Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Naming for link attribute, report fields, and well-known locations for PCM fraud prevention with unlinkable tokens #73

Open
johnwilander opened this issue Feb 23, 2021 · 2 comments
Open

Naming for link attribute, report fields, and well-known locations for PCM fraud prevention with unlinkable tokens #73

johnwilander opened this issue Feb 23, 2021 · 2 comments
Assignees
@johnwilander
Labels
fraud prevention Related to fraud prevention layering Layering additional data and functionality on top of PCM

Comments

@johnwilander
Copy link
Collaborator

We'd like to get feedback on these name choices:

Link Attribute

attributionsourcenonce/attributionSourceNonce: This is the random nonce the click source provides so that subsequent requests for signing an unlinkable token can be done with knowledge of the context of the click even though the user has left the click source webpage.

Example: <a href="https://shop.example" attributionsourceid="55" attributeon="https://shop.example" attributionsourcenonce="ABCDEFabcdef0123456789">Link to be measured</a>

Well-Known Locations

/.well-known/private-click-measurement/sign-unlinkable-token/: This is the well-known location where the browser sends an unlinkable token together with the attribution source nonce to get a token signature.

/.well-known/private-click-measurement/get-token-public-key/: This is the well-known location where the browser fetches the public key associated with the private key used for signing tokens. Note that this key is associated with signatures that validate both unlinkable and secret tokens.

Attribution Report Fields

source_secret_token: This field in the JSON report will contain the secret token associated with the unlinkable token signed by the click source. Note that the source prefix is needed here to allow for a similar token from the attribute-on website.

source_secret_token_signature: This field in the JSON report will contain the secret token signature associated with the unlinkable token signature from the click source. Note that the source prefix is needed here to allow for a similar signature from the attribute-on website.

Example:

{
  "source_engagement_type": "click",
  "source_site": "https://news.example",
  "source_id": 55,
  "attributed_on_site": "https://shop.example",
  "trigger_data": 10,
  "source_secret_token": <encoded token>,
  "source_secret_token_signature": <encoded signature>,
  "version": 2
}
@johnwilander johnwilander self-assigned this Feb 23, 2021
@johnwilander
Copy link
Collaborator Author

Ping @csharrison, @johannhof, @eligrey, @johnivdel, and @maudnals.

@johnwilander johnwilander added fraud prevention Related to fraud prevention layering Layering additional data and functionality on top of PCM labels Feb 23, 2021
webkit-commit-queue pushed a commit to WebKit/WebKit that referenced this issue Mar 8, 2021
@johnwilander
PCM: Align fraud prevention token naming with issue 73 in the Privacy…
e07d4bb 
… CG repo

https://bugs.webkit.org/show_bug.cgi?id=222838
<rdar://75115427>

Reviewed by Brent Fulgham.

This patch doesn't change functionality and only aligns naming to this W3C Privacy CG issue:
privacycg/private-click-measurement#73

Source/WebCore:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* loader/PrivateClickMeasurement.cpp:
(WebCore::PrivateClickMeasurement::attributionReportJSON const):
(WebCore::PrivateClickMeasurement::tokenSignatureJSON const):
(WebCore::PrivateClickMeasurement::setSourceSecretToken):
(WebCore::PrivateClickMeasurement::SourceSecretToken::isValid const):
(WebCore::PrivateClickMeasurement::setSourceUnlinkableToken): Deleted.
(WebCore::PrivateClickMeasurement::SourceUnlinkableToken::isValid const): Deleted.
* loader/PrivateClickMeasurement.h:
(WebCore::PrivateClickMeasurement::setSourceUnlinkableTokenValue):
(WebCore::PrivateClickMeasurement::sourceUnlinkableToken const):
(WebCore::PrivateClickMeasurement::setSourceSecretTokenValue): Deleted.
* loader/cocoa/PrivateClickMeasurementCocoa.mm:
(WebCore::PrivateClickMeasurement::calculateAndUpdateSourceUnlinkableToken):
(WebCore::PrivateClickMeasurement::calculateAndUpdateSourceSecretToken):

