Re: Call for Adoption: Private State Tokens/Private Tokens Work Stream

I misunderstood the scope, if it is limited to anti-fraud I am in favor of
adoption.

On Mon, Dec 5, 2022 at 2:05 PM Steven Valdez <svaldez@google.com> wrote:

> There's https://github.com/antifraudcg/proposals/issues/7 in the
> proposals repo.
>
> re The question about the scope of the Trust Tokens/Private State Tokens
> API, the authors are interested in the primitive as it is helpful for
> anti-fraud use-cases, and aren't looking to it as a general-use token. Its
> possible there might be other use cases for the tokens once standardized,
> but our hope is to focus on prioritizing the API design/ecosystem to be
> useful for anti-fraud purposes rather than anything more general.
>
> On Thu, Dec 1, 2022 at 2:07 PM Brian May <bmay@dstillery.com> wrote:
>
>> Is there a github issue for this? If not, it seems like maybe there
>> should be so the conversation isn't lost in email archives.
>>
>> On Wed, Nov 30, 2022 at 3:56 PM Jordan Ross <jordross@google.com> wrote:
>>
>>> I expect that further investment by the CG on Private State Tokens would
>>> be a welcome addition to the group's workstreams. As some have mentioned
>>> <https://github.com/antifraudcg/proposals/issues/7#issuecomment-1103929572>,
>>> we still see that it would be beneficial to further discuss anti-fraud /
>>> IVT detection needs in the anti-fraud CG to help shape and evolve the API.
>>>
>>> Thank you,
>>>
>>> Jordan Ross
>>>
>>> Google Ad Traffic Quality
>>>
>>>
>>> On Tue, Nov 29, 2022 at 10:54 AM Brian May <bmay@dstillery.com> wrote:
>>>
>>>> I'm also not sure this group is the right home for Trust Tokens API.
>>>> While anti-fraud includes use-case to which tokens might usefully be
>>>> applied, there are presumably a number of other cases not strictly fraud
>>>> related in which tokens could be meaningfully employed. Given that, I am
>>>> concerned either the anti-fraud focus of this group will be too limiting to
>>>> the development of a general-use trust token or that interest in developing
>>>> a token that applies to a broad set of use-cases will open the scope of
>>>> this group beyond the anti-fraud domain. It seems like the Credentials
>>>> Community Group <https://www.w3.org/community/credentials/> might be a
>>>> better home Trust Tokens API with the support from this group for
>>>> developing anti-fraud specific capabilities.
>>>>
>>>> On Tue, Nov 29, 2022 at 12:06 PM Steven Valdez <svaldez@google.com>
>>>> wrote:
>>>>
>>>>> There's not a ton in the explainer that is tied to a specific version
>>>>> of privacypass, but we can update the bits that rely on the older versions
>>>>> of privacypass to point to the current draft (and updating the metadata
>>>>> discussion to reference the current available privacypass types) and note
>>>>> where we're diverging from the specification before we move it over to the
>>>>> AFCG.
>>>>>
>>>>> On Mon, Nov 28, 2022 at 3:56 PM Tommy Pauly <tpauly@apple.com> wrote:
>>>>>
>>>>>> Hi Sofía,
>>>>>>
>>>>>> I do support the anti-fraud CG having a work stream for the general
>>>>>> area of Private Tokens, to talk about the interactions build on privacy
>>>>>> pass and other similar technologies.
>>>>>>
>>>>>> I don’t think we should move over or adopt the Trust Tokens API
>>>>>> document as-is, however, until it’s either updated to work with the IETF
>>>>>> version of privacy pass or else is specifically contextualized as
>>>>>> background/historical material from previous work. I know there’s an intent
>>>>>> to re-write that document to be compatible with the current privacy pass
>>>>>> (while it’s currently referring to a pre-IETF version), and I think it
>>>>>> should be relatively straightforward to make those changes. I am concerned
>>>>>> that bringing the document over without any updates will perpetuate
>>>>>> confusion about the different layers and versions, which should all be
>>>>>> converging at this point.
>>>>>>
>>>>>> Best,
>>>>>> Tommy
>>>>>>
>>>>>> > On Nov 22, 2022, at 9:08 AM, Sofía Celi <cherenkov@riseup.net>
>>>>>> wrote:
>>>>>> >
>>>>>> > Hi all,
>>>>>> >
>>>>>> > The chairs are starting an adoption process for the Private State
>>>>>> Tokens proposal:
>>>>>> >
>>>>>> > https://github.com/WICG/trust-token-api/
>>>>>> > https://github.com/antifraudcg/proposals/issues/7
>>>>>> >
>>>>>> > Given the need for other types of privacy-preserving tokens for the
>>>>>> various capabilities being discussed in the CG, the authors are asking to
>>>>>> adopt this item as part of a more generic Private Tokens work stream,
>>>>>> discussing and developing documents for various types of privacy-preserving
>>>>>> tokens (based on privacypass and similar technology) that are useful in the
>>>>>> anti-fraud space.
>>>>>> >
>>>>>> > Please respond with any further feedback or support for the
>>>>>> document and work stream in the next two weeks (try to get your feedback in
>>>>>> by December 7th in time for the next CG meeting), and the chairs will
>>>>>> determine whether there is sufficient support for the document to adopt it
>>>>>> as an official CG work stream.
>>>>>> >
>>>>>> > Thank you,
>>>>>> > --
>>>>>> > Sofía Celi
>>>>>> > @claucece
>>>>>> > Cryptographic research and implementation at many places, specially
>>>>>> Brave.
>>>>>> > Chair of hprc at IRTF and anti-fraud at W3C.
>>>>>> > Reach me out at: cherenkov@riseup.net
>>>>>> > Website: https://sofiaceli.com/
>>>>>> > 3D0B D6E9 4D51 FBC2 CEF7  F004 C835 5EB9 42BF A1D6
>>>>>> >
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>  Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |  Cambridge,
>>>>> MA
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>> Brian May
>>>> Principal Engineer
>>>> P: (848) 272-1164
>>>>
>>>
>>
>> --
>>
>>
>> Brian May
>> Principal Engineer
>> P: (848) 272-1164
>>
>
>
> --
>
>  Steven Valdez |  Chrome Privacy Sandbox |  svaldez@google.com |  Cambridge,
> MA
>


-- 


Brian May
Principal Engineer
P: (848) 272-1164

Received on Tuesday, 6 December 2022 14:51:12 UTC