OneKey-Network / addressability-framework

Apache License 2.0
4 stars 2 forks source link

Consider an encryption scheme that keeps the user data out of website author hands #18

Open broggeri opened 2 years ago

broggeri commented 2 years ago

e.g., share a website-specific encryption key between the various tech vendor of a website (operator, CMP, adserver, SSP., DSP..).

This also suggest that the wording below should be adapted: https://github.com/criteo/addressable-network-proposals/blob/ef04286eb1a8f20ed387f4594389b786556eb4ee/mvp-spec/operator-design.md?plain=1#L13

=> no decryption is needed by website. Decryption might stil be needed by e.g. the SSP. The benefit is still there: it's possible to handle the payload through client side javascript until it reaches the SSP.

OlivierChirouze commented 2 years ago

I've made some progress on this requirement.

Objective

The objective is that for some publishers,

In other words, Prebid data is encrypted for these publishers and can only be decrypted by backends, when needed (to get consent by CMP, to display existing preferences by CMP, to bid by ad server)

Changes

Big picture (and to build on the existing proposition), it would mean the following changes in the current design & API:

in this case, instead of:

{
  "sender": "operatorO.com",
  "timestamp": 1639059692793,
  "signature": "message_signature_xyz1234",
  "body": {
    "preferences": {
      "version": 0,
      "data": {
        "opt_in": true
      },
      "source": {
        "domain": "cmpC.com",
        "timestamp": 1639643112,
        "signature": "preferences_signature_xyz12345"
      }
    },
    "identifiers": [
      {
        "version": 0,
        "type": "prebid_id",
        "value": "7435313e-caee-4889-8ad7-0acd0114ae3c",
        "source": {
          "domain": "operator0.com",
          "timestamp": 1639643110,
          "signature": "prebid_id_signature_xyz12345"
        }
      }
    ]
  }
}

the response would look like:

{
  "sender": "operatorO.com",
  "timestamp": 1639059692793,
  "signature": "message_signature_xy48789799",
  "body": {
    "encryptedPreferences": {
      "value": "A3NpbmdsZS41MWRjLnVrAC...CfXor0v9Y1R+NzY8z1k=",
      "encrypter": "publisherP.com" 
    },
    "encryptedIdentifiers": [
      {
          "value": "HijVo2mQtOst1durTtajwevb_V480ODx...dZy32NIkXH414nhdE9K1JFyiVU",
          "encrypter": "publisherP.com"
      }
    ]
  }
}
sender + '\u2063' +
receiver + '\u2063' +
preferences.source.signature + '\u2063' +
encryptedPreferences.value + '\u2063' +
identifiers[0].source.signature + '\u2063' +
identifiers[1].source.signature + '\u2063' +
...
identifiers[n].source.signature + '\u2063' +
encryptedIdentifiers[0].value + '\u2063' +
encryptedIdentifiers[1].value + '\u2063' +
...
encryptedIdentifiers[n].value + '\u2063' +
timestamp

Challenges / issues