From 4d6bb3b312fda1bcdd82e2fd004102a94f9b99dc Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Thu, 3 Oct 2024 17:05:48 -0400 Subject: [PATCH 1/6] operator mods, edits from AT+SW --- docs/endpoints/post-identity-buckets.md | 2 +- docs/endpoints/post-identity-map.md | 4 ++-- docs/endpoints/post-optout-status.md | 2 +- docs/getting-started/gs-faqs.md | 17 ++++++++++++++--- .../gs-normalization-encoding.md | 2 +- docs/guides/advertiser-dataprovider-guide.md | 4 ++-- docs/guides/integration-mobile-client-server.md | 2 +- .../integration-options-private-operator.md | 6 +++++- docs/guides/operator-guide-aws-marketplace.md | 2 +- docs/guides/operator-guide-azure-enclave.md | 2 +- .../operator-private-gcp-confidential-space.md | 2 +- docs/guides/summary-guides.md | 2 +- docs/intro.md | 4 ++-- docs/overviews/overview-publishers.md | 2 +- docs/portal/api-keys.md | 2 +- docs/ref-info/glossary-uid.md | 9 +++++++++ docs/ref-info/ref-operators-public-private.md | 8 +++++++- docs/ref-info/ref-tokens.md | 2 +- 18 files changed, 52 insertions(+), 22 deletions(-) diff --git a/docs/endpoints/post-identity-buckets.md b/docs/endpoints/post-identity-buckets.md index 66c5045ff..6b990fe91 100644 --- a/docs/endpoints/post-identity-buckets.md +++ b/docs/endpoints/post-identity-buckets.md @@ -9,7 +9,7 @@ import Link from '@docusaurus/Link'; # POST /identity/buckets -Monitors rotated salt buckets. +Monitors rotated salt buckets. Used by: This endpoint is used mainly by advertisers and data providers. For details, see [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md). diff --git a/docs/endpoints/post-identity-map.md b/docs/endpoints/post-identity-map.md index eae1ee0e9..f57816a2f 100644 --- a/docs/endpoints/post-identity-map.md +++ b/docs/endpoints/post-identity-map.md @@ -9,7 +9,7 @@ import Link from '@docusaurus/Link'; # POST /identity/map -Maps multiple email addresses, phone numbers, or their respective hashes to their raw UID2s and salt bucket IDs. You can also use this endpoint to check for updates to opt-out information. +Maps multiple email addresses, phone numbers, or their respective hashes to their raw UID2s and salt bucket IDs. You can also use this endpoint to check for updates to opt-out information. Used by: This endpoint is used mainly by advertisers and data providers. For details, see [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md). @@ -19,7 +19,7 @@ Here's what you need to know: - The maximum request size is 1MB. - To map a large number of email addresses, phone numbers, or their respective hashes, send them in *sequential* batches with a maximum batch size of 5,000 items per batch. -- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and map directly identifying information (DII) consecutively. +- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and map directly identifying information (DII) consecutively. - Be sure to store mappings of email addresses, phone numbers, or their respective hashes.
Not storing mappings may increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of raw UID2s need to be updated daily. See also [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md) and [FAQs for Advertisers and Data Providers](../getting-started/gs-faqs.md#faqs-for-advertisers-and-data-providers). ## Request Format diff --git a/docs/endpoints/post-optout-status.md b/docs/endpoints/post-optout-status.md index da994a9d6..f6ca963dd 100644 --- a/docs/endpoints/post-optout-status.md +++ b/docs/endpoints/post-optout-status.md @@ -24,7 +24,7 @@ For details, refer to the following documentation, depending on your role: The key guidelines for managing batches of requests to this endpoint are as follows: - To check the opt-out status of a large number of UID2s, send them in sequential batches with a maximum batch size of 5,000 items per batch. -- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and send batches of raw UID2s consecutively. +- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and send batches of raw UID2s consecutively. ## Request Format diff --git a/docs/getting-started/gs-faqs.md b/docs/getting-started/gs-faqs.md index 40a972e61..78349f096 100644 --- a/docs/getting-started/gs-faqs.md +++ b/docs/getting-started/gs-faqs.md @@ -20,6 +20,7 @@ Here are some frequently asked questions regarding the UID2 framework. - [Can users opt out of targeted advertising tied to their UID2 identity?](#can-users-opt-out-of-targeted-advertising-tied-to-their-uid2-identity) - [When I send DII to UID2, does UID2 store the information?](#when-i-send-dii-to-uid2-does-uid2-store-the-information) - [Does UID2 allow the processing of HIPAA-regulated data?](#does-uid2-allow-the-processing-of-hipaa-regulated-data) +- [Should I use a Public Operator or a Private Operator?](#should-i-use-a-public-operator-or-a-private-operator) :::note For FAQs relating to mobile publisher integrations, see [FAQs for Mobile Integrations](../guides/integration-mobile-overview.md#faqs-for-mobile-integrations). @@ -43,6 +44,16 @@ In addition, in almost all cases, UID2 doesn't store any values at all once the No. UID2 participants must not generate UID2s from Protected Health Information, as defined by the Health Insurance Portability and Accountability Act (HIPAA), even if they have obtained consent to engage in marketing with respect to such data. +#### Should I use a Public Operator or a Private Operator? + +For most participants, Public Operator is the simplest solution. A Public Operator integration is a much easier option than creating your own Private Operator. However, having a Private Operator instance has many advantages. The best choice depends on your unique scenario and needs. + +For more information to help you arrive at a decision, refer to the following: + +1. [The UID2 Operator](../ref-info/ref-operators-public-private.md) + +1. [UID2 Private Operator Integration