Re: Call for Adoption: Private State Tokens/Private Tokens Work Stream from Brian May on 2022-12-01 (public-antifraud@w3.org from December 2022)

From: Brian May <bmay@dstillery.com>
Date: Thu, 1 Dec 2022 14:06:40 -0500
To: Jordan Ross <jordross@google.com>
Cc: Steven Valdez <svaldez@google.com>, Tommy Pauly <tpauly@apple.com>, Sofía Celi <cherenkov@riseup.net>, public-antifraud@w3.org
Message-ID: <CAMpQz1anx7P1mJ95eu_pf7hgzrXYg3zeL8akwfeW1-zecK0xtA@mail.gmail.com>
Is there a github issue for this? If not, it seems like maybe there should
be so the conversation isn't lost in email archives.

On Wed, Nov 30, 2022 at 3:56 PM Jordan Ross <jordross@google.com> wrote:

> I expect that further investment by the CG on Private State Tokens would
> be a welcome addition to the group's workstreams. As some have mentioned
> <https://github.com/antifraudcg/proposals/issues/7#issuecomment-1103929572>,
> we still see that it would be beneficial to further discuss anti-fraud /
> IVT detection needs in the anti-fraud CG to help shape and evolve the API.
>
> Thank you,
>
> Jordan Ross
>
> Google Ad Traffic Quality
>
>
> On Tue, Nov 29, 2022 at 10:54 AM Brian May <bmay@dstillery.com> wrote:
>
>> I'm also not sure this group is the right home for Trust Tokens API.
>> While anti-fraud includes use-case to which tokens might usefully be
>> applied, there are presumably a number of other cases not strictly fraud
>> related in which tokens could be meaningfully employed. Given that, I am
>> concerned either the anti-fraud focus of this group will be too limiting to
>> the development of a general-use trust token or that interest in developing
>> a token that applies to a broad set of use-cases will open the scope of
>> this group beyond the anti-fraud domain. It seems like the Credentials
>> Community Group <https://www.w3.org/community/credentials/> might be a
>> better home Trust Tokens API with the support from this group for
>> developing anti-fraud specific capabilities.
>>
>> On Tue, Nov 29, 2022 at 12:06 PM Steven Valdez <svaldez@google.com>
>> wrote:
>>
>>> There's not a ton in the explainer that is tied to a specific version of
>>> privacypass, but we can update the bits that rely on the older versions of
>>> privacypass to point to the current draft (and updating the metadata
>>> discussion to reference the current available privacypass types) and note
>>> where we're diverging from the specification before we move it over to the
>>> AFCG.
>>>
>>> On Mon, Nov 28, 2022 at 3:56 PM Tommy Pauly <tpauly@apple.com> wrote:
>>>
>>>> Hi Sofía,
>>>>
>>>> I do support the anti-fraud CG having a work stream for the general
>>>> area of Private Tokens, to talk about the interactions build on privacy
>>>> pass and other similar technologies.
>>>>
>>>> I don’t think we should move over or adopt the Trust Tokens API
>>>> document as-is, however, until it’s either updated to work with the IETF
>>>> version of privacy pass or else is specifically contextualized as
>>>> background/historical material from previous work. I know there’s an intent
>>>> to re-write that document to be compatible with the current privacy pass
>>>> (while it’s currently referring to a pre-IETF version), and I think it
>>>> should be relatively straightforward to make those changes. I am concerned
>>>> that bringing the document over without any updates will perpetuate
>>>> confusion about the different layers and versions, which should all be
>>>> converging at this point.
>>>>
>>>> Best,
>>>> Tommy
>>>>
>>>> > On Nov 22, 2022, at 9:08 AM, Sofía Celi <cherenkov@riseup.net> wrote:
>>>> >
>>>> > Hi all,
>>>> >
>>>> > The chairs are starting an adoption process for the Private State
>>>> Tokens proposal:
>>>> >
>>>> > https://github.com/WICG/trust-token-api/
>>>> > https://github.com/antifraudcg/proposals/issues/7
>>>> >
>>>> > Given the need for other types of privacy-preserving tokens for the
>>>> various capabilities being discussed in the CG, the authors are asking to
>>>> adopt this item as part of a more generic Private Tokens work stream,
>>>> discussing and developing documents for various types of privacy-preserving
>>>> tokens (based on privacypass and similar technology) that are useful in the
>>>> anti-fraud space.
>>>> >
>>>> > Please respond with any further feedback or support for the document
>>>> and work stream in the next two weeks (try to get your feedback in by
>>>> December 7th in time for the next CG meeting), and the chairs will
>>>> determine whether there is sufficient support for the document to adopt it
>>>> as an official CG work stream.
>>>> >
>>>> > Thank you,
>>>> > --
>>>> > Sofía Celi
>>>> > @claucece
>>>> > Cryptographic research and implementation at many places, specially
>>>> Brave.
>>>> > Chair of hprc at IRTF and anti-fraud at W3C.
>>>> > Reach me out at: cherenkov@riseup.net
>>>> > Website: https://sofiaceli.com/
>>>> > 3D0B D6E9 4D51 FBC2 CEF7  F004 C835 5EB9 42BF A1D6
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>
>>> --
>>>
>>>  Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |  Cambridge,
>>> MA
>>>
>>
>>
>> --
>>
>>
>> Brian May
>> Principal Engineer
>> P: (848) 272-1164
>>
>

-- 


Brian May
Principal Engineer
P: (848) 272-1164
Received on Thursday, 1 December 2022 19:07:16 UTC