2.6-202405 Public Comment Feedback #100
Comments
|
Do we have any guidance on which of the "ID Match Methods" are frowned upon or preferred by either the SSPs or DSPs? The perceived risk is that we set Also, are no bid events/oRTB losses captured on the basis of such detail? I.e. bidder didn't respond due to Such considerations allow a Publisher to diagnose the effectiveness or risk to their ID bridging solutions or tailor their solutions to meet market requirements. |
|
It is very helpful to make a draft PR to put feedback on. Since I couldnt find one, I'll add it here. The https://github.com/InteractiveAdvertisingBureau/openrtb2.x/blob/develop/2.6.md#appendix-c-cookie-based-id-syncing- document seems to be unaware of a very popular method for dsp - ssp syncing, which is for the ssp to write dsp cookies to the user storage to preserve their life. Here are four of many many examples
The appendix appears to invlidate this technique and needs modification to preserve it. Here is a proposed change: Change to: |
Is that the case? If so, this is already documented, but we could make it clearer. At present the text says... tagging @iantri to comment if the question was about caching the id in localStorage under a site's domain it gets potentially sticky depending on the ad tech platform's implementation. |
|
@adamleslie The spec doesn't take a position (and won't) on the match methods being good/bad or preferred/dispreferred. Ask several different SSPs/DSPs, and you'll get several different answers. It simply creates a way for sellers to provide transparency into the provenance of an ID. It's not a question of setting Your question implies changing |
|
I'm more concerned about setting |
|
@adamleslie I am the VP of Product for Basis DSP, and was formerly responsible for supply/data integrations and inventory quality. We consider current behaviours being practiced by some (but far from all) supply-side parties to be unacceptable. I'm speaking of the spoofing cookie IDs into the buyeruid field when the user does not actually have the cookie. We fundamentally do not want supply-side ID bridging to occur for reasons I have discussed with industry press and due to the more fundamental principle that this has massive abuse potential; if the supply-side gets to choose how/what ID is presented in the bid request, this will obviously be exploited by some to make more money by presenting attractive IDs. All cases of this currently occurring, affecting Basis IDs, was undisclosed, and is unrequested, and unwanted. So, while this spec is with regards to a practice we do not want, at least it enables us to exclude the undesired IDs. Your remarks seem to indicate consideration of misrepresenting the nature of the IDs presented in the interests of revenue maximization. Misrepresenting material details of a bid request in the interests of making more money would be fraud, and we will absolutely block supply from anyone who does so. We are currently in the process right now of blocking supply which is causing misrepresented IDs in the buyeruid field. |
|
re: Unless prior arrangements have been made between the buyer and the seller directly Is it expected that the buyers and sellers would have that prior arrangement privately or publicly declared within the spec? |
|
@hillslatt your proposed edit works for me |
@mdavies-bidswitch No, it is not expected. But if the 2 parties want to agree on some convention for declaring it, nobody is stopping them :-) |
|
What provision is being made for ID-less audience signals? We propose that the current protocol although enabling ID-less audiences, such as Seller Defined Audiences, or more basically 1st Party key-value pairs in PMP deals, does not enable that audience signal to carry equal weight and thus DSP logic is biased towards the ID or UID sync when these are also present on the inventory. Whilst we appreciate that this may not be 100% the correct forum but we equally feel that there is an immediate need to address this elephant in the room and we will shortly be publishing a whitepaper to support this proposal. As I have not had sufficient time to absorb the whole aspect of his forum, it would be good to know if provision exists here or elsewhere for consideration. |
|
DV360 TL here. While we generally agree with the spirit of this proposal which aims to bring transparency regarding the origins and nature of user identifiers within OpenRTB transactions, we believe it should be extended to also cover user.id field. In many SSP/DSP integrations, user.buyeruid and user.id are employed interchangeably, the only distinction being the party hosting the cookie match table: SSP in the case of user.buyeruid and DSP in the case of user.id. Restricting the scope of the proposal solely to user.buyeyuid, device.ifa, and user.eids fields without incorporating analogous mechanisms to describe the user.id field would result in the transparency objectives only partially achieved. More specifically, we propose:
|
|
