-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarification on Entities #37
Comments
I think you're reading #20 (comment) the way I intended. But the short answer is:
|
So if i understand correctly, this means that:
should probably change to:
Is that correct? |
Actually, a quick addendum: If everything goes through an SSP, I would contend that this is not how things work today. Right now, SSPs are completely blind to interest groups anyway. While encrypting can maintain that blindness, it seems like an unnecessary call or even encryption; why not just go to the DSP directly? (To be clear, this is a purely technical argument.) It doesn't seem to me that SSPs provide much value here. They're no longer able to run auctions themselves (since that all happens in the browser anyway), and there's no significant integration burden on the publisher side to work with DSPs directly. What do you think the SSPs are bringing to the table in this scenario? Why would a DSP be willing to pay an SSP's margins? (To be clear, this is purely a business argument.) |
I would add that going through the SSP for the fetch ads requests also adds multiple additional costs and technical limitations.
limitations/other notes:
If the original scope of this was to guarantee that you can't just enter bids everywhere, you can still solve this by flipping the validation between buyers and SSPs by having the SSP instead publish a file of known buyers on their network, that will validate the I'd love to understand if I'm reading this need right, as things stand at the moment it seems to me that this way of fetching ads isn't worth the extra complexity and costs that it brings. |
You're doing an excellent job of illustrating why the original explainer just said If the ads industry decides that it wants to re-shape the structure of business relationships based on these new technological capabilities, then go right ahead. (Though my recollection is that prior discussion in the web-adv BG concluded that what you're describing isn't much different than header bidding.) The only thing that matters from TURTLEDOVE's point of view is whether or not the publisher has a direct connection to the buyer; I don't care whether that buyer is a DSP or an SSP today. If the connection between the publisher and the buyer is mediated by some other entity, then we can support it using the flow I described above. That said, I suspect the SSPs of the world would object to you DSPs claiming they add no value here. To pick one example, surely publishers will still need brand safety controls that affect what kind of ads appear on their sites. Each pub maintaining that sort of configuration on every DSP individually sounds like a substantial burden. |
Hey michael, I'm not sure if the response is to me or andrew but I'm a bit confused by your reply anyway. The problem here arises from the complexity of the flow intended by TURTLEDOVE. As the document itself describes with encryption of payload, storage of encryption keys in a well known file and so on. It's unclear what value all of that complexity adds, but it's clear that it adds multiple costs and limitations. Aside from Andrew's claim on SSP/DSP value respectively, it's entirely possible for the SSP to exist and manage the relationship but not be the only entry point for all requests from a client. As mentioned this would increase latency (due to decryption and request forwarding) and decrease reliability (higher request volume and single point of failure for more functionality than for today). You state "the ads industry decides that it wants to re-shape" but, aside from the obvious remark, TURTLEDOVE is doing the re-shaping here as the SSP today is not in the line of sight of interest group modifications, that data today remains private between buyer and DSP, it's fine to put it in the browser and keep it private there, but I don't see why the SSP should be involved in this mix. |
It's probably my fault for mixing both business and technical concerns; they inform each other, but right now I do want to be more focused on the technical side. There are two main things I would like to understand better:
i) Does the SSP respond to the browser with all ii) If the SSP doesn't respond to the browser with all |
Sure, focusing on the two technical questions:
|
Hey, thanks for the answer. Your point (1) makes sense, however for the SSP to properly enforce those measures the I think this would be more efficient anyway given that in the spec case you would need to send a number of In either case both TURTLEDOVE in its current shape, or by moving the Regarding your point (2): how will the browser route the contextualSignals around if the DSP doesn't participate in the contextual bid? Does that mean that it would be mandatory for every DSP to participate in the contextual bid if they want their interest group bid to be evaluated for the given request? Seems quite heavy of a requirement given that it's not possible for the DSP to know at contextual bid time if they have ability to participate in the interest group, so it would effectively ask everyone to always participate, and the DSP would need to return a lot of results each time. |
For (1), I can picture a flow that doesn't need an extra request:
The same flow works for publisher configurations regarding DSPs, brands, etc. Regarding (2): I can imagine SSPs and DSPs inventing a variety of approaches for how to deal with contextual signals. A few possibilities are:
Note that these all differ in what happens when servers talk to each other. In other words, this is all engineering by ads companies, not by browsers. If you'd like browser support for a way that contextual signals can get from the DSP to the browser without going through the SSP, that seems straightforward — but of course the browser wouldn't tell the DSP anything about what interest groups the user is in. |
Another spitball idea for (1):
I think this implements about as much trust as exists today, but doesn't require a call to the SSP for every interest group request, but only once per ad. As for (2):
Another idea. It exposes some data, but maybe it's not particularly privacy-violating: During the contextual request, part of the package is the list of ad networks that have interest groups in the browser. From there, the SSP could filter and request |
Yup, I think your ideas for (1) and (2) here both sound reasonable. I agree that caching has risks, but it seems to me like something an SSP and DSP could make work; certainly it seems like the DSP would need to be able to specify cache lifetimes appropriately for their business needs. I have thought about your "list of ad networks" idea, and of course the worry is that it could end up being a fingerprinting vector — especially since in the current proposal, any domain could declare itself an ad network :-). But some kind of k-anonymity thresholding could help with that risk... so if contextual call-out efficiency turns out to be a hurdle, we can work on it. |
Hey Michael, |
Closing this issue as it represents past design discussion that predates more recent proposals. I believe some of this feedback was incorporated into the Protected Audience (formerly known as FLEDGE) proposal. If you feel further discussion is needed, please feel free to reopen this issue or file a new issue. |
We were having a meeting the other day, and it dawned on us that we had some confusion between us on which entities are being called in the different requests on TURTLEDOVE. We'd appreciate some clarification. With the two different interpretations we have, we see different challenges.
