) to review the PR? If the PR lands with such a >>>> review, then we can include it here. But if that ends up taking too long, >>>> then we suggest splitting it out for a follow-up - it doesn't need to block >>>> this feature overall. >>>> >>> >>> Sounds good to me! I'll start that process now. >>> >> >> FWIW Mathias was on vacation this week but is back next week (but I'm >> out). Hopefully you two can connect and agree on the path here. Having >> automation support for testing usage of this feature makes sense to me >> generally, so hopefully the question is just around the details of the >> mechanics. >> > > I'll follow up with him on Monday, but I don't expect any major changes. > Note also that we've aligned the Private Aggregation spec change > <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> > with > Attribution Reporting's section > <https://wicg.github.io/attribution-reporting-api/#automation>. > > >> Flag nameprivacy-sandbox-ads-apis >>>>>>>> >>>>>>>> Requires code in //chrome?False >>>>>>>> >>>>>>>> Tracking bughttps://crbug.com/1316659 >>>>>>>> >>>>>>>> Launch bughttps://crbug.com/1292756 >>>>>>>> >>>>>>>> Estimated milestonesWe intend to start an incremental ramp towards >>>>>>>> 100% in Stable starting with M115. >>>>>>>> >>>>>>>> Anticipated spec changes >>>>>>>> >>>>>>>> A few changes to current behavior are expected including tying >>>>>>>> debug mode to third-party cookie eligibility (issue >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/57>) >>>>>>>> and padding the encrypted payload (issue >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/56>). >>>>>>>> Extensions to the API to support multiple aggregation services, enable >>>>>>>> Protected Audience report verification >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md>, >>>>>>>> and allow arrays of contributions (issue >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44>) >>>>>>>> are also expected and are purely additive. The JS interface for all of >>>>>>>> these changes will be backwards compatible with the current API. >>>>>>>> >>>>>>> >>>>>>> Thanks. Skimming the open issues I see at least one >>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >>>>>>> which >>>>>>> sounds like it would be a non-trivial breaking change. Are there >>>>>>> others? Do >>>>>>> you want to drive such issues to resolution (one way or the other) >>>>>>> prior to >>>>>>> shipping or make the case for why a breaking change will be doable (eg. >>>>>>> a >>>>>>> practical v2 migration strategy)? >>>>>>> >>>>>> >>>> Can you do a quick pass over open issues looking for any others with >>>> future compat risk (i.e. potential future breaking changes) and label them >>>> as such? >>>> >>> >>> Just did a pass and added labels. I've also added a brief comment to >>> each issue marked "compat" with some detail on the risk/possible >>> mitigations. Thanks! >>> >> >> I reviewed the current state of all these and it looks pretty low-risk to >> me. Alex / Yoav, any decisions there you think this I2S should still be >> blocked on? >> > > I agree -- I think all the remaining decisions there are low enough risk > to not be blocking. Yoav, does that seem right to you? > I agree that any potential future changes resulting from the open issues would be backwards compatible, so shouldn't block this intent. > > >> Link to entry on the Chrome Platform Status >>>>>>>> https://chromestatus.com/feature/5743412790689792 >>>>>>>> >>>>>>>> Links to previous Intent discussionsIntent to prototype: >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com >>>>>>>> Intent >>>>>>>> to Experiment: >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com >>>>>>>> >>>>>>>> >>>>>>>> This intent message was generated by Chrome Platform Status >>>>>>>> <https://chromestatus.com/>. >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "blink-dev" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com >>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVqdOGXVYytqbznUJgSK%2BaSbbV4wnxBa-2GaYcb62-qiA%40mail.gmail.com.