Hi @dkulakovsky, I think I'm broadly on the same page as you, but could you clarify "Add language / examples indicating that the new mm and atype fields should also be used to describe user.id attribute, similar to how they are used for user.buyeruid"? The proposed changes here actually don't indicate use of an "mm" or "atype" field associated to buyeruid, but rather clarifies that buyeruid is expected to be from a customary third-party cookie sync (unless you choose to arrange otherwise with a partner). So there is no "mm", "atype" for buyeruid, things that aren't customary third-party cookie sync go in eids instead. |
|
When the IDs get translated by the SSP to a DSP identifier, we would like to propose that the matcher information is retained. "user": { |
|
I propose we add pseudo code to illustrate what's expected. I volunteer the following not as "the solution" but for discussion. The use case is an SSP that has received a request, and is examining it to decide what to pass along to a DSP that does not want to receive any bridged IDs. (The value |
|
Agree with @simontrasler , here is pictorial view of the same pseudo code proposed above... graph TD;
A[If buyeruid is not empty] -->|Yes| B[If eids is not empty];
B -->|Yes| C[Let explicit = false, found = false];
C --> D[Foreach eid in eids];
D -->|source == buyerdomain| E[Let explicit = true];
E --> F[If mm == 1 or mm == 2];
F --> G[Foreach uid in uids];
G -->|buyeruid == uid| H[Let found = true];
H --> I[Break];
I --> J[If found];
J -->|Yes| K["// Legitimate match"];
J -->|No| L["// No match with a desired method, ignore buyeruid"];
E -->|No| M["// No match with a desired method, ignore buyeruid"];
B -->|No| N["// We cannot be sure of the provenance of the buyeruid, ignore buyeruid"];
A -->|No| O["// Make a decision on what to consume from the EIDs array"];
|
|
Question regarding
On an un-perturbed, "traditional" web request (seller-hosts An un-perturbed app request is unambiguous. I expect No Match. |
|
@dmdabbs The "matcher" field is spec'd only for the eids object -- buyeruid is specified as "Unless prior arrangements have been made between the buyer and the seller directly, the value in this field is expected to be derived from an ID sync. (see Appendix: Cookie Based ID Syncing)". So in other words, unless you specifically and intentionally agreed to do differently with a supply partner, buyeruid is expected to be derived conventionally. Ditto on ifa. @simontrasler @pm-harshad-mane I think some of that may have to do with internals on your side and/or partnerships you've pursued. I get why you're specifically saying this for some specific details for your case, but I don't think it generalizes. As I see it, this is a non-issue:
.. so long as people do not stick things in buyeruid other from a conventionally derived cookie sync. In other words, the request to you should only contain buyeruid populated from conventional cookie sync. And similarly, the buyeruid you populate in a bid request outbound to, say, our DSP, should similarly only be populated from conventional cookie sync. (Derived from the cookie ID sent to you in buyeruid, if you are handling a request send S2S to you and can't look directly at your cookie). So then, there isn't anything needing to be done to determine what to pass to a DSP that does not want bridged IDs. That is, effectively, the default, unless something atypical is done. For all other scenarios, use eids. In other words, if somebody is populating your cookie ID into requests using bridging, it should go in eids. I don't think attempting to assess the "provenance of buyeruid" based on something from a different part of the request -- eids -- is the way to go. The concept of doing so only makes sense to me if buyeruid is being polluted by bridged IDs -- but I'm saying, it just shouldn't be -- then there is no problem, and no fancy flowchart needed. :) DSPs that want the bridged IDs can just read them from eids. If you want to put a bridged ID in the request, put it in eids, and the DSP can read it if they want. Alternatively, since the spec does not dictate what consenting platforms do between themselves, if both you and the DSP agree to it you could elect to send the bridged ID to them in "buyeruid" if that's what they want. Regardless of any variation on all of this (i.e. the version I'm saying here, or your flowchart version), it'll still be necessary to audit/verify that buyeruid isn't being tampered with, such as by checking reality based on what you see in your cookie when a pixel fires. Declarations are inherently untrustworthy when we're trading bytes for money. :) EDIT: Consenting platforms can do what they want between themselves extends of course to upstream of you -- so you could agree to allow a bridged version of your platform's IDs to be put into the buyeruid field by the upstream party -- in other words, they populate your ID into buyeruid based on bridging -- but I don't recommend this, because then it leads to the complication of your flowchart/pseudocode. So, if you just insist that eids is used for it, any case where buyeruid population appears to be abnormal (based on verification of direct cookie observation at delivery) can be considered abuse/incorrect/invalid. |
|
Thanks Ian. I was recalling a discussion about instances of sellers passing something in buyeruid because the DSP could only handle it that way. But that was a) IIRC a MAID in buyeruid and b) a thing between consenting adults, as the revised buyeruid description now calls out.
From a buyer's perspective, in this scenario my |
|
I'm saying that it shouldn't be. Suppose publisher and SSP agree to use buyeruid in a "non-standard" fashion (bridged ID in buyeruid) -- it's still the SSP's problem to only populate buyeruid in the request they send to you based on conventional cookie sync, unless you've agreed otherwise. I am suggesting that to maintain their sanity, SSPs should NOT use buyeruid in that fashion between them and pub, because they'll have a hard time untangling it in any event. If this stuff stays cleanly in eids, everything will be so much simpler... |
@deepthivenkat I think that as written already, nothing precludes this? Could you elaborate on what the problem would be? What is getting "dropped" by whom? |
|
Can we provide more specific, clarifying examples for It's interesting that 5 (Property-Specific Authentication) lists SharedID as one of possibilities; I had thought, however, that the SharedID is not an authenticated ID in a sense of being associated with an individual end user – but a random first-party cookie, meaning associated with a given browser instance. More generally, can we more precisely define the distinction between "Authentication" as a mechanism for the proposed match methods taxonomy ( |
You're right @sbelov it's muddy. Perhaps SharedID/pubcommonid was included in that list when
But So for that case I'm inclined to say they should be signaled as "No Match."
How about changing "3rd-party cookie or" to "cookie, device storage, or"? Here then is a suggestion for how a SharedID managed and read in a Prebid install would be signaled. @patmmccann the "inserter" should be the bid adapter that's reading the SharedID (versus 'prebid.org' who provides access via the userid module), right? Revised for typo and to replace openx.com as illustrative "inserter". |
|
Prebid.org would never be an inserter. it publishes software publishers are free to use and modify in anyway they see fit and doesn't warranty anyone on how it or its derivatives are subsequently used |
|
We need to add a clarification to the appendix that partitioned cookie syncs are in scope, there seems to be a lot of suggestions in public that partitioned chips cookies cannot carry exchange identifiers. This doesn't seem to make any sense, chips cookies meet every criteria of the legacy sync yet are just partitioned. In a Dsp - ssp chips cookie sync, one would expect to find identifiers in subsequent win or impression or completion notifications to the same endpoint. |
5 seems correct from the description and discussion to date and a relaxation of the word authenticated seems appropriate, perhaps substantiated, as people seem to be reading the word authentic to mean tied to a known and identifiable person through a login. My understanding was it meant to suggest complete certainty. |
@hillslatt @dmdabbs Can we confirm – and if so, make that more explicit – that the intent of Additionally, is there a suggested, standardized place in OpenRTB for distinguishing single-property from cross-property (cross-app or cross-site) identifiers, if |
If that is the case, should we consider changing the terminology, perhaps, from "authenticated" to something more general, e.g., "deterministic"? On a related note, do we think there may be value for the demand side to distinguish between authenticated versus deterministic but unauthenticated (e.g. random cookie) in this nomenclature? |
If a value is an
|
Indeed, Admittedly, this is not directly related to the current match method transparency proposal, but seems useful in a world with a greater reliance on publisher first-party data. |
|
IMO "atype" in it's current form doesn't make a lot of sense (values 1 and 2 overlap in meaning, and I don't know why #2 refers to "in-app impressions" when this is describing IDs, not impressions) and is ripe to be refined/replaced anyway. |
|
@sbelov -
The group discussed using the deterministic/probabilistic language and decided against for a lot of reasons including but not limited to avoiding the value judgement implicit in that phrasing, the notion that complete certainty is possible (i.e. there are a lot of legitimate cases of authenticated users not being the ones who are actually viewing the content...think me watching a streaming app that uses my husbands email to authenticate, but in my profile).
