Skip to content

Commit 462d8ad

Browse files
dmcardledmcardle
authored
Describe per-context limits in explainer (#146)
1 parent 157b26e commit 462d8ad

File tree

1 file changed

+23
-10
lines changed

1 file changed

+23
-10
lines changed

README.md

+23-10
Original file line numberDiff line numberDiff line change
@@ -443,16 +443,29 @@ will merge any contributions that have the same bucket and [filtering
443443
ID](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/flexible_filtering.md#proposal-filtering-id-in-the-encrypted-payload)
444444
before truncation.
445445

446-
This limit may vary by caller. In particular, Protected Audience reports may
447-
benefit from a higher limit more than Shared Storage reports.
448-
449-
More complex designs that enable callers to configure custom limits are also
450-
possible, but require further analysis (see [issue #81]).
451-
452-
[issue #81]: https://github.com/patcg-individual-drafts/private-aggregation-api/issues/81
453-
454-
Our implementation plan is to set the limit at 20 contributions per report for
455-
Shared Storage and 100 contributions per report for Protected Audience.
446+
Although larger reports have higher utility, they are also more expensive for
447+
the aggregation service to process. To accommodate use cases with diverse
448+
utility requirements and cost tolerances, we will attempt to select reasonable
449+
defaults with optional overrides:
450+
451+
- *Default limits:* The default limit may depend on the identity of the calling
452+
API. In particular, Protected Audience reports may benefit from a higher limit
453+
more than Shared Storage reports. Our implementation plan is to set the
454+
default limit at 20 contributions per report for Shared Storage and 100
455+
contributions per report for Protected Audience.
456+
457+
- *Per-context limits:* Callers may request a different limit on each isolated
458+
context they create. Since this affects the payload size, the requested limit
459+
must be specified from outside an isolated context. Consequently, Protected
460+
Audience buyers cannot set per-context limits. The browser must clamp
461+
excessively large values to some maximum value. Our implementation plan is to
462+
clamp the requested limit to a maximum of 1000 contributions per report.
463+
464+
- *Global config:* A more complex design that enables sites to configure a
465+
global limit may also be possible, but it requires further analysis. (See
466+
[issue #81].)
467+
468+
[issue #81]: https://github.com/patcg-individual-drafts/private-aggregation-api/issues/81
456469

457470
#### Padding
458471

0 commit comments

Comments
 (0)