search

WICG / shared-storage

Explainer for proposed web platform Shared Storage API
Other
90 stars 23 forks source link

Usage of shared-storage in privacy-sandbox/fledge #1

Closed vincent-grosbois closed 3 years ago

vincent-grosbois commented 3 years ago

Hi! After reading this proposal, this seems to be fairly close to the FLEDGE proposal ( https://github.com/WICG/turtledove/blob/main/FLEDGE.md ) that is being currently implemented in Chromium.

Can you please shed light on how you see both proposals interacting ? In particular, should we understand that both proposals are "compatible" ? By this I mean, would a Fledge bidding worklet be able within its own worklet to call sharedStorage.get(key) ? (this worklet would be a "fledge" auction worklet and not a "shared-storage" worklet)

jkarlin commented 3 years ago

Shared Storage currently lacks some key capabilities that FLEDGE provides (e.g., cross-site bidding and creation of a fenced frame from an arbitrary URL produce in a shared storage worklet). I don't think there is a privacy/security reason to prevent cross-site communication of shared storage worklets. But outputting an ad to a fenced frame from a shared storage worklet seems like a potential leak of a lot of cross-site bits, which concerns me.

In terms of allowing sharedStorage within a bidding worklet, I think it depends on if those bits could leak out of the worklet. If not, it seems reasonable to me. @michaelkleber any thoughts on that?

vincent-grosbois commented 3 years ago

Hello! Sorry I dont think it was clear, I wasn't saying that Shared Storage should aim at offering the features of Fledge (ie things related to bidding etc). But I was more thinking about how Shared Storage could be used within Fledge (ie your second paragraph) Indeed for instance for the example about putting users in consistant abtest population, this is mostly useful if we can determine at ad bidding time which population a user is in, which would be a computation that occurs inside fledge bidding worklet, and not inside a pure "shared storage" worklet. Im wondering about the technical feasibility of this and also if this is ok from a privacy perspective. Even though indeed I dont know if this is a ticket for this repo or Fledge's :)

Cheers

Le 16 juin 2021 à 17:13, Josh Karlin @.***> a écrit :

 Shared Storage currently lacks some key capabilities that FLEDGE provides (e.g., cross-site bidding and creation of a fenced frame from an arbitrary URL produce in a shared storage worklet). I don't think there is a privacy/security reason to prevent cross-site communication of shared storage worklets. But outputting an ad to a fenced frame from a shared storage worklet seems like a potential leak of a lot of cross-site bits, which concerns me.

In terms of allowing sharedStorage within a bidding worklet, I think it depends on if those bits could leak out of the worklet. If not, it seems reasonable to me. @michaelkleber any thoughts on that?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

vincent-grosbois commented 3 years ago

Hello! Sorry I dont think it was clear, I wasn't saying that Shared Storage should aim at offering the features of Fledge (ie things related to bidding etc). But I was more thinking about how Shared Storage could be used within Fledge (ie your second paragraph) Indeed for instance for the example about putting users in consistant abtest population, this is mostly useful if we can determine at ad bidding time which population a user is in, which would be a computation that occurs inside fledge bidding worklet, and not inside a pure "shared storage" worklet. Im wondering about the technical feasibility of this and also if this is ok from a privacy perspective. Even though indeed I dont know if this is a ticket for this repo or Fledge's :)

Cheers

Le 16 juin 2021 à 17:13, Josh Karlin @.***> a écrit :  Shared Storage currently lacks some key capabilities that FLEDGE provides (e.g., cross-site bidding and creation of a fenced frame from an arbitrary URL produce in a shared storage worklet). I don't think there is a privacy/security reason to prevent cross-site communication of shared storage worklets. But outputting an ad to a fenced frame from a shared storage worklet seems like a potential leak of a lot of cross-site bits, which concerns me.

In terms of allowing sharedStorage within a bidding worklet, I think it depends on if those bits could leak out of the worklet. If not, it seems reasonable to me. @michaelkleber any thoughts on that?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

jkarlin commented 3 years ago

Makes sense. I think ultimately it should be an issue on the FLEDGE repo of whether or not it's okay to access SharedStorage data within the bidding worklet, so I'll close this one.