-
Notifications
You must be signed in to change notification settings - Fork 237
/
spec.bs
8980 lines (8004 loc) · 497 KB
/
spec.bs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<pre class="metadata">
Title: Protected Audience (formerly FLEDGE)
Shortname: protected-audience
Repository: WICG/turtledove
Inline Github Issues: true
Group: WICG
Status: CG-DRAFT
Level: 1
URL: https://wicg.github.io/turtledove/
Boilerplate: omit conformance, omit feedback-header
Editor: Paul Jensen, Google https://www.google.com/, [email protected]
Abstract: Provides a privacy advancing API to facilitate interest group based advertising.
!Participate: <a href="https://github.com/WICG/turtledove">GitHub WICG/turtledove</a> (<a href="https://github.com/WICG/turtledove/issues/new">new issue</a>, <a href="https://github.com/WICG/turtledove/issues?state=open">open issues</a>)
!Commits: <a href="https://github.com/WICG/turtledove/commits/main/spec.bs">GitHub spec.bs commits</a>
Complain About: accidental-2119 yes, missing-example-ids yes
Indent: 2
Default Biblio Status: current
Markup Shorthands: markdown yes
Assume Explicit For: yes
</pre>
<pre class="anchors">
urlPrefix: https://fetch.spec.whatwg.org/; spec: Fetch
type: dfn
text: HTTP-network-or-cache fetch; url: #concept-http-network-or-cache-fetch
text: task destination; for: fetch params; url: fetch-params-task-destination
urlPrefix: https://www.ietf.org/rfc/rfc4122.txt
type: dfn; text: urn uuid
type: dfn; text: string representation
type: dfn; text: version 4 UUID
urlPrefix: https://tc39.github.io/ecma262/#; spec: ECMASCRIPT
type: abstract-op
text: ToString; url: sec-tostring
urlPrefix: https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonymity_server.md
type: dfn; text: k-anonymity; url: what-is-k-anonymity
urlPrefix: https://developer.chrome.com/en/docs/privacy-sandbox/glossary/
type: dfn; text: ad creative; url: ad-creative
spec: RFC4648; urlPrefix: https://datatracker.ietf.org/doc/html/rfc4648
type: dfn; text: base64url; url: section-5
spec: RFC6234; urlPrefix: https://www.ietf.org/rfc/rfc6234.txt
type: dfn; text: SHA-256
urlPrefix: https://datatracker.ietf.org/doc/html/rfc8032
type: dfn
text: verify; url: section-5.1.7
urlPrefix: https://datatracker.ietf.org/doc/html/rfc3986
type:dfn
text: unreserved percent encoding character; url: section-2.3
spec: html; urlPrefix: https://html.spec.whatwg.org/C
type: dfn
text: create an agent; url: create-an-agent
text: immediately; url: immediately
text: valid floating-point number; url: valid-floating-point-number
text: serialization; for: origin; url: browsers.html#ascii-serialisation-of-an-origin
text: structured clone algorithm; url: dom-structuredclone
spec: infra; urlPrefix: https://infra.spec.whatwg.org/
type: dfn
text: convert an Infra value to a JSON-compatible JavaScript value; url: #convert-an-infra-value-to-a-json-compatible-javascript-value
spec: RFC8941; urlPrefix: https://httpwg.org/specs/rfc8941.html
type: dfn
text: structured header; url: top
for: structured header
text: boolean; url: boolean
text: integer; url: integer
text: list; url: list
text: string; url: string
spec: WebAssembly; urlPrefix: https://webassembly.github.io/spec/core/
type: dfn
urlPrefix: appendix/embedding.html
text: error; url: embed-error
spec: WebAssembly-js-api; urlPrefix: https://webassembly.github.io/spec/js-api/
type: dfn
text: compiling a WebAssembly module; url: #compile-a-webassembly-module
spec: WebAssembly-web-api; urlPrefix: https://webassembly.github.io/spec/web-api/
type: dfn
text: compiling a potential WebAssembly response; url: #compile-a-potential-webassembly-response
spec: WebIDL; urlPrefix: https://webidl.spec.whatwg.org/
type: dfn
text: convert a Web IDL arguments list to an ECMAScript arguments list; url: #web-idl-arguments-list-converting
text:an exception was thrown
spec: Fenced Frame; urlPrefix: https://wicg.github.io/fenced-frame/
type: dfn
for: browsing context
text: fenced frame config instance; url: #browsing-context-fenced-frame-config-instance
spec: private-aggregation-api; urlPrefix: https://patcg-individual-drafts.github.io/private-aggregation-api
type: dfn
text: private-aggregation; url: #private-aggregation
text: debug details; url: #debug-details
text: debug-details-enabled; url: #debug-details-enabled
text: debug-details-key; url: #debug-details-key
text: aggregation coordinator; url: #aggregation-coordinator
text: default aggregation coordinator; url: #default-aggregation-coordinator
text: privateaggregation; url: #privateaggregation
text: batching scope; url: #batching-scope
text: debug scope; url: #debug-scope
text: scoping details; url: #scoping-details
text: contribution cache entry; url: #contribution-cache-entry
text: contribution cache; url: #contribution-cache
text: default filtering id max bytes; url: #default-filtering-id-max-bytes
spec: Shared Storage API; urlPrefix: https://wicg.github.io/shared-storage
type: dfn
text: shared-storage; url: #permissionspolicy-shared-storage
text: shared-storage-select-url; url: #permissionspolicy-shared-storage-select-url
spec: CSP; urlPrefix: https://w3c.github.io/webappsec-csp/
type: dfn
text: directive name; url: directive-name
text: directive value; url: directive-value
spec: CSPEE; urlPrefix: https://w3c.github.io/webappsec-cspee/
type: dfn
text: required csp; url: browsing-context-required-csp
</pre>
<pre class=link-defaults>
spec:encoding; type:dfn; text:utf-8
spec:infra; type:dfn; text:user agent
</pre>
<style>
/* Put nice boxes around each algorithm. */
[data-algorithm]:not(.heading) {
padding: .5em;
border: thin solid #ddd; border-radius: .5em;
margin: .5em calc(-0.5em - 1px);
}
[data-algorithm]:not(.heading) > :first-child {
margin-top: 0;
}
[data-algorithm]:not(.heading) > :last-child {
margin-bottom: 0;
}
[data-algorithm] [data-algorithm] {
margin: 1em 0;
}
dl { padding-left: 1em; }
/* domintro from https://resources.whatwg.org/standard.css */
.domintro {
position: relative;
color: green;
background: #DDFFDD;
margin: 2.5em 0 2em 0;
padding: 1.5em 1em 0.5em 2em;
}
.domintro dt, .domintro dt * {
color: black;
font-size: inherit;
}
.domintro dd {
margin: 0.5em 0 1em 2em; padding: 0;
}
.domintro dd p {
margin: 0.5em 0;
}
.domintro::before {
content: 'For web developers (non-normative)';
background: green;
color: white;
padding: 0.15em 0.25em;
font-style: normal;
position: absolute;
top: -0.8em;
left: -0.8em;
}
</style>
# Introduction # {#intro}
*This section is non-normative.*
The Protected Audience API facilitates selecting an advertisement to display to a user based on a
previous interaction with the advertiser or advertising network.
When a user's interactions with an advertiser indicate an interest in something, the advertiser can
ask the browser to record this interest on-device by calling
{{Window/navigator}}.{{Navigator/joinAdInterestGroup()}}. Later, when a website wants to select an
advertisement to show to the user, the website can call
{{Window/navigator}}.{{Navigator/runAdAuction()}} to ask the browser to conduct an
<dfn>auction</dfn> where each of these on-device recorded interests are given the chance to
calculate a bid to display their advertisement.
<h2 id="joining-interest-groups">Joining Interest Groups</h2>
*This first introductory paragraph is non-normative.*
When a user's interactions with a website indicate that the user may have a particular interest, an
advertiser or someone working on behalf of the advertiser (e.g. a demand side platform, DSP) can ask
the user's browser to record this interest on-device by calling
{{Window/navigator}}.{{Navigator/joinAdInterestGroup()}}. This indicates an intent to display an
advertisement relevant to this interest to this user in the future. The [=user agent=] has an
<dfn>interest group set</dfn>, a [=list=] of [=interest groups=] in which
[=interest group/owner=] / [=interest group/name=] pairs are unique.
<h3 id="join-ad-interest-groups">joinAdInterestGroup()</h3>
Issue: TODO: Currently, several of the IDL fields in {{AuctionAdInterestGroup}} are specified to use
USVString rather than DOMString, only because the initial implementation currently does. This may
contradict <a href="https://webidl.spec.whatwg.org/#idl-USVString">the recommended use of
DOMString</a>.
(<a href="https://github.com/WICG/turtledove/issues/1250">WICG/turtledove#1250</a>)
<xmp class="idl">
[SecureContext]
partial interface Navigator {
Promise<undefined> joinAdInterestGroup(AuctionAdInterestGroup group);
};
dictionary AuctionAd {
required USVString renderURL;
USVString sizeGroup;
any metadata;
USVString buyerReportingId;
USVString buyerAndSellerReportingId;
sequence<USVString> selectableBuyerAndSellerReportingIds;
sequence<USVString> allowedReportingOrigins;
DOMString adRenderId;
};
dictionary AuctionAdInterestGroupSize {
required USVString width;
required USVString height;
};
dictionary GenerateBidInterestGroup {
required USVString owner;
required USVString name;
boolean enableBiddingSignalsPrioritization = false;
record<DOMString, double> priorityVector;
record<USVString, sequence<DOMString>> sellerCapabilities;
DOMString executionMode = "compatibility";
USVString biddingLogicURL;
USVString biddingWasmHelperURL;
USVString updateURL;
USVString trustedBiddingSignalsURL;
sequence<USVString> trustedBiddingSignalsKeys;
DOMString trustedBiddingSignalsSlotSizeMode = "none";
long maxTrustedBiddingSignalsURLLength;
any userBiddingSignals;
sequence<AuctionAd> ads;
sequence<AuctionAd> adComponents;
record<DOMString, AuctionAdInterestGroupSize> adSizes;
record<DOMString, sequence<DOMString>> sizeGroups;
};
dictionary ProtectedAudiencePrivateAggregationConfig {
USVString aggregationCoordinatorOrigin;
};
dictionary AuctionAdInterestGroup : GenerateBidInterestGroup {
double priority = 0.0;
record<DOMString, double> prioritySignalsOverrides;
required double lifetimeMs;
DOMString additionalBidKey;
ProtectedAudiencePrivateAggregationConfig privateAggregationConfig;
};
</xmp>
{{AuctionAdInterestGroup}} is used by {{Window/navigator}}.{{Navigator/joinAdInterestGroup()}}, and
when an interest group is stored to [=interest group set=].
`priority` and `prioritySignalsOverrides` are not passed to `generateBid()` because they can be
modified by `generatedBid()` calls, so could theoretically be used to create a cross-site profile of
a user accessible to `generateBid()` methods, otherwise. `lifetimeMs` is not passed to `generateBid()`
because it's ambiguous what should be passed: the lifetime when the group was joined, or the
remaining lifetime. Providing the remaining lifetime would also potentially give access to more
granular timing information than the API would otherwise allow, when state is shared across interest
groups.
<div algorithm="joinAdInterestGroup()">
The <dfn for=Navigator method>joinAdInterestGroup(|group|)</dfn> method steps are:
<div class="note">
Temporarily, Chromium does not include the <a for="dictionary member"><span class="allow-2119">required</span></a> keyword
for {{AuctionAdInterestGroup/lifetimeMs}}, and instead starts this algorithm with the step
1. If |group|["{{AuctionAdInterestGroup/lifetimeMs}}"] does not [=map/exist=], throw a {{TypeError}}.
This is detectable because it can change the set of fields that are read from the argument when a
{{TypeError}} is eventually thrown, but it will never change whether the call succeeds or fails.
</div>
1. Let |global| be [=this=]'s [=relevant global object=].
1. If |global|'s [=associated Document=] is not [=allowed to use=] the "[=join-ad-interest-group=]"
[=policy-controlled feature=], then [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}.
1. Let |settings| be [=this=]'s [=relevant settings object=].
1. [=Assert=] that |settings|'s [=environment settings object/origin=] is not an [=opaque origin=]
and its [=origin/scheme=] is "`https`".
1. Let |interestGroup| be a new [=interest group=].
1. Validate the given |group| and set |interestGroup|'s fields accordingly.
1. Set |interestGroup|'s [=interest group/expiry=] to the [=current coarsened wall time=] plus
|group|["{{AuctionAdInterestGroup/lifetimeMs}}"] milliseconds.
1. Set |interestGroup|'s [=interest group/next update after=] to the [=current coarsened wall
time=] plus 24 hours.
1. Set |interestGroup|'s [=interest group/last updated=] to the [=current coarsened wall time=].
1. Set |interestGroup|'s [=interest group/owner=] to the result of [=parsing an https origin=] on
|group|["{{GenerateBidInterestGroup/owner}}"].
1. If |interestGroup|'s [=interest group/owner=] is failure, then [=exception/throw=] a {{TypeError}}.
1. Optionally, [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}.
Note: This [=implementation-defined=] condition is intended to allow [=user agents=] to decline
for a number of reasons, for example the [=interest group/owner=]'s [=site=] not being
<a href="https://github.com/privacysandbox/attestation">enrolled</a>.
1. Set |interestGroup|'s [=interest group/name=] to |group|["{{GenerateBidInterestGroup/name}}"].
1. Set |interestGroup|'s [=interest group/priority=] to
|group|["{{AuctionAdInterestGroup/priority}}"].
1. Set |interestGroup|'s [=interest group/enable bidding signals prioritization=] to
|group|["{{GenerateBidInterestGroup/enableBiddingSignalsPrioritization}}"].
1. If |group|["{{GenerateBidInterestGroup/priorityVector}}"] [=map/exists=], then set
|interestGroup|'s [=interest group/priority vector=] to
|group|["{{GenerateBidInterestGroup/priorityVector}}"].
1. If |group|["{{AuctionAdInterestGroup/prioritySignalsOverrides}}"] [=map/exists=], then set
|interestGroup|'s [=interest group/priority signals overrides=] to
|group|["{{AuctionAdInterestGroup/prioritySignalsOverrides}}"].
1. If |group|["{{AuctionAdInterestGroup/privateAggregationConfig}}"] [=map/exists=]:
1. Let |aggregationCoordinator| be the result of [=obtaining the coordinator from a Private
Aggregation config=] given |group|["{{AuctionAdInterestGroup/privateAggregationConfig}}"].
1. If |aggregationCoordinator| is a {{DOMException}}, then [=exception/throw=]
|aggregationCoordinator|.
1. Set |interestGroup|'s [=interest group/Private Aggregation coordinator=] to
|aggregationCoordinator|.
1. If |group|["{{GenerateBidInterestGroup/sellerCapabilities}}"] [=map/exists=], [=map/for each=]
|sellerString| → |capabilities| of |group|["{{GenerateBidInterestGroup/sellerCapabilities}}"]:
1. Let |sellerCapabilities| be a new [=set=] of [=seller capabilities=].
1. [=list/For each=] |capabilityString| of |capabilities|:
1. If |capabilityString| is "`interest-group-counts`" or "`latency-stats`", then
[=set/append=] |capabilityString| to |sellerCapabilities|.
Note: For forward compatibility with new values, don't [=exception/throw=].
1. If |sellerString| is "`*`", then set |interestGroup|'s
[=interest group/all sellers capabilities=] to |sellerCapabilities|.
1. Otherwise:
1. If |interestGroup|'s [=interest group/seller capabilities=] is null, then set
|interestGroup|'s [=interest group/seller capabilities=] to a new [=ordered map=] whose
[=map/keys=] are [=origins=] and whose [=map/values=] are [=sets=] of [=seller capabilities=].
1. Let |sellerUrl| be the result of running the [=URL parser=] on |sellerString|.
1. If |sellerUrl| is not failure:
1. Let |seller| be |sellerUrl|'s [=url/origin=].
1. If |interestGroup|'s [=interest group/seller capabilities=] does not [=map/contain=]
|seller|, then [=map/set=] |interestGroup|'s
[=interest group/seller capabilities=][|seller|] to |sellerCapabilities|.
1. If |group|["{{GenerateBidInterestGroup/executionMode}}"] is "`compatibility`",
"`frozen-context`", or "`group-by-origin`", then set |interestGroup|'s
[=interest group/execution mode=] to it.
1. For each |groupMember| and |interestGroupField| in the following table
<table class="data">
<thead><tr><th>Group member</th><th>Interest group field</th></tr></thead>
<tr>
<td>"{{GenerateBidInterestGroup/biddingLogicURL}}"</td>
<td>[=interest group/bidding url=]</td>
</tr>
<tr>
<td>"{{GenerateBidInterestGroup/biddingWasmHelperURL}}"</td>
<td>[=interest group/bidding wasm helper url=]</td>
</tr>
<tr>
<td>"{{GenerateBidInterestGroup/updateURL}}"</td>
<td>[=interest group/update url=]</td>
</tr>
</table>
1. If |group| [=map/contains=] |groupMember|:
1. Let |parsedUrl| be the result of running [=parse and verify a bidding code or update URL=]
on |group|[|groupMember|] and |interestGroup|'s [=interest group/owner=].
1. If |parsedUrl| is failure, then [=exception/throw=] a {{TypeError}}.
1. Set |interestGroup|'s |interestGroupField| to |parsedUrl|.
1. If |group|["{{GenerateBidInterestGroup/trustedBiddingSignalsURL}}"] [=map/exists=]:
1. Let |parsedUrl| be the result of running [=parse and verify a trusted signals URL=] on
|group|[{{GenerateBidInterestGroup/trustedBiddingSignalsURL}}].
1. If |parsedUrl| is failure, then [=exception/throw=] a {{TypeError}}.
1. Set |interestGroup|'s [=interest group/trusted bidding signals url=] to |parsedUrl|.
1. If |group|["{{GenerateBidInterestGroup/trustedBiddingSignalsKeys}}"] [=map/exists=], then set
|interestGroup|'s [=interest group/trusted bidding signals keys=] to
|group|["{{GenerateBidInterestGroup/trustedBiddingSignalsKeys}}"].
1. If |group|["{{GenerateBidInterestGroup/maxTrustedBiddingSignalsURLLength}}"] [=map/exists=]:
1. If |group|["{{GenerateBidInterestGroup/maxTrustedBiddingSignalsURLLength}}"] ≥ 0, set
|interestGroup|'s [=interest group/max trusted bidding signals url length=] to
|group|["{{GenerateBidInterestGroup/maxTrustedBiddingSignalsURLLength}}"], otherwise
[=exception/throw=] a {{TypeError}}.
1. If |group|["{{GenerateBidInterestGroup/userBiddingSignals}}"] [=map/exists=]:
1. Set |interestGroup|'s [=interest group/user bidding signals=] to the result of
[=serializing a JavaScript value to a JSON string=], given
|group|["{{GenerateBidInterestGroup/userBiddingSignals}}"]. This can [=exception/throw=] a
{{TypeError}}.
1. If |group|["{{GenerateBidInterestGroup/trustedBiddingSignalsSlotSizeMode}}"] is one of "none",
"slot-size", or "all-slots-requested-sizes", set |interestGroup|'s
[=interest group/trusted bidding signals slot size mode=] to
|group|["{{GenerateBidInterestGroup/trustedBiddingSignalsSlotSizeMode}}"].
1. Let |adSizes| be a new [=map=] whose [=map/keys=] are [=strings=] and [=map/values=] are
[=ad sizes=].
1. If |group|["{{GenerateBidInterestGroup/adSizes}}"] [=map/exists=]:
1. [=map/For each=] |sizeName| → |size| of |group|["{{GenerateBidInterestGroup/adSizes}}"]:
1. If |sizeName| is "", [=exception/throw=] a {{TypeError}}.
1. Let |parsedSize| be the result from running [=parse an AdRender ad size=] with |size|.
1. If |parsedSize| is null, [=exception/throw=] a {{TypeError}}.
1. [=map/Set=] |adSizes|[|sizeName|] to |parsedSize|.
1. Set |interestGroup|'s [=interest group/ad sizes=] to |adSizes|.
1. Let |sizeGroups| be a new [=map=] whose [=map/keys=] are [=strings=] and [=map/values=]
are [=lists=] of [=strings=]
1. If |group|["{{GenerateBidInterestGroup/sizeGroups}}"] [=map/exists=]:
1. [=map/For each=] |sizeGroupName| → |sizeList| of
|group|["{{GenerateBidInterestGroup/sizeGroups}}"]:
1. If |sizeGroupName| is "", [=exception/throw=] a {{TypeError}}.
1. [=list/For each=] |sizeName| of |sizeList|:
1. If |sizeName| is "" or |adSizes|[|sizeName|] does not [=map/exist=],
[=exception/throw=] a {{TypeError}}.
1. [=map/Set=] |sizeGroups|[|sizeGroupName|] to |sizeList|.
1. Set |interestGroup|'s [=interest group/size groups=] to |sizeGroups|.
1. For each |groupMember| and |interestGroupField| in the following table
<table class="data">
<thead><tr><th>Group member</th><th>Interest group field</th></tr></thead>
<tr>
<td>"{{GenerateBidInterestGroup/ads}}"</td>
<td>[=interest group/ads=]</td>
</tr>
<tr>
<td>"{{GenerateBidInterestGroup/adComponents}}"</td>
<td>[=interest group/ad components=]</td>
</tr>
</table>
1. If |group| [=map/contains=] |groupMember|, [=list/for each=] |ad| of |group|[|groupMember|]:
1. Let |igAd| be a new [=interest group ad=].
1. Let |renderURL| be the result of running the [=URL parser=] on
|ad|["{{AuctionAd/renderURL}}"].
1. [=exception/Throw=] a {{TypeError}} if any of the following conditions hold:
* |renderURL| is failure;
* |renderURL| [=url/scheme=] is not "`https`";
* |renderURL| [=includes credentials=].
1. Set |igAd|'s [=interest group ad/render url=] to |renderURL|.
1. If |ad|["{{AuctionAd/sizeGroup}}"] [=map/exists=]:
1. Let |sizeGroup| be |ad|["{{AuctionAd/sizeGroup}}}].
1. [=exception/Throw=] a {{TypeError}} if none of the following conditions hold:
* |adSizes|[|sizeGroup|] [=map/exists=].
* |sizeGroups|[|sizeGroup|] [=map/exists=].
1. Set |igAd|'s [=interest group ad/size group=] to |sizeGroup|.
1. If |ad|["{{AuctionAd/metadata}}"] [=map/exists=], then let
|igAd|'s [=interest group ad/metadata=] be the result of
[=serializing a JavaScript value to a JSON string=], given |ad|["{{AuctionAd/metadata}}"].
This can [=exception/throw=] a {{TypeError}}.
1. If |ad|["{{AuctionAd/adRenderId}}"] [=map/exists=]:
1. If |ad|["{{AuctionAd/adRenderId}}"]'s [=string/length=] > 12, [=exception/throw=] a {{TypeError}}.
1. If any [=code point=] in |ad|["{{AuctionAd/adRenderId}}"] is not an [=ASCII code point=], [=exception/throw=] a {{TypeError}}.
1. Set |igAd|'s [=interest group ad/ad render id=] to |ad|["{{AuctionAd/adRenderId}}"].
1. If |groupMember| is "{{GenerateBidInterestGroup/ads}}":
1. If |ad|["{{AuctionAd/buyerReportingId}}"] [=map/exists=], then set
|igAd|'s [=interest group ad/buyer reporting ID=] to it.
1. If |ad|["{{AuctionAd/buyerAndSellerReportingId}}"] [=map/exists=],
then set |igAd|'s [=interest group ad/buyer and seller reporting ID=] to it.
1. If |ad|["{{AuctionAd/selectableBuyerAndSellerReportingIds}}"] [=map/exists=],
then set |igAd|'s [=interest group ad/selectable buyer and seller reporting IDs=] to it.
1. If |ad|["{{AuctionAd/allowedReportingOrigins}}"] [=map/exists=]:
1. Let |allowedReportingOrigins| be a new [=list=] of [=origins=].
1. [=list/For each=] |originStr| in |ad|["{{AuctionAd/allowedReportingOrigins}}"]:
1. Let |origin| be the result of [=parsing an https origin=] on |originStr|.
1. If |origin| is failure, then [=exception/throw=] a {{TypeError}}.
1. [=list/Append=] |origin| to |allowedReportingOrigins|.
1. If |allowedReportingOrigins|'s [=list/size=] > 10, [=exception/throw=]
a {{TypeError}}.
1. Set |igAd|'s [=interest group ad/allowed reporting origins=] to |allowedReportingOrigins|.
1. [=list/Append=] |igAd| to |interestGroup|'s |interestGroupField|.
1. If |group|["{{AuctionAdInterestGroup/additionalBidKey}}"] [=map/exists=]:
1. Let |decodedKey| be the result of running [=forgiving-base64 decode=] with
|group|["{{AuctionAdInterestGroup/additionalBidKey}}"].
1. [=exception/Throw=] a {{TypeError}} if any of the following conditions hold:
* |decodedKey| is a failure;
* |decodedKey|'s [=byte sequence/length=] is not 32;
* |group|["{{GenerateBidInterestGroup/ads}}"] [=map/exists=];
* |group|["{{GenerateBidInterestGroup/updateURL}}"] [=map/exists=].
1. Set |interestGroup|'s [=interest group/additional bid key=] to |decodedKey|.
1. If |interestGroup|'s [=interest group/estimated size=] > 1048576 bytes, then [=exception/throw=] a
{{TypeError}}.
1. Let |p| be [=a new promise=].
1. Let |queue| be the result of [=starting a new parallel queue=].
1. [=parallel queue/enqueue steps|Enqueue the following steps=] to |queue|:
1. Let |permission| be the result of [=checking interest group permissions=] with
|interestGroup|'s [=interest group/owner=], |settings|, and "`join`".
1. If |permission| is false, then [=queue a global task=] on [=DOM manipulation task source=],
given |global|, to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort these
steps.
1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=] |p|
with `undefined`.
1. If the browser is currently storing an interest group with `owner` and `name` that matches
|interestGroup|, then set the [=interest group/bid counts=],
[=interest group/join counts=], and [=interest group/previous wins=] of
|interestGroup| to the values of the currently stored one and remove
the currently stored one from the browser.
1. Set |interestGroup|'s [=interest group/joining origin=] to [=this=]'s
[=relevant settings object=]'s [=environment/top-level origin=].
1. Set |interestGroup|'s [=interest group/join time=] to the [=current coarsened wall time=].
1. If the most recent entry in |interestGroup|'s [=interest group/join counts=] corresponds to
the current day in UTC, increment its count. If not, [=list/insert=] a new [=tuple=]
the time set to the current UTC day and a count of 1.
1. Store |interestGroup| in the [=user agent=]'s [=interest group set=].
1. Run [=update k-anonymity cache for interest group=] for |interestGroup|.
1. Return |p|.
</div>
<h3 id="interest-group-storage-maintenance">Interest Group Storage Maintenance</h3>
There is a job that periodically [=performs storage maintenance=] on the [=user agent=]'s
[=interest group set=]. It performs operations such as [=list/removing=] expired or excess
[=interest groups=]. An [=interest group set=] must respect the following limits. Implementations
may define their own values for the below constants, however we supply the below values as a
starting point, inspired by what the initial implementation of this specification uses:
* <dfn>Interest group set max owners</dfn> is 1000, which defines the max number of
[=interest group/owners=] in the [=user agent=]'s [=interest group set=].
* <dfn>Max regular interest groups per owner</dfn> is 2000, which defines the max number of
[=regular interest groups=] in the [=user agent=]'s [=interest group set=] for an
[=interest group/owner=].
* <dfn>Max negative interest groups per owner</dfn> is 20000, which defines the max number of
[=negative interest groups=] in the [=user agent=]'s [=interest group set=] for an
[=interest group/owner=].
* <dfn>Max interest groups total size per owner</dfn> is <code>10\*1024\*1024</code>, which
defines the max total [=interest group/estimated size|sizes=] of [=interest groups=] in the
[=user agent=]'s [=interest group set=] for an [=interest group/owner=]. It includes both
[=regular interest groups=] and [=negative interest groups=].
<div algorithm>
To <dfn>perform storage maintenance</dfn>:
1. Let |ownersAndExpiry| be a new [=ordered map=] whose [=map/keys=] are [=origins=] and
[=map/values=] are [=moments=].
Note: The [=map/key=] is from [=interest group/owner=], and [=map/value=] is from
[=interest group/expiry=]. It's used to determine a set of [=interest group/owners=] whose
[=interest groups=] will be removed from the [=user agent=]'s [=interest group set=] because the
number of distinct [=interest group/owners=] exceeds the [=Interest group set max owners=] limit.
It's sorted based on their [=map/values=] ([=interest group/expiry=]) in descending order, in
order to remove [=interest groups=] of [=interest group/owners=] expiring soonest first.
1. Let |now| be the [=current coarsened wall time=].
1. [=list/For each=] |ig| of the [=user agent=]'s [=interest group set=]:
1. Let |owner| be |ig|'s [=interest group/owner=].
1. If |ig|'s [=interest group/expiry=] is before |now|, then [=list/remove=] |ig| from the
[=user agent=]'s [=interest group set=] and [=iteration/continue=].
1. If |ownersAndExpiry|[|owner|] [=map/exists=], then [=map/set=] |ownersAndExpiry|[|owner|] to
|ig|'s [=interest group/expiry=] if it comes after |ownersAndExpiry|[|owner|].
1. Otherwise, [=map/set=] |ownersAndExpiry|[|owner|] to |ig|'s [=interest group/expiry=].
1. If |ownersAndExpiry|'s [=map/size=] > [=interest group set max owners=], then [=map/set=]
|ownersAndExpiry| to |ownersAndExpiry| [=map/sorted in descending order=] with |a| being less than
|b| if |a|'s [=map/value=] comes before |b|'s [=map/value=], where [=map/values=] are
[=interest group/expiry=].
1. Let |owners| be the [=map/get the keys|keys=] of |ownersAndExpiry|.
1. [=list/For each=] |i| in [=the range=] from 0 to |owners|'s [=set/size=], exclusive:
1. If |i| ≥ [=interest group set max owners=], then [=list/remove=] [=interest groups=] from
the [=user agent=]'s [=interest group set=] whose [=interest group/owner=] is |owners|[|i|], and
[=iteration/continue=].
1. Let |regularIgs| be a [=list=] of [=regular interest groups=] in the [=user agent=]'s
[=interest group set=] whose [=interest group/owner=] is |owners|[|i|].
1. If |regularIgs|'s [=list/size=] > [=max regular interest groups per owner=], then
[=clear excess interest groups=] with |regularIgs| and [=max regular interest groups per owner=].
1. Let |negativeIgs| be a [=list=] of [=negative interest groups=] in the [=user agent=]'s
[=interest group set=] whose [=interest group/owner=] is |owners|[|i|].
1. If |negativeIgs|'s [=list/size=] > [=max negative interest groups per owner=], then
[=clear excess interest groups=] with |negativeIgs| and [=max negative interest groups per owner=].
1. [=list/For each=] |owner| of |owners|:
1. Let |igs| be a [=list=] of [=interest groups=] in the [=user agent=]'s [=interest group set=]
whose [=interest group/owner=] is |owner|, [=list/sorted in descending order=] with |a| being
less than |b| if |a|'s [=interest group/expiry=] comes before |b|'s [=interest group/expiry=].
1. Let |cumulativeSize| be 0.
1. [=list/For each=] |ig| of |igs|:
1. If the sum of |cumulativeSize| and |ig|'s [=interest group/estimated size=]
> [=max interest groups total size per owner=], then [=list/remove=] |ig| from the
[=user agent=]'s [=interest group set=].
1. Otherwise, increment |cumulativeSize| by |ig|'s [=interest group/estimated size=].
</div>
<div algorithm>
To <dfn>clear excess interest groups</dfn> with a [=list=] of [=interest groups=] |igs|, and an
integer |maxIgs|:
1. Let |sortedIgs| be |igs| [=list/sorted in descending order=] with |a| being less
than |b| if |a|'s [=interest group/expiry=] comes before |b|'s [=interest group/expiry=].
Note: In order to remove interest groups expiring soonest first, sort interest groups based on
their expiry in descending order.
1. [=list/For each=] |i| in [=the range=] from |maxIgs| to |igs|'s [=list/size=], exclusive:
1. [=list/Remove=] |sortedIgs|[|i|] from the [=user agent=]'s [=interest group set=].