I'm open to adding an explicit enumeration for 1st party cookies if the community thinks that'd be helpful. @iantri @dmdabbs @patmmccann @pm-harshad-mane - please weigh in with your thoughts.
If you or anyone else would like to write a few, I'd be more than happy to get them vetted with the Commit Group and pushed alongside the production release (or at a later date if the timing doesn't work out it's not a material change).
I don't understand this question. List: Match Method meant to answer three questions:
Can you clarify the confusion? @dmdabbs -
Correct. We plan to remove all of the named examples when this goes to production. They were included for the sole purpose of facilitating exactly this discussion.
@iantri - want to weigh in on this one? |
That's a lot of questions for a single field to answer! I think understand (1) and (2). That seems to mean that I am not sure I have clarity about (3) the way you framed it. Does it refer to the scope of the ID that's being communicated (for example, |
@sbelov IGIN...so two lists to be used in conjunction with one another so List: Match Method would be No/Authenticated/Not Authenticated and then a distinct list for single or multiple properties/apps? |
My perspective is that the fundamental point is to have a cross-site identifier for cross-site tracking. Having "my" cookie IDs that are constrained to a single site (whether that is a result of some non-conventional method of persistence such as localStorage, or because of CHIPS, be that directly or indirectly through how exchange cookie IDs are persisted) makes them no longer meaningful or useful as "my" cookie IDs since they cannot be arbitrarily accessed across sites. Implicitly, a DSP cookie ID is expected to be a cross-site accessible identifier to fulfill intended purposes. So I wouldn't welcome it. Regardless of what shakes out regarding the spec, I'll be updating our policies further to spell out that we will not accept it. The essential purposes of cookie IDs for DSPs are:
When it's partitioned by site, it's not usable for any of these. So it doesn't fulfill the essential purposes. In my view, the only thing that would be accomplished is to cause an {exchange, DSP} "cookie" ID to appear in the bid requests, thereby inducing bidding (by campaigns and/or entire bidders who will not bid when an ID is unavailable). However, not bidding when an ID is unavailable is an intentional behaviour because of the functionality that the DSP wishes to occur. There are uses for a site-specific identifier, for example to enable the DSP to handle audience data for that specific site and [more likely] for f-capping on a single site. But that's precisely what things like SharedID provide for -- in other words, we'll read from that when we want to cause site-specific f-cap. Causing a {exchange, DSP} "cookie" ID to appear when it cannot be used for any of the intended purposes would be missing the whole spirit of things from a DSP perspective, in my view. As the CHIPS overview says:
Yes. And for advertising purposes, that cross-site tracking is the point. |
|
Adding a +1 to Ian's comments here. A partitioned cookie breaks the contract of how cookies were originally used in digital advertising. The buyeruid should be reserved for that original purpose. A partitioned ID fails the test for critical DSP functionality to an effective way to target audiences, control frequency across sites, measure marketing outcomes and optimize performance. Let's please stick newly behaving identifiers into EIDs along with the appropriate metadata so we can find effective ways to consume these new signals. If DSPs find partitioned IDs like this useful, we might want to add a different match method for these kinds of ID. What do you think @hillslatt ? |
|
If @adammarkey and @iantri don't want to participate in chips cookie syncing, they can choose not to by simply not dropping chips sync cookies and not providing chips endpoints to ssps to sync with. I don't see that as a reason to prevent others from finding value there or banishing them into special arrangements land where the spec gives no guidance. However, I do support @adammarkey 's proposal to add chips syncing as an extra match method. |
Please comment on this issue with feedback on updates to the OpenRTB updates in Public Comment
OpenRTB Updates:
Associated AdCOM List: ID Match Methods
The text was updated successfully, but these errors were encountered: