Azure participation in beta and scale testing

[kapilvgit]

We are already developing support for deploying B&A services in Azure. We would like to include Azure in beta and scale testing. It would be great to start a discussion on what is involved.

[p-j-l]

This was discussed in the first public call yesterday (and I'll get the notes for that uploaded to this repo in the next day or two). There will be a one-off meeting of the public call, next week, to talk about this topic and that will be announced in the usual places - that should also get set up in the next day or so.

[kapilvgit]

This is a pre-read for the ad-hoc call scheduled for Wed 20th of December. Bidding and Auction Services on Azure

[pm-harshad-mane]

Link to Azure document shared by @kapilvgit : https://1drv.ms/w/s!AmI-86sms1pYqJ5Uqgo5Qv2Ynmrcmw?e=Bnk2Zo

[webmihir]

Thank you Kapil and Faul. As next steps, can you share your current implementation of B&A on Azure so we can begin reviewing the code.

[kapilvgit]

Thanks Mihir. We will share our implementation shortly.

[lbdvt]

What's the status on having Azure supported as a TEE cloud provider for the Privacy Sandbox (Aggregation Service, KV server, B&A service)?

A healthy ecosystem needs multiple cloud providers, as well as TEEs in non-public DC (https://github.com/privacysandbox/protected-auction-services-docs/issues/34), and we're supportive of having Azure listed as a TEE cloud provider for the Privacy Sandbox.

[renanfel]

Thanks for the feedback and discussion on adding support for Azure.

As mentioned during the public call yesterday, as a next step, we want to conduct the review process outlined in the recently published public cloud TEE explainer. Can you please add a comment with the required information?

[kapilvgit]

Name and web address for the Cloud Service Provider:

Azure, https://azure.microsoft.com/

Short description of the Cloud TEE solution, including security properties, remote attestation and workload capabilities. Please include links to supporting documentation:

Azure provides a commercially available Cloud TEE solution using confidential containers on Azure Container Instances. Confidential containers on Azure Container Instances provide secure, private and isolated environments, which helps prevent the operator and CSP from accessing customer data. Azure further provides a hardware-based attestation process for these environments that includes all application containers and their configuration. Confidential containers on Azure Container Instances can run Linux-based containerized workloads.

Short description of security and trust of the CSP, including compliance with ISO standards, Certification from cloud security industry bodies (such as STAR Level 2), and inclusion in a research report on public cloud offerings (such as Gartner’s public cloud report). Please include links to supporting documentation.

Azure meets the ISO 20000-1, 22301, 27001, 27017, 27018, 27701, and 9001 standards and obtained Level 2 in the CSA STAR Registry. The confidential containers on Azure Container Instances security model is documented. Azure is included in Gartner’s public cloud report. Azure (Microsoft) is headquartered in the US.

[bhatiaanant]

Adding InMobi's ask to link the above thread: https://github.com/WICG/protected-auction-services-discussion/issues/67

[renanfel]

Thank you Microsoft and inMobi for submitting the request to approve Azure as a public cloud. All the required information needed at this stage has been provided, and we started reviewing the request.