Source/WebKit:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
(WebKit::ResourceLoadStatisticsDatabaseStore::buildPrivateClickMeasurementFromDatabase):
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setPCMFraudPreventionValuesForTesting):
(WebKit::NetworkProcess::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::setPCMFraudPreventionValuesForTesting):
(WebKit::NetworkSession::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/NetworkSession.h:
* NetworkProcess/PrivateClickMeasurementManager.cpp:
(WebKit::PrivateClickMeasurementManager::storeUnattributed):
(WebKit::PrivateClickMeasurementManager::getTokenPublicKey):
(WebKit::PrivateClickMeasurementManager::getSignedUnlinkableToken):
(WebKit::PrivateClickMeasurementManager::setPCMFraudPreventionValuesForTesting):
(WebKit::PrivateClickMeasurementManager::getSignedSecretToken): Deleted.
(WebKit::PrivateClickMeasurementManager::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/PrivateClickMeasurementManager.h:
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPCMFraudPreventionValuesForTesting):
(WKPageSetFraudPreventionValuesForTesting): Deleted.
    Renamed WKPageSetPCMFraudPreventionValuesForTesting() to make it more clear.
* UIProcess/API/C/WKPagePrivate.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setPCMFraudPreventionValuesForTesting):
(WebKit::WebPageProxy::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* UIProcess/WebPageProxy.h:

Tools:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* TestWebKitAPI/Tests/WebCore/PrivateClickMeasurement.cpp:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebCore/cocoa/PrivateClickMeasurementCocoa.mm:
(TestWebKitAPI::TEST):
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setPrivateClickMeasurementFraudPreventionValuesForTesting):
(WTR::TestRunner::setFraudPreventionValuesForTesting): Deleted.
* WebKitTestRunner/InjectedBundle/TestRunner.h:
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::setPCMFraudPreventionValuesForTesting):
(WTR::TestController::setFraudPreventionValuesForTesting): Deleted.
* WebKitTestRunner/TestController.h:
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

LayoutTests:

* http/tests/privateClickMeasurement/resources/fraudPreventionTestURL.php: Renamed from LayoutTests/http/tests/privateClickMeasurement/resources/signToken.php.
    The way this PHP file is used goes beyond signing tokens so it now has a generic name.
* http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt:
    Re-baselined to reflect the new naming.
* http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html:


Canonical link: https://commits.webkit.org/235022@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@274087 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Cwiiis pushed a commit to Cwiiis/webkit-deprecated that referenced this issue Mar 10, 2021
PCM: Align fraud prevention token naming with issue 73 in the Privacy…
13e341a 
… CG repo

https://bugs.webkit.org/show_bug.cgi?id=222838
<rdar://75115427>

Reviewed by Brent Fulgham.

This patch doesn't change functionality and only aligns naming to this W3C Privacy CG issue:
privacycg/private-click-measurement#73

Source/WebCore:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* loader/PrivateClickMeasurement.cpp:
(WebCore::PrivateClickMeasurement::attributionReportJSON const):
(WebCore::PrivateClickMeasurement::tokenSignatureJSON const):
(WebCore::PrivateClickMeasurement::setSourceSecretToken):
(WebCore::PrivateClickMeasurement::SourceSecretToken::isValid const):
(WebCore::PrivateClickMeasurement::setSourceUnlinkableToken): Deleted.
(WebCore::PrivateClickMeasurement::SourceUnlinkableToken::isValid const): Deleted.
* loader/PrivateClickMeasurement.h:
(WebCore::PrivateClickMeasurement::setSourceUnlinkableTokenValue):
(WebCore::PrivateClickMeasurement::sourceUnlinkableToken const):
(WebCore::PrivateClickMeasurement::setSourceSecretTokenValue): Deleted.
* loader/cocoa/PrivateClickMeasurementCocoa.mm:
(WebCore::PrivateClickMeasurement::calculateAndUpdateSourceUnlinkableToken):
(WebCore::PrivateClickMeasurement::calculateAndUpdateSourceSecretToken):

