From 5afd39f51513722b967277819d0035c24b697485 Mon Sep 17 00:00:00 2001 From: Preethi Raghavan Date: Wed, 11 Dec 2024 13:36:25 -0800 Subject: [PATCH 1/3] Update AGGREGATION_SERVICE_TEE.md Updating No Duplicate rule to say that the Shared Id can't be in more than one batch even though the reports can be shared. With contribution Filtering, the filtering Id is included in the Shared ID generation. So, the reports can feature in different batches, but the Shared ID representing the disjoint data in them, can't be. --- AGGREGATION_SERVICE_TEE.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/AGGREGATION_SERVICE_TEE.md b/AGGREGATION_SERVICE_TEE.md index c3421bf2b8..36946591cc 100644 --- a/AGGREGATION_SERVICE_TEE.md +++ b/AGGREGATION_SERVICE_TEE.md @@ -96,6 +96,7 @@ throughout this proposal. * _Coordinator:_ an entity responsible for key management and aggregatable report accounting. The coordinator maintains a list of hashes of approved aggregation service configurations and configures access to decryption keys. +* _Shared ID:_ A unique identifier assigned to a group of reports in combination with [filtering IDs](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/flexible_filtering.md#proposal-filtering-id-in-the-encrypted-payload) to prevents overlap between batches of reports. This eliminates the need to track individual reports and allows for efficient privacy budget management at the group level. ## Aggregation workflow @@ -243,7 +244,7 @@ single aggregation batch (as duplicates) or in multiple batches. Because of this, the aggregation service enforces a "no duplicates" rule: * No aggregatable report can appear more than once within a batch. -* No aggregatable report can appear in more than one batch or contribute +* No Shared Id can appear in more than one batch or contribute to more than one summary report. The no-duplicates rule is enforced during aggregation. If duplicates are From 94ea5617ff17cf333c50734c004d1584d716753c Mon Sep 17 00:00:00 2001 From: Preethi Raghavan Date: Wed, 11 Dec 2024 13:42:37 -0800 Subject: [PATCH 2/3] Update AGGREGATION_SERVICE_TEE.md --- AGGREGATION_SERVICE_TEE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/AGGREGATION_SERVICE_TEE.md b/AGGREGATION_SERVICE_TEE.md index 36946591cc..fc35f20bbb 100644 --- a/AGGREGATION_SERVICE_TEE.md +++ b/AGGREGATION_SERVICE_TEE.md @@ -244,7 +244,7 @@ single aggregation batch (as duplicates) or in multiple batches. Because of this, the aggregation service enforces a "no duplicates" rule: * No aggregatable report can appear more than once within a batch. -* No Shared Id can appear in more than one batch or contribute +* No Shared ID can appear in more than one batch or contribute to more than one summary report. The no-duplicates rule is enforced during aggregation. If duplicates are @@ -255,8 +255,8 @@ found, these batches may be rejected or duplicates may be filtered out. It is not technically practical to keep track of every single aggregatable report submitted for aggregation to check for batch disjointness, that is, that batches are not overlapping. Instead, each aggregatable report will -be assigned a shared ID. This ID is generated from the combined data points: API version, reporting origin, destination site, source registration time and scheduled report time. -These data points come from the report's [shared_info](https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md#aggregatable-reports) field. +be assigned a shared ID. This ID is generated from the combined data points: API version, reporting origin, destination site, source registration time, scheduled report time, and filtering ID. +These data points come from the report's [shared_info](https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md#aggregatable-reports) field and from the job parameter in the request. The aggregation service will enforce that all aggregatable reports with the same ID must be included in the same batch. Conversely, if more than From 0b59d3a22cfe0a3e5c3b03a69dcf9f1b97f1aece Mon Sep 17 00:00:00 2001 From: Preethi Raghavan Date: Thu, 12 Dec 2024 11:09:02 -0800 Subject: [PATCH 3/3] Update AGGREGATION_SERVICE_TEE.md Co-authored-by: Andrew Paseltiner --- AGGREGATION_SERVICE_TEE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AGGREGATION_SERVICE_TEE.md b/AGGREGATION_SERVICE_TEE.md index fc35f20bbb..171b3c25fe 100644 --- a/AGGREGATION_SERVICE_TEE.md +++ b/AGGREGATION_SERVICE_TEE.md @@ -96,7 +96,7 @@ throughout this proposal. * _Coordinator:_ an entity responsible for key management and aggregatable report accounting. The coordinator maintains a list of hashes of approved aggregation service configurations and configures access to decryption keys. -* _Shared ID:_ A unique identifier assigned to a group of reports in combination with [filtering IDs](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/flexible_filtering.md#proposal-filtering-id-in-the-encrypted-payload) to prevents overlap between batches of reports. This eliminates the need to track individual reports and allows for efficient privacy budget management at the group level. +* _Shared ID:_ A unique identifier assigned to a group of reports in combination with [filtering IDs](https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/flexible_filtering.md#proposal-filtering-id-in-the-encrypted-payload) to prevent overlap between batches of reports. This eliminates the need to track individual reports and allows for efficient privacy budget management at the group level. ## Aggregation workflow