FLEDGE - Timeout for Trusted Server

[abmahdy]

Hi, I am unable to find a reference for the timeout of Trusted Server's calls. Is this something intentionally left out, or am I missing something here? Obviously, one Interest Group/DPS's timeout should not lead to overall auction failure, especially during BYOS model through OT1.

I am aware of the perBuyerTimeouts auction config, which, as far I could tell, only covers the on-device bidding.

[abmahdy]

Tagging @caraitto as he added perBuyerTimeouts

[caraitto]

Sorry, I'm a little confused what the "timeout of Trusted Server's calls" refers to -- is this the network timeout on requests to the trusted bidding signals server? A hard-coded 30 second timeout was added for several FLEDGE network requests [0], including the trusted bidding and scoring signals requests -- this isn't currently documented in the explainer, or elsewhere, AFAICT, but perhaps it should be?

My understanding (just looking at the code -- haven't tested this) is that we should continue the auction even if trusted bidding signals fail to load (we just pass null to the worklets for those fields in that case) [1][2] -- are you observing different behavior?

As you state, perBuyerTimeouts is used to restrict the runtime of bidding scripts running on-device in worklets -- I don't think it has any impact on the behavior of trusted server network requests?

[0] https://source.chromium.org/chromium/chromium/src/+/main:content/services/auction_worklet/auction_downloader.cc;l=130;drc=ed05896f5280ebc00395c8c317b46d394439415c

[1] https://source.chromium.org/chromium/chromium/src/+/main:content/services/auction_worklet/bidder_worklet.cc;l=509;drc=7fb345a0da63049b102e1c0bcdc8d7831110e324

[2] https://source.chromium.org/chromium/chromium/src/+/main:content/services/auction_worklet/seller_worklet.cc;l=453;drc=30c6aa69b4af54e7c38635b558a49e02bd252524

[abmahdy]

Thanks @caraitto for the response, code links are very helpful.

I'm a little confused what the "timeout of Trusted Server's calls" refers to

Yes, I meant the network timeout for bidding server request. A 30 second timeout is extremely high, no? Would not this lead to the ad space on Publisher/SSP to be empty for 30 seconds if the call times out for any IG's server?

[caraitto]

@qingxinwu

[caraitto]

Qingxin mentioned @MattMenke2 suggested a 30 second limit originally.

Yes, IIUC, that would be the case that we'd delay the auction at least 30 seconds. Perhaps we should consider a lower timeout?

[MattMenke2]

What about a per-origin/global (optional) request timeout (applicable to all network requests) in AuctionConfigs, and perhaps also a timeout in InterestGroups, and we take the minimum of the two?

Down the line, perhaps we can investigate having adaptive defaults, based on observed network performance. In general, the web has no request timeouts (apart from connection establishment timeouts, which tend to be fairly generous), so need to be very careful when introducing browser-managed timeout values.

[MattMenke2]

I've send out a proposal for a single comprehensive timeout that includes downloading Javascript and JSON, but also includes running all of a particular bidder's scripts. I'm not sure if this is sufficient to meet your needs, or if you think we still need request timeouts as well.

See PR #328 for the proposal.

[JensenPaul]

I think #328 addresses this. Feel free to reopen if you have more questions.