Skip to content

Providing global configuration for AdTechs #143

Open
@ningwangpanda

Description

@ningwangpanda

Current Implementation

Buyers specify and store aggregationCoordinatorOrigin in each interest group when they join or update interest groups. This aggregationCoordinatorOrigin is the choice of the coordinator origin for the buyer’s reports.

const interestGroup = {
...
'privateAggregationConfig': {
'aggregationCoordinatorOrigin': 'https://coordinator.example'
}
};

Sellers specify and store aggregationCoordinatorOrigin in auctionConfig when they call runAdAuction(). This aggregationCoordinatorOrigin is the choice of the coordinator origin for the seller's reports.

const myAuctionConfig = {
...
'privateAggregationConfig': {
'aggregationCoordinatorOrigin': 'https://coordinator.example'
}
};
const auctionResultPromise = navigator.runAdAuction(myAuctionConfig);

During the auction process, buyers and sellers can call privateAggregation.contributeToHistogram() or privateAggregation.contributeToHistogramOnEvent() to make histogram contributions. Specifically, buyers can make histogram contributions from generateBid() and reportWin(); sellers can make histogram contributions from scoreAd() and reportResult().

After the end of the auction (plus a randomized delay), the histogram contributions are bundled together into reports. Chrome fetches keys from the specified coordinator origins (although note that Chrome has caching) to encrypt the reports. Chrome then sends the encrypted reports to buyers and sellers.

Later, when buyers and sellers send the encrypted reports to the Aggregation Service, Chrome fetches keys from the specified coordinator origins to decrypt the reports. Note that the coordinator origin being used for encryption is the one specified when the interest group was joined or updated, and the decryption keys will not be available if the Aggregation Service is being run on or migrated to a different cloud.

Concerns

Our DSPs are above the 10MB limit on kInterestGroupStorageMaxStoragePerOwner. Specifying aggregationCoordinatorOrigin in each interest group increases interest group sizes even further. Our DSPs would like to reduce interest group sizes.

Our DSPs need to repeatedly specify the same aggregationCoordinatorOrigin in each interest group covering multiple endpoints.

Proposals

We propose that Chrome provides global default configuration per AdTech, so that buyers or sellers do not have to repeatedly specify the same aggregationCoordinatorOrigin in each interest group or auctionConfig.

We propose that Chrome provides global configuration at the origin level. Per-site configuration may not provide enough granularity for AdTechs, for example, interest group owners are at the origin level. Some AdTechs may share the same site or even origin. For example, if two DSPs share the same origin and use both AWS and GCP coordinators, DSPs can consider default to the more commonly used coordinator and specify the other coordinator when joining or updating interest groups. Or these two DSPs can consider splitting at the origin level.

This proposal should not raise any privacy concerns. In the current implementation, aggregationCoordinatorOrigin defaults to the AWS coordinator origin for all AdTechs. There are only two versions of coordinators, i.e., AWS and GCP, at this moment, thus this proposal allows AdTechs to default to the GCP version. We only propose that Chrome allows each AdTech to specify the default coordinator origin for itself. The actual keys used for encryption and decryption are still secure as before.

Note that we are not proposing to remove the ability to set aggregationCoordinatorOrigin in interest groups. This feature is still useful. For example, when DSPs migrate from one coordinator to the other coordinator, interest groups can have both coordinators. In this case, Chrome sends two reports, i.e., one for each coordinator. DSPs can compare these two reports during the migration.

In the short term, our DSPs can specify aggregationCoordinatorOrigin in interest groups. However, we would like Chrome to be able to support global configuration per origin before 3PCD so that our DSPs can reduce interest group sizes before 3PCD.

Other Use Cases

Global configuration could potentially be useful for a few different things, for example, specifying contribution limits per AdTech: #81 (comment).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions