On Wed, Jan 15, 2025 at 10:29 AM Paul Jensen <pauljen...@chromium.org> wrote:
> The main relevant section of the Protected Audience explainer is 3.1.2 > Trusted Signals Server in TEE > <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#312-trusted-signals-server-in-tee> > The JavaScript API changes are minimal, just the extra > trustedBiddingSignalsCoordinator and trustedScoringSignalsCoordinator > fields. The bulk of the browser changes are explained in the explainer > for the new protocol used to communicate with the Trusted Key-Value Server > <https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md> > . > > Similarly, the main relevant sections of the web spec are the sections > that assemble the trusted bidding > <https://wicg.github.io/turtledove/#build-trusted-key-value-bidding-signals-request-body> > and trusted scoring > <https://wicg.github.io/turtledove/#build-trusted-key-value-scoring-signals-request-body> > sections, while the bulk of the new spec is the new IETF spec for the new > protocol used to communicate with the Trusted Key-Value Server > <https://privacysandbox.github.io/draft-ietf-protected-audience-key-value-service/draft-ietf-protected-audience-key-value-services.html> > . > Thanks for these links. Regarding IETF, what status does that IETF spec have in terms of standards consensus or review at that body? > > On Wed, Jan 15, 2025 at 10:02 AM Yoav Weiss (@Shopify) < > yoavwe...@chromium.org> wrote: > >> >> >> On Wednesday, January 8, 2025 at 5:59:00 PM UTC+1 Paul Jensen wrote: >> >> Contact emails >> >> pauljen...@chromium.org >> >> Explainer >> >> https://github.com/WICG/turtledove/pull/1342 >> >> https://github.com/WICG/turtledove/pull/1343 >> >> >> Can you please point at relevant sections in the explainer, rather than >> PR diffs? >> >> >> >> Specification >> >> The web platform portion of the specification: https://github.com/WICG/ >> turtledove/pull/1340 >> >> >> Here as well, pointing to relevant sections of the spec would be helpful. >> >> >> The interface to the Trusted Key-Value Server endpoint: >> https://privacysandbox.github.io/draft-ietf-protected- >> audience-key-value-service/draft-ietf-protected-audience- >> key-value-services.html >> >> Summary >> >> During Protected Audience (PA) API ad selection auctions, buyers and >> sellers are able to fetch real-time signals from servers. As a temporary >> mechanism, the buyer and seller can fetch these signals from any server, >> including one they operate themselves (a "Bring Your Own Server" model); >> this change does not remove this support. To improve user privacy and >> enable new functionality, in the future versions of PA, the request will >> only be sent to a trusted key-value-type server. The server is verified by >> external parties to ensure it’s running an approved binary built from the >> open source key-value server code and is running in a trusted execution >> environment (TEE), and only then is allowed access to decryption keys. >> This proposal adds support to Chrome to communicate with these trusted >> key-value servers using an encrypted protocol ensuring that only the >> appropriately trusted servers can decrypt and respond, thus ensuring the >> protocol and server maintain desired privacy characteristics. >> >> Blink component >> >> Blink>InterestGroups >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >> >> TAG review >> >> For Protected Audience: https://github.com/w3ctag/ >> design-reviews/issues/723 >> >> TAG review status >> >> Completed for PA, resolved unsatisfied. >> >> Risks >> >> >> Interoperability and Compatibility >> >> Optional new functionality that does not break existing use. >> >> >> Gecko & WebKit: For PA in general - Negative from Mozilla >> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>. >> No signal from Webkit >> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >> . >> >> >> Edge: Edge is running an Origin Trial of the Ad Selection API >> <https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> >> which shares a Web API and services protocol with PA. >> >> >> Web developers: At least four companies have expressed interest in another >> feature <https://github.com/WICG/turtledove/issues/1105> (also here >> <https://github.com/privacysandbox/protected-auction-key-value-service/issues/72#issuecomment-2485843775>) >> that is blocked >> <https://github.com/WICG/turtledove/issues/1105#issuecomment-2043779939> >> on Trusted Key-Value Server Support in the browser. >> >> Debuggability >> >> HTTPS requests to Trusted Key-Value Servers are visible in the Chrome >> DevTools Network pane. Response values are visible by setting breakpoints >> in PA bidding scripts. >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)? >> >> It will be supported on all platforms that support PA, so all but WebView. >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> We have started WPTs >> <https://chromium-review.googlesource.com/c/chromium/src/+/6050105> and >> plan to finish them soon. >> >> >> Flag name on chrome://flags >> >> None >> >> >> Finch feature name >> >> ProtectedAudienceTrustedKVSupport >> >> Requires code in //chrome? >> >> False >> >> Estimated milestones >> >> Shipping on desktop and Android in M132. >> >> Anticipated spec changes >> >> None >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5072384013631488?gate=5125481377300480 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrk0XPEYYdiRKLgN88cQ67TnzeJW7a5WVNdZCcnRp28u5A%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrk0XPEYYdiRKLgN88cQ67TnzeJW7a5WVNdZCcnRp28u5A%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8cBUChD6aFzr--7%2BnTzi7eDYNN2z5-M78gGJCbzdda%3Dg%40mail.gmail.com.