Entities
The TURTLEDOVE doc refers to some entities as "ad networks," for example
first-ad-network.com
andsecond-ad-network.com
. It's a little confusing what exactly these refer to. I see the breakdown as:Some entities may be a mix of these responsibilities, but for sake of argument, let's consider them separately.
On an advertiser's page, a DSP has a pixel that would add the browser to a set of interest groups. In this scenario,
first-ad-network.com
would be a DSP server. The interest group request needs to make a request tofirst-ad-network.com
, and so the interest group response (containing partial bid data) would be derived from the DSP's servers as well.Subsequently, there's the contextual request. According to the TURTLEDOVE docs:
This implies that the interest group request and contextual request call out to the same entity,
first-ad-network.com
, already defined to be a DSP. (In addition, in #20 I see in the discussion, "I was imagining that each piece of in-browser JS would receive signals from one ad network — the same ad network that wrote the JS in the first place.") However, also as described in #20:This seems to indicate that the contextual request goes to an SSP instead of a DSP.
DSP/DSP Challenge
Assuming that both requests go to the same DSP, this seems like SSPs have no fundamental role in a TURTLEDOVE world, and would instead have to pivot to being solely DSPs. It would be incumbent on DSPs to have their domains included on an as many publisher ad-network lists as possible. This seems relatively low friction to just have a publisher add a domain to a text file, so I can't really see how exchanges provide any significant value in this scenario.
Reading:
Does this mean that the DSP
dsp.com
would be able to write interest groups under SSP's namessp.com
? Even so, it still feels like a strong incentive for the DSP to create relationships with publishers directly.If it's supposed to function like this, there's another issue. The DSP
dsp.com
writes into the browser, under the SSPssp.com
domaininterest_group=www.wereallylikeshoes.com_athletic-shoes
. But then later, the browser calls:GET https://ssp.com/.well-known/fetch-ads?interest_group=www.wereallylikeshoes.com_athletic-shoes
However,
dsp.com
is the entity in generating the response. Are we expectingssp.com
to forward this request todsp.com
? Why? That seems like additional unnecessary traffic.DSP/SSP Challenge
The issue here has to do with the contextual response. Given that the bidding.js function has signature
function(adSignals, contextualSignals)
, it's unclear what the SSP would actually include in thecontextualSignals
object and how it gets passed around:Assuming that the SSP has coordinated a bunch of responses from DSPs, does the
contextualSignals
object contain data from all DSPs or some "winner(s)" that the SSP predetermines? If it contains all data, then this would seem to imply that every DSPs bidding.js would include contextual signals from all DSPs integrated with the SSP. If it only contains a subset, then not all DSP bidding.js functions can effectively execute; this is problematic because no interest group data was available during the SSP's selection, and valuable opportunities (for the DSP, SSP, advertiser, and publisher) are missed.If the
contextualSignals
object contains information that is solely derived by the SSP (without DSP input, that is), this would seem to hamper a DSP's ability to control its own bids on contextual opportunities, or really, even have control over its own bids when interest groups are involved. From a DSP's perspective, it's desirable to apply ML techniques to both the contextual and interest group requests, and have the browser combine them consistently.The documentation seems ambiguous to us. Which of these scenarios is intended, or is it neither?
The text was updated successfully, but these errors were encountered: