- From: Steven Valdez <svaldez@google.com>
- Date: Mon, 5 Dec 2022 14:05:17 -0500
- To: Brian May <bmay@dstillery.com>
- Cc: Jordan Ross <jordross@google.com>, Tommy Pauly <tpauly@apple.com>, Sofía Celi <cherenkov@riseup.net>, public-antifraud@w3.org
- Message-ID: <CANduzxDpzR+EzZ3zQBNF4OB5nx9+gL3MwZAYhLJBgMid2xi3FA@mail.gmail.com>
There's https://github.com/antifraudcg/proposals/issues/7 in the proposals repo. re The question about the scope of the Trust Tokens/Private State Tokens API, the authors are interested in the primitive as it is helpful for anti-fraud use-cases, and aren't looking to it as a general-use token. Its possible there might be other use cases for the tokens once standardized, but our hope is to focus on prioritizing the API design/ecosystem to be useful for anti-fraud purposes rather than anything more general. On Thu, Dec 1, 2022 at 2:07 PM Brian May <bmay@dstillery.com> wrote: > Is there a github issue for this? If not, it seems like maybe there should > be so the conversation isn't lost in email archives. > > On Wed, Nov 30, 2022 at 3:56 PM Jordan Ross <jordross@google.com> wrote: > >> I expect that further investment by the CG on Private State Tokens would >> be a welcome addition to the group's workstreams. As some have mentioned >> <https://github.com/antifraudcg/proposals/issues/7#issuecomment-1103929572>, >> we still see that it would be beneficial to further discuss anti-fraud / >> IVT detection needs in the anti-fraud CG to help shape and evolve the API. >> >> Thank you, >> >> Jordan Ross >> >> Google Ad Traffic Quality >> >> >> On Tue, Nov 29, 2022 at 10:54 AM Brian May <bmay@dstillery.com> wrote: >> >>> I'm also not sure this group is the right home for Trust Tokens API. >>> While anti-fraud includes use-case to which tokens might usefully be >>> applied, there are presumably a number of other cases not strictly fraud >>> related in which tokens could be meaningfully employed. Given that, I am >>> concerned either the anti-fraud focus of this group will be too limiting to >>> the development of a general-use trust token or that interest in developing >>> a token that applies to a broad set of use-cases will open the scope of >>> this group beyond the anti-fraud domain. It seems like the Credentials >>> Community Group <https://www.w3.org/community/credentials/> might be a >>> better home Trust Tokens API with the support from this group for >>> developing anti-fraud specific capabilities. >>> >>> On Tue, Nov 29, 2022 at 12:06 PM Steven Valdez <svaldez@google.com> >>> wrote: >>> >>>> There's not a ton in the explainer that is tied to a specific version >>>> of privacypass, but we can update the bits that rely on the older versions >>>> of privacypass to point to the current draft (and updating the metadata >>>> discussion to reference the current available privacypass types) and note >>>> where we're diverging from the specification before we move it over to the >>>> AFCG. >>>> >>>> On Mon, Nov 28, 2022 at 3:56 PM Tommy Pauly <tpauly@apple.com> wrote: >>>> >>>>> Hi Sofía, >>>>> >>>>> I do support the anti-fraud CG having a work stream for the general >>>>> area of Private Tokens, to talk about the interactions build on privacy >>>>> pass and other similar technologies. >>>>> >>>>> I don’t think we should move over or adopt the Trust Tokens API >>>>> document as-is, however, until it’s either updated to work with the IETF >>>>> version of privacy pass or else is specifically contextualized as >>>>> background/historical material from previous work. I know there’s an intent >>>>> to re-write that document to be compatible with the current privacy pass >>>>> (while it’s currently referring to a pre-IETF version), and I think it >>>>> should be relatively straightforward to make those changes. I am concerned >>>>> that bringing the document over without any updates will perpetuate >>>>> confusion about the different layers and versions, which should all be >>>>> converging at this point. >>>>> >>>>> Best, >>>>> Tommy >>>>> >>>>> > On Nov 22, 2022, at 9:08 AM, Sofía Celi <cherenkov@riseup.net> >>>>> wrote: >>>>> > >>>>> > Hi all, >>>>> > >>>>> > The chairs are starting an adoption process for the Private State >>>>> Tokens proposal: >>>>> > >>>>> > https://github.com/WICG/trust-token-api/ >>>>> > https://github.com/antifraudcg/proposals/issues/7 >>>>> > >>>>> > Given the need for other types of privacy-preserving tokens for the >>>>> various capabilities being discussed in the CG, the authors are asking to >>>>> adopt this item as part of a more generic Private Tokens work stream, >>>>> discussing and developing documents for various types of privacy-preserving >>>>> tokens (based on privacypass and similar technology) that are useful in the >>>>> anti-fraud space. >>>>> > >>>>> > Please respond with any further feedback or support for the document >>>>> and work stream in the next two weeks (try to get your feedback in by >>>>> December 7th in time for the next CG meeting), and the chairs will >>>>> determine whether there is sufficient support for the document to adopt it >>>>> as an official CG work stream. >>>>> > >>>>> > Thank you, >>>>> > -- >>>>> > Sofía Celi >>>>> > @claucece >>>>> > Cryptographic research and implementation at many places, specially >>>>> Brave. >>>>> > Chair of hprc at IRTF and anti-fraud at W3C. >>>>> > Reach me out at: cherenkov@riseup.net >>>>> > Website: https://sofiaceli.com/ >>>>> > 3D0B D6E9 4D51 FBC2 CEF7 F004 C835 5EB9 42BF A1D6 >>>>> > >>>>> > >>>>> >>>>> >>>>> >>>> >>>> -- >>>> >>>> Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | Cambridge, >>>> MA >>>> >>> >>> >>> -- >>> >>> >>> Brian May >>> Principal Engineer >>> P: (848) 272-1164 >>> >> > > -- > > > Brian May > Principal Engineer > P: (848) 272-1164 > -- Steven Valdez | Chrome Privacy Sandbox | svaldez@google.com | Cambridge, MA
Received on Monday, 5 December 2022 19:05:43 UTC