Thank you for the explainer pointer, this clarifies things for me. It doesn't seem like there is any additional privacy implication for the TEE case.
LGTM1 On Wed, Dec 4, 2024 at 12:05 PM Russ Hamilton <behamil...@google.com> wrote: > Thanks, I have requested the review bits on the status entry. > > There is a detailed explainer for the TEE system here: > https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_system_design.md > > As shown in the diagram, the TEE performs the fetch to the Key-Value > servers as part of running the auction. The TEE collects and forwards the > updateIfOlderThanMs portion of the response back to Chrome in its response. > As you guess there is no additional verification since this is a trusted > server and we trust that the server performed its own verification (such as > using TLS on the connection to the Key-Value server). > > Best, > --Benjamin "Russ" Hamilton > > On Tue, Dec 3, 2024 at 8:38 PM Vladimir Levin <vmp...@chromium.org> wrote: > >> >> >> On Tue, Nov 26, 2024 at 6:42 PM Mike Taylor <miketa...@chromium.org> >> wrote: >> >>> Could you please request the various review bits in your chromestatus >>> entry? >>> On 11/22/24 3:45 PM, 'Russ Hamilton' via blink-dev wrote: >>> >>> Contact emails >>> >>> pauljen...@chromium.org, behamil...@google.com >>> >>> Explainer >>> >>> For the Protected Audience feature that this extends to Bidding and >>> Auction Services: https://github.com/WICG/turtledove/pull/1095 >>> >>> Specification >>> >>> Web platform: https://github.com/WICG/turtledove/pull/1294. >>> >>> Services protocol: >>> https://github.com/privacysandbox/draft-ietf-bidding-and-auction-services/pull/12 >>> >>> Summary >>> >>> The Protected Audience API allows bidders to store information, called >>> an interest group, from a single site in the browser that can only be read >>> later in the context of an auction. Today, interest groups can be updated >>> by fetching new values from a server. We recently launched >>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/eXJLbFAuSU8> a >>> feature that enables bidders to indicate a subset of interest groups they’d >>> like to update in the real-time signals response from the bidders’ >>> key-value servers. This proposal extends that capability to include >>> auctions run on a Trusted Execution Environment (TEE) based server using >>> Bidding and Auction Services by passing the list of interest groups to be >>> updated from the bidders' key-value servers back to the browser in the >>> encrypted response from Bidding and Auction Services. >>> >>> My understanding is that this intent is to allow updateIfOlderThanMs to >> be used in TEE. However, because TEE architecture is itself complicated, is >> it possible to put together an explainer (with hopefully a couple of >> diagrams) of how this flow is going to happen? >> >> Specifically, it isn't clear to me when we would query bidders' key-value >> servers in order to update the interest group in the TEE context. Is this >> happening during an auction or some other time? Is the response from TEEs >> going to apply the changes to interest groups that are still stored in the >> browser in this case? I also assume there would be no "verification" at >> this stage, given that this is a _trusted_ execution environment. Is that >> right? >> >> Thanks, >> Vlad >> >> >>> >>> Blink component >>> >>> Blink>InterestGroups >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >>> >>> TAG review >>> >>> For Protected Audience Bidding and Auction Services: >>> https://github.com/w3ctag/design-reviews/issues/1009 >>> >>> TAG review status >>> >>> Declined <https://github.com/w3ctag/design-reviews/issues/1009> >>> >>> Risks Interoperability and Compatibility >>> >>> Feature represents optional new behavior that shouldn’t break existing >>> usage. >>> >>> Gecko & WebKit: For Protected Audiences in general - Negative from >>> Mozilla >>> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>. >>> No signal from Webkit >>> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >>> . >>> Edge: Edge is running an Origin Trial of the Ad Selection API >>> <https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> >>> which shares a Web API and services protocol with Protected Audience. >>> >>> Web developers: Feature requested by Microsoft in GitHub issue >>> <https://github.com/WICG/turtledove/issues/729#issuecomment-1822190741>. >>> >>> Debuggability >>> >>> Updates show up in the Application -> Storage -> Interest Groups >>> DevTools pane. >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)? >>> >>> It will be supported on all platforms that support Protected Audience, >>> so all but WebView. >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> Yes >>> <https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/server-response.https.window.js#L1033> >>> >>> Flag name on chrome://flags >>> >>> None >>> >>> Finch feature name >>> >>> EnableBandATriggeredUpdates >>> >>> Requires code in //chrome? >>> >>> False >>> Anticipated spec changes >>> >>> No web-visible changes expected. >>> >>> Estimated milestones >>> >>> Shipping to all applicable platforms in M132. >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/6305338270416896 >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU1RP23hoifvgyYojkGZGP%3D%2Bccw-MqLss5AyG5zSUEfz8g%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU1RP23hoifvgyYojkGZGP%3D%2Bccw-MqLss5AyG5zSUEfz8g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ca267644-3e78-4c4c-929f-2bea1f598e20%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ca267644-3e78-4c4c-929f-2bea1f598e20%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2OZ5ANxswx-sfsiJjZN93eMkkiX5%3DjWmaHrC3TjG3MBWA%40mail.gmail.com.
