Thank you for including a WebDriver extension <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> for this; I’ve left some review feedback on the PR. Overall, I wanted to voice my support for pursuing the Web Platform feature (and this Intent) separately from the WebDriver extension, as long as you’re confident in the testing strategy — no need to block on it.
On Friday, July 7, 2023 at 4:28:39 PM UTC+2 yoav...@chromium.org wrote: > On Fri, Jul 7, 2023 at 3:48 PM Alex Turner <ale...@chromium.org> wrote: > >> >> >> On Thu, Jul 6, 2023 at 8:42 PM Rick Byers <rby...@chromium.org> wrote: >> >>> On Wed, Jun 28, 2023 at 12:34 PM Alex Turner <ale...@chromium.org> >>> wrote: >>> >>>> >>>> On Wed, Jun 28, 2023 at 11:53 AM Rick Byers <rby...@chromium.org> >>>> wrote: >>>> >>>>> On Mon, Jun 26, 2023 at 12:32 PM Yoav Weiss <yoav...@chromium.org> >>>>> wrote: >>>>> >>>>>> I wanted to comment on this intent with my spec mentor hat on. I >>>>>> reviewed this specification and provided feedback to its authors. >>>>>> >>>>>> My main point of feedback was around its layering and how it relates >>>>>> to the other 2 specifications (Shared Storage and Protected Audience) >>>>>> that >>>>>> use the infrastructure that it defines. My feedback was properly >>>>>> addressed, >>>>>> and the specification was re-written such that it's unaware of its >>>>>> users, >>>>>> and its users are calling its algorithms, rather than the other way >>>>>> around. >>>>>> There's still work to be done to move the user algorithms from >>>>>> monkeypatch sections in this spec to their respective specifications, >>>>>> but I >>>>>> wouldn't consider that a blocker and I trust the team to do that soon. >>>>>> Beyond that, feedback around naming >>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >>>>>> >>>>>> was addressed and I believe that ergonomics feedback >>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/70> >>>>>> >>>>>> can be addressed in a backwards compatible manner. >>>>>> >>>>>> As is, I believe the specification is in good shape to be implemented >>>>>> interoperably. I also believe the team is committed to improve it >>>>>> further >>>>>> on the (non-blocking) points that are still outstanding. >>>>>> >>>>> >>>>> Thanks Yoav for the spec mentorship summary. >>>>> >>>>> On Wed, Jun 21, 2023 at 5:33 PM Alex Turner <ale...@chromium.org> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Jun 20, 2023 at 5:39 PM Rick Byers <rby...@chromium.org> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> On Tue, Jun 20, 2023 at 4:51 PM Alex Turner <ale...@chromium.org> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Contact emailsale...@chromium.org >>>>>>>>> >>>>>>>>> Explainer >>>>>>>>> https://github.com/patcg-individual-drafts/private-aggregation-api >>>>>>>>> >>>>>>>>> Specification >>>>>>>>> https://patcg-individual-drafts.github.io/private-aggregation-api >>>>>>>>> >>>>>>>>> Summary >>>>>>>>> >>>>>>>>> A generic mechanism for measuring aggregate, cross-site data in a >>>>>>>>> privacy preserving manner. The potentially identifying cross-site >>>>>>>>> data is >>>>>>>>> encapsulated into "aggregatable reports". To prevent leakage, this >>>>>>>>> data is >>>>>>>>> encrypted, ensuring it can only be processed by the aggregation >>>>>>>>> service. >>>>>>>>> During processing, this service will add noise and impose limits on >>>>>>>>> how >>>>>>>>> many queries can be performed. >>>>>>>>> >>>>>>>>> Blink componentBlink>PrivateAggregation >>>>>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> >>>>>>>>> >>>>>>>>> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/846 >>>>>>>>> >>>>>>>>> TAG review statusPending >>>>>>>>> >>>>>>>>> Risks >>>>>>>>> >>>>>>>>> >>>>>>>>> Interoperability and Compatibility >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Gecko*: No signal specific to Private Aggregation ( >>>>>>>>> https://github.com/mozilla/standards-positions/issues/805). >>>>>>>>> However the Gecko position on Shared Storage (one of the ways Private >>>>>>>>> Aggregation is exposed) is negative. >>>>>>>>> >>>>>>>>> *WebKit*: No signal ( >>>>>>>>> https://github.com/WebKit/standards-positions/issues/189) >>>>>>>>> >>>>>>>>> *Web developers*: Developers have shown interest in the API both >>>>>>>>> for cross-site use cases through Shared Storage and for Protected >>>>>>>>> Audience >>>>>>>>> aggregate reporting and have engaged on GitHub[1]. For Shared >>>>>>>>> Storage, >>>>>>>>> multiple testers have publicly flagged their interest via the public >>>>>>>>> Shared >>>>>>>>> Storage Testers List [2]. >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> https://github.com/patcg-individual-drafts/private-aggregation-api/issues >>>>>>>>> [2] >>>>>>>>> https://github.com/WICG/shared-storage/blob/main/shared-storage-tester-list.md >>>>>>>>> >>>>>>>>> *Other signals*: >>>>>>>>> >>>>>>>>> WebView application risks >>>>>>>>> >>>>>>>>> Does this intent deprecate or change behavior of existing APIs, >>>>>>>>> such that it has potentially high risk for Android WebView-based >>>>>>>>> applications? >>>>>>>>> >>>>>>>>> No >>>>>>>>> >>>>>>>>> >>>>>>>>> Debuggability >>>>>>>>> >>>>>>>>> The proposal includes a temporary debugging mechanism to >>>>>>>>> facilitate testing and integration. An internals page >>>>>>>>> (chrome://private-aggregation-internals) is also available to view >>>>>>>>> the >>>>>>>>> status of pending and sent reports. >>>>>>>>> >>>>>>>>> Will this feature be supported on all six Blink platforms >>>>>>>>> (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>>>>>> >>>>>>>>> All but WebView >>>>>>>>> >>>>>>>>> Is this feature fully tested by web-platform-tests >>>>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>>>> ? >>>>>>>>> >>>>>>>>> Reports sent through the API are subject to large delays and >>>>>>>>> require overriding a public key endpoint. Some end-to-end tests >>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/private-aggregation/shared-storage-sends-report.https.html> >>>>>>>>> >>>>>>>>> are currently internal web tests. Where possible, tests are >>>>>>>>> external >>>>>>>>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/private-aggregation/> >>>>>>>>> >>>>>>>>> and we are proposing new WebDriver APIs >>>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> >>>>>>>>> >>>>>>>>> to support testing via web-platform-tests. Tests for the integration >>>>>>>>> with >>>>>>>>> Protected Audience are in-progress <http://crbug.com/1456401> and >>>>>>>>> should land soon. >>>>>>>>> >>>>>>>> >>>>>>>> Thanks for working to enable more automation here, and putting what >>>>>>>> you can in WPT today. I think it's reasonable to pursue this in >>>>>>>> parallel. >>>>>>>> Are you looking for approval for the WebDriver API addition now too >>>>>>>> (still >>>>>>>> a PR), or happy to send a separate I2S for that when you're ready to >>>>>>>> ship >>>>>>>> it? +mat...@chromium.org and team can advise on extending >>>>>>>> webdriver. >>>>>>>> >>>>>>> >>>>>>> Yeah, I think it makes sense to consolidate these together unless >>>>>>> there are concerns with that approach. Thanks! >>>>>>> >>>>>> >>>>> Ok. Just discussed in the API owners meeting. Can you please get >>>>> someone with webdriver spec experience (eg. @mat...