Private State Tokens

[dvorak42]

Following up from the presentation today, I'd like to eventually propose moving the Trust Token API work from the WICG to the Anti-Fraud CG.

Current Documents: https://github.com/WICG/trust-token-api/

I'm opening this issue for early feedback about moving the API, prior to sending out a call to adopt the work on the list.

Please provide feedback/thoughts on this issue or via the Slack.

[SpaceGnome]

What are the pros/cons from moving this from WICG to the Anti-Fraud CG?

[dvorak42]

Mostly just pros. The Anti-Fraud CG has regular meetings and can provide more feedback and direction as we clean up the API on the path to standardization and the API seems generally useful for the Anti-Fraud space.

[chris-wood]

If Trust Token is going to move, I think it needs to be updated to align with the latest Privacy Pass architecture and protocol.

[dvorak42]

Yeah, do you think that needs to happen before it is adopted by the CG, or can it be done within the CG?

From the slides, the rough plan is:

• Proposal to move Trust Token API (WICG)
• Align with PrivacyPass protocol changes.
• Build up strategies for using tokens in Anti-Fraud.
• Corresponding proposals to establish the initial fraud signal.
• Move to WG (WebAppSec?)

[chris-wood]

I think I'd prefer that happen before it's adopted by the CG, specifically because I think the CG should be focusing on defining the requirements for signals. The mechanism for presenting the signal (Trust Token built on Privacy Pass) is less interesting (to me).

[claucece]

That seems like a wonderful idea! We didn't have much time last meeting to discuss the proposals, so perhaps we can bring this up on the next one.

[dvorak42]

We'll be briefly (3-5 minutes) going through open proposals at the Anti-Fraud CG meeting this week. If you have a short 2-4 sentence summary/slide you'd like the chairs to use when representing the proposal, please attach it to this issue otherwise the chairs will give a brief overview based on the initial post.

[dvorak42]

Potentially of interest to folks who were looking at/providing feedback to this API, the Google Chrome team will be hosting office hours on it to help answer questions about the current state of the API in Chrome and resolve any gaps in understanding between the current version/documentation/use cases. Hopefully we'll be able to improve documentation and find directions where future extensions or related proposals can be extended/built.

The North America/LATAM/EMEA/APAC friendly session is happening on Wednesday March 6th at 8am-9am PST || 11am-12pm EST || 4pm-5pm GMT. A Portuguese language session is happening February 27 at 10-11 am PST.

More details and registration is available here.

If there are particular learnings/FAQs from the session that are relevant to the AFCG, we'll post them here and if there's interest ask for some time at a future AFCG meeting.