Spec: Define per-context contribution limits #164
Conversation
This change adds the web-visible `maxContributions` field, which enables some callers to request different numbers of contributions per report.
| @@ -666,6 +680,9 @@ scope</dfn> given a [=pre-specified report parameters=] |params| and a | |||
| filtering ID max bytes=]. | |||
| 1. [=Assert=]: |filteringIdMaxBytes| is [=set/contained=] in the [=valid | |||
| filtering ID max bytes range=] | |||
| 1. Let |requestedMaxContributions| be |params|' [=pre-specified report | |||
| parameters/requested max contributions=]. | |||
| 1. [=Assert=]: |requestedMaxContributions| is null or greater than zero. | |||
There was a problem hiding this comment.
It might be nice to clarify what happens when the caller asks for zero contributions. I think it should fall back to the default size.
There was a problem hiding this comment.
This would require a little refactor though. Currently, we say "a positive integer" all over the place, so I think that the caller is effectively burdened with validating positivity.
There was a problem hiding this comment.
I think it's fair for us to error out if zero is requested (similar to a context ID being too long).
| @@ -666,6 +680,9 @@ scope</dfn> given a [=pre-specified report parameters=] |params| and a | |||
| filtering ID max bytes=]. | |||
| 1. [=Assert=]: |filteringIdMaxBytes| is [=set/contained=] in the [=valid | |||
| filtering ID max bytes range=] | |||
| 1. Let |requestedMaxContributions| be |params|' [=pre-specified report | |||
| parameters/requested max contributions=]. | |||
| 1. [=Assert=]: |requestedMaxContributions| is null or greater than zero. | |||
There was a problem hiding this comment.
I think it's fair for us to error out if zero is requested (similar to a context ID being too long).
| <dfn>Maximum maxContributions</dfn> is a positive integer that defines an upper | ||
| bound on the number of contributions per [=aggregatable report=]. | ||
|
|
||
| <dfn>Valid maxContributions range</dfn> is a non-empty [=set=] of positive |
There was a problem hiding this comment.
super nit, but wondering if this is necessary to have as separate. E.g. "default maxcontributions by API" could just end "Each of the values in this map must not be greater than [=maximum maxContributions=]."
| @@ -1341,16 +1377,21 @@ WebIDL modifications {#protected-audience-api-webidl-modifications} | |||
| The {{AuctionAdConfig}} and {{AuctionAdInterestGroup}} dictionaries are | |||
| modified to add a new field: | |||
| <xmp class="idl"> | |||
| dictionary ProtectedAudiencePrivateAggregationConfig { | |||
| dictionary ProtectedAudienceAuctionPrivateAggregationConfig { | |||
There was a problem hiding this comment.
Need to rebase this PR after #166. Although as a general point -- wondering if we should make this change at the same time as we add contextId and filteringIdMaxBytes given they all require activating deterministic counts.
That being said, we'll probably want to make the Shared Storage spec changes soon
| @@ -804,6 +826,21 @@ They return a [=moment=]. | |||
|
|
|||
| </div> | |||
|
|
|||
| <div algorithm> | |||
| To <dfn>determine the effective max contributions</dfn> given a [=pre-specified | |||
There was a problem hiding this comment.
Super nit: could probably drop effective (given requested is already specified below)
| @@ -666,6 +680,9 @@ scope</dfn> given a [=pre-specified report parameters=] |params| and a | |||
| filtering ID max bytes=]. | |||
There was a problem hiding this comment.
We should probably also update "determine if a report should be sent deterministically"
(Random location as it won't let me comment on lines too far away)
This change adds the web-visible
maxContributionsfield, which enables some callers to request different numbers of contributions per report.Per-context limits are being added to the explainer in #146.
Preview | Diff