@chromium.org) to >>>>> review the PR? If the PR lands with such a review, then we can include it >>>>> here. But if that ends up taking too long, then we suggest splitting it >>>>> out >>>>> for a follow-up - it doesn't need to block this feature overall. >>>>> >>>> >>>> Sounds good to me! I'll start that process now. >>>> >>> >>> FWIW Mathias was on vacation this week but is back next week (but I'm >>> out). Hopefully you two can connect and agree on the path here. Having >>> automation support for testing usage of this feature makes sense to me >>> generally, so hopefully the question is just around the details of the >>> mechanics. >>> >> >> I'll follow up with him on Monday, but I don't expect any major changes. >> Note also that we've aligned the Private Aggregation spec change >> <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> >> with >> Attribution Reporting's section >> <https://wicg.github.io/attribution-reporting-api/#automation>. >> >> >>> Flag nameprivacy-sandbox-ads-apis >>>>>>>>> >>>>>>>>> Requires code in //chrome?False >>>>>>>>> >>>>>>>>> Tracking bughttps://crbug.com/1316659 >>>>>>>>> >>>>>>>>> Launch bughttps://crbug.com/1292756 >>>>>>>>> >>>>>>>>> Estimated milestonesWe intend to start an incremental ramp >>>>>>>>> towards 100% in Stable starting with M115. >>>>>>>>> >>>>>>>>> Anticipated spec changes >>>>>>>>> >>>>>>>>> A few changes to current behavior are expected including tying >>>>>>>>> debug mode to third-party cookie eligibility (issue >>>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/57>) >>>>>>>>> >>>>>>>>> and padding the encrypted payload (issue >>>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/56>). >>>>>>>>> >>>>>>>>> Extensions to the API to support multiple aggregation services, >>>>>>>>> enable >>>>>>>>> Protected Audience report verification >>>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md>, >>>>>>>>> >>>>>>>>> and allow arrays of contributions (issue >>>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44>) >>>>>>>>> >>>>>>>>> are also expected and are purely additive. The JS interface for all >>>>>>>>> of >>>>>>>>> these changes will be backwards compatible with the current API. >>>>>>>>> >>>>>>>> >>>>>>>> Thanks. Skimming the open issues I see at least one >>>>>>>> <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44> >>>>>>>> which >>>>>>>> sounds like it would be a non-trivial breaking change. Are there >>>>>>>> others? Do >>>>>>>> you want to drive such issues to resolution (one way or the other) >>>>>>>> prior to >>>>>>>> shipping or make the case for why a breaking change will be doable >>>>>>>> (eg. a >>>>>>>> practical v2 migration strategy)? >>>>>>>> >>>>>>> >>>>> Can you do a quick pass over open issues looking for any others with >>>>> future compat risk (i.e. potential future breaking changes) and label >>>>> them >>>>> as such? >>>>> >>>> >>>> Just did a pass and added labels. I've also added a brief comment to >>>> each issue marked "compat" with some detail on the risk/possible >>>> mitigations. Thanks! >>>> >>> >>> I reviewed the current state of all these and it looks pretty low-risk >>> to me. Alex / Yoav, any decisions there you think this I2S should still be >>> blocked on? >>> >> >> I agree -- I think all the remaining decisions there are low enough risk >> to not be blocking. Yoav, does that seem right to you? >> > > I agree that any potential future changes resulting from the open issues > would be backwards compatible, so shouldn't block this intent. > > >> >> >>> Link to entry on the Chrome Platform Status >>>>>>>>> https://chromestatus.com/feature/5743412790689792 >>>>>>>>> >>>>>>>>> Links to previous Intent discussionsIntent to prototype: >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com >>>>>>>>> Intent >>>>>>>>> to Experiment: >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com >>>>>>>>> >>>>>>>>> >>>>>>>>> This intent message was generated by Chrome Platform Status >>>>>>>>> <https://chromestatus.com/>. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "blink-dev" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com >>>>>>> >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DAHzyktAiGjp_gbpj6aEiHdukRr%3DUfS5JGqzv3q8T%2Bcw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ba4f8b80-1bfd-4519-b1e5-207d035a4f35n%40chromium.org.