Source/WebKit:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
(WebKit::ResourceLoadStatisticsDatabaseStore::buildPrivateClickMeasurementFromDatabase):
* NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setPCMFraudPreventionValuesForTesting):
(WebKit::NetworkProcess::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/NetworkProcess.h:
* NetworkProcess/NetworkProcess.messages.in:
* NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::setPCMFraudPreventionValuesForTesting):
(WebKit::NetworkSession::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/NetworkSession.h:
* NetworkProcess/PrivateClickMeasurementManager.cpp:
(WebKit::PrivateClickMeasurementManager::storeUnattributed):
(WebKit::PrivateClickMeasurementManager::getTokenPublicKey):
(WebKit::PrivateClickMeasurementManager::getSignedUnlinkableToken):
(WebKit::PrivateClickMeasurementManager::setPCMFraudPreventionValuesForTesting):
(WebKit::PrivateClickMeasurementManager::getSignedSecretToken): Deleted.
(WebKit::PrivateClickMeasurementManager::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* NetworkProcess/PrivateClickMeasurementManager.h:
* UIProcess/API/C/WKPage.cpp:
(WKPageSetPCMFraudPreventionValuesForTesting):
(WKPageSetFraudPreventionValuesForTesting): Deleted.
    Renamed WKPageSetPCMFraudPreventionValuesForTesting() to make it more clear.
* UIProcess/API/C/WKPagePrivate.h:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setPCMFraudPreventionValuesForTesting):
(WebKit::WebPageProxy::setFraudPreventionValuesForTesting): Deleted.
    Renamed setPCMFraudPreventionValuesForTesting() to make it more clear.
* UIProcess/WebPageProxy.h:

Tools:

Naming for PCM fraud prevention is updated like this:

/.well-known/private-click-measurement/sign-secret-token/ changed to
/.well-known/private-click-measurement/sign-unlinkable-token/

/.well-known/private-click-measurement/get-unlinkable-token-public-key/ changed to
/.well-known/private-click-measurement/get-token-public-key/

source_secret_token in requests for token signature changed to source_unlinkable_token

source_unlinkable_token in attribution reports changed to source_secret_token

Variable, member, and function names are being renamed similarly.

* TestWebKitAPI/Tests/WebCore/PrivateClickMeasurement.cpp:
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebCore/cocoa/PrivateClickMeasurementCocoa.mm:
(TestWebKitAPI::TEST):
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setPrivateClickMeasurementFraudPreventionValuesForTesting):
(WTR::TestRunner::setFraudPreventionValuesForTesting): Deleted.
* WebKitTestRunner/InjectedBundle/TestRunner.h:
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::setPCMFraudPreventionValuesForTesting):
(WTR::TestController::setFraudPreventionValuesForTesting): Deleted.
* WebKitTestRunner/TestController.h:
* WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):

LayoutTests:

* http/tests/privateClickMeasurement/resources/fraudPreventionTestURL.php: Renamed from LayoutTests/http/tests/privateClickMeasurement/resources/signToken.php.
    The way this PHP file is used goes beyond signing tokens so it now has a generic name.
* http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce-expected.txt:
    Re-baselined to reflect the new naming.
* http/tests/privateClickMeasurement/store-private-click-measurement-with-source-nonce.html:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@274087 268f45cc-cd09-0410-ab3c-d52691b4dbfc
@johnwilander
Copy link
Collaborator Author

Now that we've changed the link attribute from attributeOn to attributionDestination, should we change the JSON key "attributed_on_site" to "destination_site"? It would be in harmony with "source_site".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnwilander johnwilander

Labels
fraud prevention Related to fraud prevention layering Layering additional data and functionality on top of PCM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@johnwilander