privacysandbox / protected-auction-key-value-service

Protected Auction Key/Value Service
Apache License 2.0
55 stars 20 forks source link

Be able to run an attestated end to end test with Chrome and the key/value service #49

Open fhoering opened 6 months ago

fhoering commented 6 months ago

We would like to deploy the key/value service on GCP and/or AWS and be able to run a real end to end test with a Chrome on-device auction being able to call the TEE key/value service.

In particular this means that we can:

Can you give us a timeline on when a documentation for this setup could be ready ?

lx3-g commented 6 months ago

Hello Fabian Höring,

We have a roadmap which we will publish soon. That roadmap should answer your questions above. Once it's published, we will update this thread,

Alex

peiwenhu commented 6 months ago

Hi, Fabian,

I think you have mentioned this in somewhere else and it might have been confusing to you: to clarify, the ad retrieval workflow is for Protected App Signals. It is not for Protected Audience. On a high level, the K/V server can be used in both PAS and PA. However, the UDF (and server query) API is slightly different in each, which enables different workflows. This particular workflow, cannot be used as-is in PA. It is only supported when used along with the Bidding & Auction services in the PAS context.

fhoering commented 6 months ago

OK. I would like to use the key/value server for Protected Audience. But I'm referring to this page because it contains a good documentation on the features I would like to use in particular ad filtering and ML inference. Also see my comment from here.

It seems like the first step to do, to replace our current BYO key/value server implementation that already works but without the additional complexity of bidding and auction services. And that means I need UDFs, ML inference and potential other new features.

This particular workflow, cannot be used as-is in PA. It is only supported when used along with the Bidding & Auction services in the PAS context.

Should I make a formal request/ticket to support this workflow ?

michaelkleber commented 6 months ago

Hi Fabian, Protected Audience doesn't support dynamic ad retrieval. First, this would be a real change to the privacy model. Second, for on-device PA, there isn't an easy path to add it because it doesn't interact well with k-anon checks.

There was a bunch of discussion in the first half of https://github.com/WICG/turtledove/issues/729. The Microsoft Edge folks have said they do want to support dynamic ad retrieval in the Ad Selection API, their version of PA + B&A, and we discussed a bit in https://github.com/WICG/privacy-preserving-ads/issues/54.

Is the rest of this flow still valuable to you without the dynamic ad retrieval, keeping the current PA mechanism where the ad URLs must be stored in the Interest Group? (Perhaps with the quick-IG-update capability from the bottom half of https://github.com/WICG/turtledove/issues/729?)

fhoering commented 6 months ago

Yes, I think everything can be done without dynamic ad retrieval and by storing the render urls directly in the interest group. The latest changes to reduce the IG update time with updateIfOlderThanMs will also help.

I had a look at the page explaining a high level overview of Protected APP signals and the actual implementation and maybe the confusion is coming from the fact that they seem very different.

So I will re-explain my use case. I'm in the context of Protected Audience executed in an on-device auction in Chrome and I would like to use the TEE key/value service for the following:

I would precompute a list of candidate ads during IG creation and then during bidding, when the key/value service is called, score the list of candidate ads, send the score back to the bidding function and then select the right ad based on the score. I likely will not have 100k candidates but orders of magnitude less, a reasonable amount to be stored inside the interest group but enough such that I would like to do real time scoring during bidding all the time instead of scoring the ads during tagging and only putting the relevant ads and scores.

This use case assumes that some additional signals are made available in the key/value server for example the geolocation to do country based ad candidate filtering. But I understood at some point (https://github.com/WICG/turtledove/issues/892) that more signals like geo location signals and also publisher related signals could be provided to the TEE kv server call.

bjschnei commented 5 months ago

Hi Fabian,

Chrome does not yet support the V2 API, but the KV server does have an internal translation, enabling UDF execution for V1 see flag

To clarify prior comments, all functionality in the KV server is available to you, including setQuery, in the event you would like to use it for your PA UDF logic.

fhoering commented 5 months ago

Yes, I succeeded to set up V1 => V2 mapping to be able to query with the existing way. The V1 protocol seems also simpler than the V2 protocol.

About the features it seems like model ML inference is not available yet in the KV server.

In general this ticket is mostly about some documentation on how to set up the attested KV service with the coordinator. So no need necessarily to talk about ML inference here.