LGTM2 On Wed, Dec 4, 2024, 12:46 PM Vladimir Levin <vmp...@chromium.org> wrote:
> Thank you for the explainer pointer, this clarifies things for me. > > It doesn't seem like there is any additional privacy implication for the > TEE case. > > LGTM1 > > On Wed, Dec 4, 2024 at 12:05 PM Russ Hamilton <behamil...@google.com> > wrote: > >> Thanks, I have requested the review bits on the status entry. >> >> There is a detailed explainer for the TEE system here: >> https://github.com/privacysandbox/protected-auction-services-docs/blob/main/bidding_auction_services_system_design.md >> >> As shown in the diagram, the TEE performs the fetch to the Key-Value >> servers as part of running the auction. The TEE collects and forwards the >> updateIfOlderThanMs portion of the response back to Chrome in its response. >> As you guess there is no additional verification since this is a trusted >> server and we trust that the server performed its own verification (such as >> using TLS on the connection to the Key-Value server). >> >> Best, >> --Benjamin "Russ" Hamilton >> >> On Tue, Dec 3, 2024 at 8:38 PM Vladimir Levin <vmp...@chromium.org> >> wrote: >> >>> >>> >>> On Tue, Nov 26, 2024 at 6:42 PM Mike Taylor <miketa...@chromium.org> >>> wrote: >>> >>>> Could you please request the various review bits in your chromestatus >>>> entry? >>>> On 11/22/24 3:45 PM, 'Russ Hamilton' via blink-dev wrote: >>>> >>>> Contact emails >>>> >>>> pauljen...@chromium.org, behamil...@google.com >>>> >>>> Explainer >>>> >>>> For the Protected Audience feature that this extends to Bidding and >>>> Auction Services: https://github.com/WICG/turtledove/pull/1095 >>>> >>>> Specification >>>> >>>> Web platform: https://github.com/WICG/turtledove/pull/1294. >>>> >>>> Services protocol: >>>> https://github.com/privacysandbox/draft-ietf-bidding-and-auction-services/pull/12 >>>> >>>> Summary >>>> >>>> The Protected Audience API allows bidders to store information, called >>>> an interest group, from a single site in the browser that can only be read >>>> later in the context of an auction. Today, interest groups can be updated >>>> by fetching new values from a server. We recently launched >>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/eXJLbFAuSU8> a >>>> feature that enables bidders to indicate a subset of interest groups they’d >>>> like to update in the real-time signals response from the bidders’ >>>> key-value servers. This proposal extends that capability to include >>>> auctions run on a Trusted Execution Environment (TEE) based server using >>>> Bidding and Auction Services by passing the list of interest groups to be >>>> updated from the bidders' key-value servers back to the browser in the >>>> encrypted response from Bidding and Auction Services. >>>> >>>> My understanding is that this intent is to allow updateIfOlderThanMs to >>> be used in TEE. However, because TEE architecture is itself complicated, is >>> it possible to put together an explainer (with hopefully a couple of >>> diagrams) of how this flow is going to happen? >>> >>> Specifically, it isn't clear to me when we would query bidders' >>> key-value servers in order to update the interest group in the TEE context. >>> Is this happening during an auction or some other time? Is the response >>> from TEEs going to apply the changes to interest groups that are still >>> stored in the browser in this case? I also assume there would be no >>> "verification" at this stage, given that this is a _trusted_ execution >>> environment. Is that right? >>> >>> Thanks, >>> Vlad >>> >>> >>>> >>>> Blink component >>>> >>>> Blink>InterestGroups >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >>>> >>>> TAG review >>>> >>>> For Protected Audience Bidding and Auction Services: >>>> https://github.com/w3ctag/design-reviews/issues/1009 >>>> >>>> TAG review status >>>> >>>> Declined <https://github.com/w3ctag/design-reviews/issues/1009> >>>> >>>> Risks Interoperability and Compatibility >>>> >>>> Feature represents optional new behavior that shouldn’t break existing >>>> usage. >>>> >>>> Gecko & WebKit: For Protected Audiences in general - Negative from >>>> Mozilla >>>> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>. >>>> No signal from Webkit >>>> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >>>> . >>>> Edge: Edge is running an Origin Trial of the Ad Selection API >>>> <https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> >>>> which shares a Web API and services protocol with Protected Audience. >>>> >>>> Web developers: Feature requested by Microsoft in GitHub issue >>>> <https://github.com/WICG/turtledove/issues/729#issuecomment-1822190741> >>>> . >>>> >>>> Debuggability >>>> >>>> Updates show up in the Application -> Storage -> Interest Groups >>>> DevTools pane. >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>> >>>> It will be supported on all platforms that support Protected Audience, >>>> so all but WebView. >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> Yes >>>> <https://github.com/web-platform-tests/wpt/blob/master/fledge/tentative/server-response.https.window.js#L1033> >>>> >>>> Flag name on chrome://flags >>>> >>>> None >>>> >>>> Finch feature name >>>> >>>> EnableBandATriggeredUpdates >>>> >>>> Requires code in //chrome? >>>> >>>> False >>>> Anticipated spec changes >>>> >>>> No web-visible changes expected. >>>> >>>> Estimated milestones >>>> >>>> Shipping to all applicable platforms in M132. >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/6305338270416896 >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU1RP23hoifvgyYojkGZGP%3D%2Bccw-MqLss5AyG5zSUEfz8g%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAAG-DU1RP23hoifvgyYojkGZGP%3D%2Bccw-MqLss5AyG5zSUEfz8g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ca267644-3e78-4c4c-929f-2bea1f598e20%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/ca267644-3e78-4c4c-929f-2bea1f598e20%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2OZ5ANxswx-sfsiJjZN93eMkkiX5%3DjWmaHrC3TjG3MBWA%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2OZ5ANxswx-sfsiJjZN93eMkkiX5%3DjWmaHrC3TjG3MBWA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA44PQiW47-mY%2BZ8MBKafLVq%3D57iyBkW4SsaCWJCEZqvv%3DEUWw%40mail.gmail.com.
