Open jkarlin opened 2 weeks ago
MattMenke2
commented
2 weeks ago What's to prevent leaking information in the script URL, like can currently be done via event-level reporting?
e.g., from generateBid(), use a scriptURL of "https://tracker.com/tracked-user-Matt-from-site1.com-visited-site2.com-and-his-id-there-is-1234.js"?
jkarlin
commented
2 weeks ago Not entirely ironed out, but the idea was roughly that the data origin of the shared storage worklet would match that of the calling PA worklet, and that the script url would need to be predeclared (e.g., in a short list of script urls hosted at https://buyerorigin/.well-known/shared-storage/X address or via some other header/js).
There are two places where one can write to shared storage but can’t run a worklet, meaning missed private aggregation based reporting opportunities if the writer doesn't have script access on the page. The two places are 1) when writing to shared storage via a response header and 2) when writing to shared storage from Protected Audience worklets.
It would be nice if the writer could schedule a worklet to run in the future. The browser could coalesce such requests and rate-limit them by origin to reduce performance issues. It might look something like:
And the response header mechanism would likely be similar to that used for writing to shared storage via response headers, and require a similar opt-in from the publisher. Something like:
The worklet script would be fetched and executed sometime in the future, likely rate limited to preserve resources. This would allow folks to write data in buyer and seller PA worklets, or via response headers, and feel comfortable that sometime soon they'd get to process the data in a worklet and generate a private aggregation report via shared storage.
What do you all think? Would this be useful? Please let us know about your use cases and if this fits the need or how it might be adjusted.