Skip to content

Commit

Permalink
Update explainers for fenced frame privateAggregationConfig restricti…
Browse files Browse the repository at this point in the history 
…ons. (#154)
  • Loading branch information
@blu25
blu25 authored Aug 29, 2024
1 parent a53a027 commit 04cae6d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 7 deletions.
5 changes: 2 additions & 3 deletions flexible_filtering.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,8 @@ We do not currently plan to allow the filtering ID bit size to be configured for
Protected Audience bidders as these flows require context IDs to make the scale
practical; we do not currently plan to expose context IDs to bidders (see the
[explainer](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md#specifying-a-contextual-id-and-each-possible-ig-owner)
for more discussion).
for more discussion). We also do not plan on allowing these fields to be set
from within fenced frames, as they may have access to cross-site information.

#### Backwards compatibility

Expand Down Expand Up @@ -301,8 +302,6 @@ to the potential for a large number of null reports, see
[explainer](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md#specifying-a-contextual-id-and-each-possible-ig-owner)
for more discussion. Identical considerations would apply to this batching ID in
the `shared_info`; so, we would not allow a batching ID to be set for bidders.
Note that Protected Audience auction winners could still report using Shared
Storage in the rendering (fenced) frame.

#### Backwards compatibility

Expand Down
7 changes: 3 additions & 4 deletions report_verification.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -525,10 +525,9 @@ significant design and exploration.
## Shared Storage in Fenced Frames

When a shared storage operation is run from a fenced frame instead of a
document, we can’t simply set a contextual ID. Winning ads of FLEDGE auctions
are required to be _k_-anonymous and can’t communicate with their embedder. So,
any high entropy contextual ID could not be joined to information outside the
Fenced Frame.
document, we can no longer set a contextual ID. Any cross-site information the
fenced frame has could be embedded in the context ID, so the ability to set it
is disabled.

Instead, we propose allowing a Private State Token to be bound to the
FencedFrameConfig output of a FLEDGE auction. We would reuse the FLEDGE bidder
Expand Down

0 comments on commit 04cae6d

Please sign in to comment.