Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private State Tokens #7

Open
dvorak42 opened this issue Apr 1, 2022 · 8 comments
Open

Private State Tokens #7

dvorak42 opened this issue Apr 1, 2022 · 8 comments

Comments

@dvorak42
Copy link
Member

dvorak42 commented Apr 1, 2022

Following up from the presentation today, I'd like to eventually propose moving the Trust Token API work from the WICG to the Anti-Fraud CG.

Current Documents: https://github.com/WICG/trust-token-api/

I'm opening this issue for early feedback about moving the API, prior to sending out a call to adopt the work on the list.

Please provide feedback/thoughts on this issue or via the Slack.

@SpaceGnome
Copy link

What are the pros/cons from moving this from WICG to the Anti-Fraud CG?

@dvorak42
Copy link
Member Author

Mostly just pros. The Anti-Fraud CG has regular meetings and can provide more feedback and direction as we clean up the API on the path to standardization and the API seems generally useful for the Anti-Fraud space.

@chris-wood
Copy link

If Trust Token is going to move, I think it needs to be updated to align with the latest Privacy Pass architecture and protocol.

@dvorak42
Copy link
Member Author

dvorak42 commented May 3, 2022

Yeah, do you think that needs to happen before it is adopted by the CG, or can it be done within the CG?

From the slides, the rough plan is:

  • Proposal to move Trust Token API (WICG)
  • Align with PrivacyPass protocol changes.
  • Build up strategies for using tokens in Anti-Fraud.
  • Corresponding proposals to establish the initial fraud signal.
  • Move to WG (WebAppSec?)

@chris-wood
Copy link

I think I'd prefer that happen before it's adopted by the CG, specifically because I think the CG should be focusing on defining the requirements for signals. The mechanism for presenting the signal (Trust Token built on Privacy Pass) is less interesting (to me).

@claucece
Copy link
Member

claucece commented May 3, 2022

That seems like a wonderful idea! We didn't have much time last meeting to discuss the proposals, so perhaps we can bring this up on the next one.

@dvorak42
Copy link
Member Author

We'll be briefly (3-5 minutes) going through open proposals at the Anti-Fraud CG meeting this week. If you have a short 2-4 sentence summary/slide you'd like the chairs to use when representing the proposal, please attach it to this issue otherwise the chairs will give a brief overview based on the initial post.

@dvorak42 dvorak42 changed the title Trust Token API Private State Tokens Oct 25, 2022
@dvorak42
Copy link
Member Author

dvorak42 commented Feb 1, 2024

Potentially of interest to folks who were looking at/providing feedback to this API, the Google Chrome team will be hosting office hours on it to help answer questions about the current state of the API in Chrome and resolve any gaps in understanding between the current version/documentation/use cases. Hopefully we'll be able to improve documentation and find directions where future extensions or related proposals can be extended/built.

The North America/LATAM/EMEA/APAC friendly session is happening on Wednesday March 6th at 8am-9am PST || 11am-12pm EST || 4pm-5pm GMT. A Portuguese language session is happening February 27 at 10-11 am PST.

More details and registration is available here.

If there are particular learnings/FAQs from the session that are relevant to the AFCG, we'll post them here and if there's interest ask for some time at a future AFCG meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants