technical integration working group meeting single point of … · 20-04-2017 · the goal...
TRANSCRIPT
![Page 1: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/1.jpg)
Technical Integration Working Group Meeting
Single Point of Failure Analysis20 April 2017
![Page 2: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/2.jpg)
The Goal
• Discuss deployment options / best practices
• Surface technical concerns, requests, etc.
• Facilitate progress:– Testing and results
– Cross-team coordination, within your orgs
– Across all members (publishers + platforms)
• Determine joint deployment dates
![Page 3: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/3.jpg)
Agenda Today: Single Point of Failure Analysis
• Technology overview + dependencies
• Failure scenarios
– Description
– Adverse effect
– How to address (mitigating factors)
![Page 4: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/4.jpg)
Critical Solution Delivery Components
• Zero managed infrastructure• Fault-tolerant CDN• JavaScript libraries
– Client-side execution only
• Decentralized storage of encrypted ID – Replicated across DigiTrust cookie space, plus every
publisher’s cookie space
• Decryption APIs– Batch distribution; applied server-side
![Page 5: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/5.jpg)
Solution Delivery
Web ResourceBrowser Client
(1) HTTP Request
and HTML returned
Akamai CDN
(2) JavaScript
Third Parties
(3) ID generated / read by third parties via JavaScript API
(4) ID read by Web site from their cookie space and passed to third parties
![Page 6: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/6.jpg)
JavaScript Execution
1. The digitrust.js resource creates an iframe– Requires valid member ID and site ID
2. An ID is requested of the iframe by the parent javascript via iframe message passing
3. An unencrypted ID is read (if present) from cookies in the digitru.st domain, encrypted, and returned to the parent frame in encrypted form
4. The encrypted ID is written to a cookie in each publisher’s domain
![Page 7: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/7.jpg)
Decentralized, Replicated Storage
• ID and opt-outs are first set within DigiTru.st cookie, then propagated out to all publisher cookies
• DigiTrust JS required in browser for IDs to be set or read
• Publishers may read from their own cookie space
• Unencrypted ID • Privacy settings:
• Consent timestamp, or• Self regulatory opt-out
• 5 year expiration
DIGITRU.ST domain cookie
• Encrypted ID • Privacy settings:
• Consent timestamp, or• Self regulatory opt-out
• 30 day expiration
PUBLISHER domain cookie
![Page 8: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/8.jpg)
Critical Failure Scenarios
1. CDN failure
2. CDN contents are hacked
3. Ad blockers block digitru.st domain
4. Cookie manipulation (malicious or unintended)
5. Erroneous software updates by DigiTrust
6. Browsers explicitly block DigiTrust
7. Malicious man in the middle
![Page 9: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/9.jpg)
CDN Failure – Adverse Effects
• Examples:– General CDN failure, isolated failure, DigiTrust
incompetence, DNS failure, failure to pay, etc.
• Potential effects:– CDN failure will eventually result in failure to load
JavaScript, once expired from browser cache– Temporary failure to generate new IDs– Temporary failure to read ID from DigiTrust cookie– Temporary failure of IDs to propagate to publisher cookies– Temporary failure of new opt-outs to propagate
![Page 10: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/10.jpg)
Mitigating CDN Failure
• Akamai failure breaks most of the Web anyway
• Performance-based DNS across multiple CDNs
• Industry won’t rely on single identifier overnight
• Browser caching of assets
• Encrypted ID still available in publisher cookie space
![Page 11: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/11.jpg)
Hacked CDN Contents – Adverse Effects
• Example:– JavaScript contents modified to distribute malware, muck
with page content, etc.
• Potential effects:– Malicious updates to cookie containers
– Temporary failure to generate new IDs
– Temporary failure to read ID from DigiTrust cookie
– Temporary failure of IDs to propagate to publisher cookies
– Temporary failure of new opt-outs to propagate
![Page 12: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/12.jpg)
Mitigating Hacked CDN Contents
• Utilize Akamai
– industry-leading CDN and security
• Utilize Subresource Integrity (SRI)
– security feature (using cryptographic hash) that enables browsers to verify that the files they fetch are delivered without unexpected manipulation.
<script src="https://example.com/framework/example-v1.12.39.js"integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"crossorigin="anonymous"></script>
![Page 13: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/13.jpg)
Ad Blocking – Adverse Effects
• Example:– Consumers download ad blockers en masse, which
blocks all DigiTrust requests
• Potential effects:– Failure to generate new IDs
– Failure to read ID from DigiTrust cookie
– Failure of IDs to propagate to publisher cookies
– Failure of new opt-outs to propagate
![Page 14: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/14.jpg)
Mitigating Ad Blocking
• DigiTrust doesn’t solve this industry issue– Doesn’t matter if there is a better ID, or no ID
– Ads won’t serve anyway
• Best practices for publishers:– Help make pages load faster; smaller payload (LEAN)
– Detect ad blocking and engage with consumer (DEAL)• DigiTrust JS intends to offer built-in ad blocker detection
– Tie to regulatory disclosures / consent (in EU)
![Page 15: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/15.jpg)
Cookie Manipulation – Adverse Effects
• Example:
– Device apps, browser add-ons or malware/viruses manipulating DigiTrust cookie containers
• Potential effects:
– Duplicated IDs
– Deleted IDs
– Fabricated opt-outs
![Page 16: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/16.jpg)
Mitigating Cookie Manipulation
• Mitigating factors:
– Tough to battle software installed on devices
– Not likely to scale quickly
– Work with members to monitor and catch early
– Work with industry to address
• Best practices for publishers:
– Detect and engage with consumer
![Page 17: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/17.jpg)
Erroneous Software Updates – Adverse Effects
• Example:
– High severity bug deployed across all publishers
• Potential effects:
– Temporary or permanent failure to provide ID
– Duplicated IDs
– Deleted IDs
– Erroneous opt-outs
![Page 18: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/18.jpg)
Mitigating Erroneous Software Updates
• Semver-based deployments
– Upgrades occur on individual publisher timelines
• Peer code reviews
• Rigorous commit policies + procedures
• Automated browser testing
• Staged releases
![Page 19: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/19.jpg)
Browsers Blocking DigiTrust – Adverse Effects
• Example:
– Safari update blocks DigiTrust requests / cookies
• Potential effects:
– Automated opt-out
– Deleted IDs
– Blocked requests
– No ID available for the industry
![Page 20: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/20.jpg)
Mitigating Browsers Blocking DigiTrust
• Establish relationships proactively
• Communicate mission and consumer benefit
• Offer participation
• Broad industry support compels cooperation– Leading industry trade groups
– Leading brand-name publishers
• Rely on publisher relationship with audience
![Page 21: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/21.jpg)
Malicious Man in the Middle – Adverse Effects
• Example:
– Proxy or other between the device and DigiTrust
– ISP attempting to alter content
– Malicious attacker
• Potential effects:
– Content modification for any purpose
![Page 22: Technical Integration Working Group Meeting Single Point of … · 20-04-2017 · The Goal •Discuss deployment options / best practices •Surface technical concerns, requests,](https://reader034.vdocuments.us/reader034/viewer/2022042309/5ed72942c30795314c174f53/html5/thumbnails/22.jpg)
Mitigating Malicious Man in the Middle
• SRI + https make this a non-issue
<script src="https://example.com/framework/example-v1.12.39.js"integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"crossorigin="anonymous"></script>