-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trustedScoringSignals as a promise? #1314
Comments
Our current architecture keys worklets on all URLs and everything that goes into the trusted signals query param that can't be merged (e.g., slot size, experiment ID). So we currently can't load a worklet without knowing the signals URL, without some architecture rework. Our caching KVv2 TEE-based implementation could pretty easily work around that, but as long as we're still supporting KVv1, this would require more significant architectural changes to do. I think it's also worth noting that allowing arbitrary seller signals URLs is a significant leak, even when we're talking to a TEE, since we reveal a lot of timing information, which a unique URL allows to be associated with a specific auction. I would not be surprised if we find we need to lock down the ability to configure these URLs significantly, and instead allow additional data to be passed directly to the TEE. |
A bit broader: there is a cost to making things promises, so it's not just a question of whether it can be made one, but whether someone out there actually needs the functionality. |
I'm going to cross-post re: experiment IDs on #1298 to avoid tangents here regarding other signals. |
Can you elaborate how the signals URLs is actually used by the script runners before the actual TSS call to seller is generated? |
As I said, it's used as a key. Worklet objects do not have a layer to figure out which requests to the signals URL can be merged, and which cannot, and to track multiple batches of pending signals requests based on that. That's handled by creating multiple worklets instead. |
Stepping back, the need to key worklets in the first place is a result of reusing worklets - between interest groups that share parameters, within different components auctions in the same auction, between auctions on the same page. If we don't know the keys that must match in order to reuse the worklet, we can't create the worklet either, since we don't know where to put it in the map, among other things. |
Ah, so the logic is on the "outside" of the worklets, so to speak. |
For the seller worklets, only the re-use of auctions on the same page comes into play.
That makes sense -- I was trying to better understand how "else" a seller worklet could handle the KV call to the trusted scoring signals URL if that wasn't managed "from the outside". |
Correct. This is the layer to manage worklet creation, lifetime, and reuse.
Most likely, yes, though you theoretically could reuse a seller for multiple components within an auction, or for the top-level auction and a component auction. We could also eventually extend reuse to across pages on the same top-level origin as well, though unclear if that would be worth the investment. |
Following Prebid's introduction of parallel auctions , there have been a few recent issues regarding the use of promises (#1093, #1298), as well as some discussion on weekly WICG calls.
Specifically, I wanted to dig into which aspects of a seller's
auctionConfig
for a component auction can be promises -- from https://github.com/WICG/turtledove/blob/main/PA_implementation_overview.md, it seems rather obvious thatseller
anddecisionLogicURL
need to be available to start the script runners, to faciliate fetching the JS assets required for scoring.What's less clear is why
trustedScoringSignalsURL
-- which can only result in calls to a seller's KV oncegenerateBid()
has executed. In the aforementioned explainer, it says that:Which makes sense, since
auctionSignals
, sellerSignals,
perBuyerSignals, etc. are all required for use in both
generateBid()and
scoreAd`, regardless of when the script runners begin execution.However, this seems to suggest that there's a possibility that the KV URL (
trustedScoringSignalsURL
) could also potentially be delivered as a promise -- though theauctionConfig
spec doesn't allow for that today.@MattMenke2 @JensenPaul -- could you provide additional insights into this possibility?
The text was updated successfully, but these errors were encountered: