Spec: Effects of k-anonymity not described well

[alexmturner]

Moving @brusshamilton's original issue from the Private Aggregation repo here now that the monkey patches have been migrated.

From the spec, it sounds like all Private Aggregation contributions from a non-k-anonymous bid in a Protected Audience auction will processed. According to the Protected Audience explainer (and the Chrome implementation), the only contributions from non-k-anonymous bids that are counted are those that use the "reject-reason" signal.

[morlovich]

So I implemented most of the latter for the on-event stuff; with TODOs to do it for regular histograms (which probably involves monkey-patching PAgg :( ) and also for the magic reject-reason thing.

[alexmturner]

Ah great -- I'm hoping we won't need any monkey patches, but very happy to export some new algorithms in the PAA spec if needed

[morlovich]

Well, basically the main difference is that https://patcg-individual-drafts.github.io/private-aggregation-api/#dom-privateaggregation-contributetohistogram at the last step would be appending stuff to a global's contribution list, not a global one. (And we would only use it if it's k-anon, and also if the auction has a winner, only if the winner is shown, but that's a me problem).

Also the way the permissions policy check works needs to be different --- compare https://wicg.github.io/turtledove/#:~:text=If%20this%27s%20allowed%20to%20use%20is%20false%2C%20throw%20a%20TypeError. (partly because, uhm, we can't throw DOM exceptions, and because of the privateAggregation-not-available-at-top-level-run thing).