</div>
<h2 id="leaving-interest-groups">Leaving Interest Groups</h2>
<h3 id="leaveadinterestgroup">leaveAdInterestGroup()</h3>
*This first introductory paragraph is non-normative.*
{{Window/navigator}}.{{Navigator/leaveAdInterestGroup()}} removes a user from a particular interest
group.
<xmp class="idl">
[SecureContext]
partial interface Navigator {
Promise<undefined> leaveAdInterestGroup(optional AuctionAdInterestGroupKey group = {});
};
dictionary AuctionAdInterestGroupKey {
required USVString owner;
required USVString name;
};
</xmp>
<div algorithm>
The <dfn for=Navigator method>leaveAdInterestGroup(group)</dfn> method steps are:
1. Let |global| be [=this=]'s [=relevant global object=].
1. Let |settings| be [=this=]'s [=relevant settings object=].
1. Let |frameOrigin| be |settings|'s [=environment settings object/origin=].
1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`".
1. Let |p| be [=a new promise=].
1. If |group| [=map/is empty=]:
1. Let |instance| be |global|'s [=Window/browsing context=]'s
[=browsing context/fenced frame config instance=].
1. If |instance| is null, then return.
1. Let |interestGroup| be |instance|'s [=fenced frame config instance/interest group descriptor=].
1. Run these steps [=in parallel=]:
1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=]
|p| with `undefined`.
1. If |interestGroup| is not null:
1. Let |owner| be |interestGroup|'s [=interest group descriptor/owner=].
1. If |owner| is [=same origin=] with |frameOrigin|, then [=list/remove=] [=interest groups=]
from the [=user agent=]'s [=interest group set=] whose [=interest group/owner=] is |owner| and
[=interest group/name=] is |interestGroup|'s [=interest group descriptor/name=].
1. Otherwise:
1. If |global|'s [=associated Document=] is not [=allowed to use=] the
"[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a
"{{NotAllowedError}}" {{DOMException}}.
Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature.
1. Let |owner| be the result of [=parsing an https origin=] with
|group|["{{AuctionAdInterestGroupKey/owner}}"].
1. If |owner| is failure, [=exception/throw=] a {{TypeError}}.
1. Run these steps [=in parallel=]:
1. Let |permission| be the result of [=checking interest group permissions=] with |owner|,
|settings|, and "`leave`".
1. If |permission| is false, then [=queue a global task=] on [=DOM manipulation task source=],
given |global|, to [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort
these steps.
1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=]
|p| with `undefined`.
1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=] whose
[=interest group/owner=] is |owner| and [=interest group/name=] is
|group|["{{AuctionAdInterestGroupKey/name}}"].
1. Return |p|.
</div>
<h3 id="clearoriginjoinedAdInterestGroups">clearOriginJoinedAdInterestGroups()</h3>
*This first introductory paragraph is non-normative.*
{{Window/navigator}}.{{Navigator/clearOriginJoinedAdInterestGroups()}} removes a user from
[=interest groups=] whose [=interest group/joining origin=] is the associated
{{Navigator}}'s [=relevant settings object=]'s [=environment/top-level origin=].
<xmp class="idl">
[SecureContext]
partial interface Navigator {
Promise<undefined> clearOriginJoinedAdInterestGroups(
USVString owner, optional sequence<USVString> interestGroupsToKeep = []);
};
</xmp>
<div algorithm>
The <dfn for=Navigator method>clearOriginJoinedAdInterestGroups(|owner|, |interestGroupsToKeep|)</dfn>
method steps are:
1. Let |settings| be [=this=]'s [=relevant settings object=].
1. Let |frameOrigin| be |settings|'s [=environment settings object/origin=].
1. [=Assert=] that |frameOrigin| is not an [=opaque origin=] and its [=origin/scheme=] is "`https`".
1. Let |p| be [=a new promise=].
1. Let |global| be [=this=]'s [=relevant global object=].
1. If |global|'s [=associated Document=] is not [=allowed to use=] the
"[=join-ad-interest-group=]" [=policy-controlled feature=], then [=exception/throw=] a
"{{NotAllowedError}}" {{DOMException}}.
Note: Both joining and leaving interest groups use the "join-ad-interest-group" feature.
1. Let |ownerOrigin| be the result of [=parsing an https origin=] with |owner|.
1. If |ownerOrigin| is failure, [=exception/throw=] a {{TypeError}}.
1. Run these steps [=in parallel=]:
1. Let |permission| be the result of [=checking interest group permissions=] with
|ownerOrigin|, |settings|, and "`leave`".
1. If |permission| is false, then [=queue a global task=] on the [=DOM manipulation task source=]
given |global|, [=reject=] |p| with a "{{NotAllowedError}}" {{DOMException}} and abort these steps.
1. [=Queue a global task=] on the [=DOM manipulation task source=] given |global|, to [=resolve=] |p|
with {{undefined}}.
1. [=list/Remove=] [=interest groups=] from the [=user agent=]'s [=interest group set=]
whose [=interest group/owner=] is |ownerOrigin|, whose [=interest group/joining origin=] is
|frameOrigin|, and whose [=interest group/name=] is not in |interestGroupsToKeep|.
1. Return |p|.
</div>
<h2 id="running-ad-auctions">Running Ad Auctions</h2>
*This first introductory paragraph is non-normative.*
When a website or someone working on behalf of the website (e.g. a supply side platform, SSP) wants
to conduct an auction to select an advertisement to display to the user, they can call the
{{Window/navigator}}.{{Navigator/runAdAuction()}} function, providing an auction configuration that
tells the browser how to conduct the auction and which on-device recorded interests are allowed to
bid in the auction for the chance to display their advertisement.
<h3 id="runadauction">runAdAuction()</h3>
<xmp class="idl">
[SecureContext]
partial interface Navigator {
Promise<(USVString or FencedFrameConfig)?> runAdAuction(AuctionAdConfig config);
readonly attribute boolean deprecatedRunAdAuctionEnforcesKAnonymity;
};
dictionary AuctionReportBuyersConfig {
required bigint bucket;
required double scale;
};
dictionary AuctionReportBuyerDebugModeConfig {
boolean enabled = false;
// Must only be provided if `enabled` is true.
bigint? debugKey;
};
dictionary AuctionRealTimeReportingConfig {
required DOMString type;
};
dictionary AuctionAdConfig {
required USVString seller;
required USVString decisionLogicURL;
USVString trustedScoringSignalsURL;
long maxTrustedScoringSignalsURLLength;
sequence<USVString> interestGroupBuyers;
Promise<any> auctionSignals;
Promise<any> sellerSignals;
Promise<DOMString?> directFromSellerSignalsHeaderAdSlot;
Promise<record<USVString, USVString>?> deprecatedRenderURLReplacements;
unsigned long long sellerTimeout;
unsigned short sellerExperimentGroupId;
Promise<record<USVString, any>?> perBuyerSignals;
Promise<record<USVString, unsigned long long>?> perBuyerTimeouts;
Promise<record<USVString, unsigned long long>?> perBuyerCumulativeTimeouts;
unsigned long long reportingTimeout;
USVString sellerCurrency;
Promise<record<USVString, USVString>?> perBuyerCurrencies;
record<USVString, unsigned short> perBuyerMultiBidLimits;
record<USVString, unsigned short> perBuyerGroupLimits;
record<USVString, unsigned short> perBuyerExperimentGroupIds;
record<USVString, record<USVString, double>> perBuyerPrioritySignals;
sequence<bigint> auctionReportBuyerKeys;
record<DOMString, AuctionReportBuyersConfig> auctionReportBuyers;
AuctionReportBuyerDebugModeConfig auctionReportBuyerDebugModeConfig;
sequence<DOMString> requiredSellerCapabilities;
ProtectedAudiencePrivateAggregationConfig privateAggregationConfig;
record<DOMString, DOMString> requestedSize;
sequence<record<DOMString, DOMString>> allSlotsRequestedSizes;
Promise<undefined> additionalBids;
DOMString auctionNonce;
AuctionRealTimeReportingConfig sellerRealTimeReportingConfig;
record<USVString, AuctionRealTimeReportingConfig> perBuyerRealTimeReportingConfig;
sequence<AuctionAdConfig> componentAuctions = [];
AbortSignal? signal;
Promise<boolean> resolveToConfig;
Promise<Uint8Array> serverResponse;
USVString requestId;
};
</xmp>
Note: To help with ease of adoption, the browser will support the attribute
{{Window/navigator}}.{{Navigator/deprecatedRunAdAuctionEnforcesKAnonymity}}
while k-anonymity enforcement is being rolled out. This attribute is true
when {{Window/navigator}}.{{Navigator/runAdAuction()}} enforces
[[#k-anonymity]] when running an auction and false otherwise. The attribute
is not useful once k-anonymity enforcement is fully rolled out, and hence
this attribute will be deprecated and removed some time after this point.
See <a href="https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/k-anonymity">
https://developers.google.com/privacy-sandbox/relevance/protected-audience-api/k-anonymity</a> for
more up to date information.
<div algorithm="runAdAuction()">
The <dfn for=Navigator method>runAdAuction(|config|)</dfn> method steps are:
1. Let |global| be [=this=]'s [=relevant global object=].
1. Let |settings| be [=this=]'s [=relevant settings object=].
1. If |global|'s [=associated Document=] is not [=allowed to use=] the "[=run-ad-auction=]"
[=policy-controlled feature=], then [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}.
1. Let |privateAggregationAllowed| be the result of determining whether |global|'s [=associated
Document=] is [=allowed to use=] the "<code>[=private-aggregation=]</code>" [=policy-controlled
feature=].
1. Let |auctionConfig| be the result of running [=validate and convert auction ad config=] with
|config| and true.
1. If |auctionConfig| is failure, then [=exception/throw=] a {{TypeError}}.
1. Optionally, [=exception/throw=] a "{{NotAllowedError}}" {{DOMException}}.
Note: This [=implementation-defined=] condition is intended to allow [=user agents=] to decline
for a number of reasons, for example the [=auction config/seller=]'s [=site=] not being
<a href="https://github.com/privacysandbox/attestation">enrolled</a>.
1. Let |p| be [=a new promise=].
1. Let |configMapping| be |global|'s [=associated Document=]'s [=node navigable=]'s
[=navigable/traversable navigable=]'s [=traversable navigable/fenced frame config mapping=].
1. Let |pendingConfig| be the result of [=constructing a pending fenced frame config=] with
|auctionConfig|.
1. Let |urn| be the result of running [=fenced frame config mapping/store a pending config=] on
|configMapping| with |pendingConfig|.
1. If |urn| is failure, then resolve |p| with null and return |p|.
1. Let |bidIgs| be a new [=list=] of [=interest groups=].
1. If |config|["{{AuctionAdConfig/signal}}"] [=map/exists=], then:
1. Let |signal| be |config|["{{AuctionAdConfig/signal}}"].
1. If |signal| is [=AbortSignal/aborted=], then [=reject=] |p| with |signal|'s
[=AbortSignal/abort reason=] and return |p|.
1. Otherwise [=AbortSignal/Add|add the following abort steps=] to |signal|:
1. Set |auctionConfig|'s [=auction config/aborted=] to true.
1. Set |auctionConfig|'s [=auction config/abort reason=] to |signal|'s [=AbortSignal/abort reason=].
1. [=list/For each=] |auction| in |auctionConfig|'s [=auction config/component auctions=]:
1. Set |auction|'s [=auction config/aborted=] to true.
1. [=Assert=] that |settings|'s [=environment settings object/origin=] is not an [=opaque origin=]
and its [=origin/scheme=] is "`https`".
1. Let |queue| be the result of [=starting a new parallel queue=].
1. [=parallel queue/enqueue steps|Enqueue the following steps=] to |queue|:
1. Let |reportingContextMap| be the result of [=creating a reporting context map=] given
|auctionConfig| and |privateAggregationAllowed|.
1. If |auctionConfig|'s [=auction config/server response=] is not null:
1. Let |winnerInfo| be the result of running [=parse and validate server response=] with
|auctionConfig|, null, |global|, |bidIgs|, and |reportingContextMap|.
1. Otherwise:
1. Let |realTimeContributionsMap| be a new [=real time reporting contributions map=].
1. Let |winnerInfo| be the result of running [=generate and score bids=] with |auctionConfig|,
null, |global|, |bidIgs|, |reportingContextMap|, and |realTimeContributionsMap|.
1. Let |auctionReportInfo| be a new [=auction report info=].
1. If |winnerInfo| is not failure, then:
1. Set |auctionReportInfo| to the result of running [=collect forDebuggingOnly reports=] with
|reportingContextMap|, |auctionConfig|'s [=auction config/seller=], and |winnerInfo|.
1. Set |auctionReportInfo|'s [=auction report info/real time reporting contributions map=] to
|realTimeContributionsMap|.
1. If |auctionConfig|'s [=auction config/aborted=] is true:
1. [=Queue a global task=] on the [=DOM manipulation task source=], given |global|, to
[=reject=] |p| with |auctionConfig|'s [=auction config/abort reason=].
1. Otherwise if |winnerInfo| is failure, then [=queue a global task=] on [=DOM manipulation task source=],
given |global|, to [=reject=] |p| with a "{{TypeError}}".
1. Otherwise if |winnerInfo| is null or |winnerInfo|'s [=leading bid info/leading bid=] is null:
1. [=Queue a global task=] on [=DOM manipulation task source=], given |global|, to [=resolve=]
|p| with null.
1. [=list/For each=] |reportUrl| of |auctionReportInfo|'s
[=auction report info/debug loss report urls=]:
1. [=Send report=] with |reportUrl| and |settings|.
1. [=Send real time reports=] with |auctionReportInfo|'s
[=auction report info/real time reporting contributions map=] and |settings|.
1. [=Process the Private Aggregation contributions=] given |auctionConfig|,
|reportingContextMap|.
1. Otherwise:
1. Let |winner| be |winnerInfo|'s [=leading bid info/leading bid=].
1. Let |fencedFrameConfig| be the result of [=filling in a pending fenced frame config=] with
|pendingConfig|, |auctionConfig|, |reportingContextMap|, |winnerInfo|, |auctionReportInfo|,
and |settings|.
1. [=fenced frame config mapping/Finalize a pending config=] on |configMapping| with |urn| and
|fencedFrameConfig|.
1. Wait until |auctionConfig|'s [=auction config/resolve to config=] is a boolean.
1. Let |result| be |fencedFrameConfig|.
1. If |auctionConfig|'s [=auction config/resolve to config=] is false, then set |result| to |urn|.
1. [=Queue a global task=] on the [=DOM manipulation task source=], given |global|, to
resolve |p| with |result|.
1. Run [=update previous wins=] with |winner|.
1. Run [=interest group update=] with |auctionConfig|'s [=auction config/interest group buyers=]
and |settings|'s [=environment settings object/policy container=].
1. Run [=update bid counts=] with |bidIgs|.
1. Return |p|.
</div>
<div algorithm>
To <dfn>construct a pending fenced frame config</dfn> given an [=auction config=]
|config|:
1. Return a [=fenced frame config=] with the following [=struct/items=]:
: [=fenced frame config/mapped url=]
:: a [=struct=] with the following [=struct/items=]:
: [=mapped url/value=]
:: `"about:blank"`
: [=mapped url/visibility=]
:: "<a for=visibility>`opaque`</a>"
: [=fenced frame config/container size=]
:: the result of
Issue: converting |config|'s [=auction config/requested size=] to pixel values
(<a href="https://github.com/WICG/turtledove/issues/986">WICG/turtledove#986</a>)
: [=fenced frame config/content size=]
:: null
: [=fenced frame config/interest group descriptor=]
:: a [=struct=] with the following [=struct/items=]:
: [=interest group descriptor/value=]
:: a [=struct=] with the following [=struct/items=]:
: [=interest group descriptor/owner=]
:: ""
: [=interest group descriptor/name=]
:: ""
: [=interest group descriptor/visibility=]
:: "<a for=visibility>`opaque`</a>"
: [=fenced frame config/on navigate callback=]
:: null
: [=fenced frame config/effective sandboxing flags=]
:: a [=struct=] with the following [=struct/items=]:
: [=effective sandboxing flags/value=]
:: TODO: fill this in once fenced frame sandbox flags are more fully specified
: [=effective sandboxing flags/visibility=]
:: "<a for=visibility>`opaque`</a>"
: [=fenced frame config/effective enabled permissions=]
:: a [=struct=] with the following [=struct/items=]:
: [=effective enabled permissions/value=]
:: «"<code>{{PermissionPolicy/attribution-reporting}}</code>",
"<code>[=private-aggregation=]</code>", "<code>[=shared-storage=]</code>",
"<code>[=shared-storage-select-url=]</code>"»
: [=effective enabled permissions/visibility=]
:: "<a for=visibility>`opaque`</a>"
: [=fenced frame config/fenced frame reporting metadata=]
:: null
: [=fenced frame config/exfiltration budget metadata=]
:: null
: [=fenced frame config/nested configs=]
:: a [=struct=] with the following [=struct/items=]:
: [=nested configs/value=]
:: an empty [=list=] «»
: [=nested configs/visibility=]
:: "<a for=visibility>`opaque`</a>"
: [=fenced frame config/embedder shared storage context=]
:: null
</div>
<div algorithm>
To <dfn>fill in a pending fenced frame config</dfn> given a [=fenced frame config=]
|pendingConfig|, [=auction config=] |auctionConfig|, [=reporting context map=]
|reportingContextMap|, [=leading bid info=] |winningBidInfo|, [=auction report info=]
|auctionReportInfo|, and an [=environment settings object=] |settings|:
1. Let |winningBid| be |winningBidInfo|'s [=leading bid info/leading bid=].
1. Let |replacements| be an [=ordered map=] whose [=map/keys=] are [=strings=] and whose
[=map/values=] are [=strings=].
1. [=list/For each=] |replacement| in |auctionConfig|'s
[=auction config/deprecated render url replacements=]:
1. Let |k| be |replacement|'s [=ad keyword replacement/match=].
1. Let |v| be |replacement|'s [=ad keyword replacement/replacement=].
1. [=map/Set=] |replacements|[|k|] to |v|.
1. Let |replacedAdURL| be the result of
running [=fencedframeutil/substitute macros=] with |replacements| and |winningBid|'s
[=generated bid/ad descriptor=]'s [=ad descriptor/url=].
1. Set |pendingConfig|'s [=fenced frame config/mapped url=]'s [=mapped url/value=] to
|replacedAdURL|.
1. Let |adSize| be |winningBid|'s [=generated bid/ad descriptor=]'s [=ad descriptor/size=].
1. Let |concreteAdSize| be the result of
Issue: resolving screen-relative sizes to pixel values for |adSize|.
(<a href="https://github.com/WICG/turtledove/issues/986">WICG/turtledove#986</a>)
1. Let |adWidthString| and |adHeightString| be the result of
Issue: converting |concreteAdSize| to strings.
(<a href="https://github.com/WICG/turtledove/issues/986">WICG/turtledove#986</a>)
1. Let |sizeMacroMap| be the [=ordered map=] «[ "{%AD_WIDTH%}" → |adWidthString|,
"{%AD_HEIGHT%}" → |adHeightString|, "${AD_WIDTH}" → |adWidthString|,
"${AD_HEIGHT}" → |adHeightString|]»
1. Set |pendingConfig|'s [=fenced frame config/mapped url=]'s [=mapped url/value=] to
the result of [=fencedframeutil/substituting macros=] with |sizeMacroMap| into |winningBid|'s
[=generated bid/ad descriptor=]'s [=ad descriptor/url=].
1. If |adSize| is not null:
1. Set |pendingConfig|'s [=fenced frame config/content size=] to a [=struct=] with the following
[=struct/items=]:
: [=content size/value=]
:: |concreteAdSize|.