Overview](../guides/integration-options-private-operator.md) + ## FAQs for Publishers Here are some frequently asked questions for publishers using the UID2 framework. @@ -144,7 +155,7 @@ Here are some frequently asked questions for advertisers and data providers usin #### How do I know when to refresh the UID2 due to salt bucket rotation? -Metadata supplied with the UID2 generation request indicates the salt bucket used for generating the UID2. Salt buckets persist and correspond to the underlying DII used to generate a UID2. Use the [POST /identity/buckets](../endpoints/post-identity-buckets.md) endpoint to return which salt buckets rotated since a given timestamp. The returned rotated salt buckets inform you which UID2s to refresh. +Metadata supplied with the UID2 generation request indicates the salt bucket used for generating the UID2. Salt buckets persist and correspond to the underlying DII used to generate a UID2. Use the [POST /identity/buckets](../endpoints/post-identity-buckets.md) endpoint to return which salt buckets rotated since a given timestamp. The returned rotated salt buckets inform you which UID2s to refresh. :::note We do not make any promises about when the rotation takes place. To stay as up-to-date as possible, we recommend doing the checks once per hour. @@ -173,7 +184,7 @@ The system should follow the [email normalization rules](gs-normalization-encodi Yes. Not storing mappings may increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of UID2s need to be updated daily. :::info -Unless you are using a private operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, in batches of 5,000 emails at a time. In other words, do your mapping without creating multiple parallel connections. +Unless you are using a Private Operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, in batches of 5,000 emails at a time. In other words, do your mapping without creating multiple parallel connections. ::: #### How should I handle user opt-outs? @@ -196,7 +207,7 @@ For more information, see [Monitor for salt bucket rotations related to your sto Yes, if the request is for a raw UID2. As covered in the previous FAQ, [Does the same DII always result in the same raw UID2?](#does-the-same-dii-always-result-in-the-same-raw-uid2), if an advertiser or data provider sends the same DII to the UID2 Operator, by using an SDK or the [POST /identity/map](../endpoints/post-identity-map.md) endpoint, at the same time, the same raw UID2 is created. -The result is the same, regardless of the operator and whether it's a Private Operator or a Public Operator. +The result is the same, regardless of the Operator and whether it's a Private Operator or a Public Operator. The timing is important only because of salt bucket rotation. If the salt value changes between one request and another, the result is a different raw UID2. diff --git a/docs/getting-started/gs-normalization-encoding.md b/docs/getting-started/gs-normalization-encoding.md index dca6221fd..927663328 100644 --- a/docs/getting-started/gs-normalization-encoding.md +++ b/docs/getting-started/gs-normalization-encoding.md @@ -28,7 +28,7 @@ UID2 supports the following types of directly identifying information (DII): ## Email Address Normalization -If you send unhashed email addresses to the UID2 Operator Service, the service normalizes the email addresses and then hashes them. If you want to hash the email addresses yourself before sending them, you must normalize them before you hash them. +If you send unhashed email addresses to the UID2 Operator Service, the service normalizes the email addresses and then hashes them. If you want to hash the email addresses yourself before sending them, you must normalize them before you hash them. :::important Normalizing before hashing ensures that the generated UID2 value will always be the same, so that the data can be matched. If you do not normalize before hashing, this might result in a different UID2, reducing the effectiveness of targeted advertising. diff --git a/docs/guides/advertiser-dataprovider-guide.md b/docs/guides/advertiser-dataprovider-guide.md index 31b436f59..997d951f8 100644 --- a/docs/guides/advertiser-dataprovider-guide.md +++ b/docs/guides/advertiser-dataprovider-guide.md @@ -13,7 +13,7 @@ import Link from '@docusaurus/Link'; This guide covers integration steps for organizations that collect user data and push it to other UID2 participants. Data collectors include advertisers, data on-boarders, measurement providers, identity graph providers, third-party data providers, and any other organizations that send data to other participants. -If you are using an Open Operator service hosted in the Snowflake Data Marketplace, see also [Snowflake Integration Guide](snowflake_integration.md). +If you are using a Public Operator service hosted in the Snowflake Data Marketplace, see also [Snowflake Integration Guide](snowflake_integration.md). ## Advertiser/Data Provider Routes to Use UID2 @@ -102,7 +102,7 @@ To keep your UID2-based audience information accurate and up to date, follow the It's important to honor user opt-out status. Here are two ways you can check that you have the latest opt-out information: -- The UID2 Operator Service distributes opt-out information to advertisers and data providers via the [POST /identity/map](../endpoints/post-identity-map.md) endpoint. +- The UID2 Operator Service distributes opt-out information to advertisers and data providers via the [POST /identity/map](../endpoints/post-identity-map.md) endpoint. - Advertisers and data providers can check the opt-out status of raw UID2s using the [POST /optout/status](../endpoints/post-optout-status.md) endpoint. diff --git a/docs/guides/integration-mobile-client-server.md b/docs/guides/integration-mobile-client-server.md index c3e7e121f..f83706146 100644 --- a/docs/guides/integration-mobile-client-server.md +++ b/docs/guides/integration-mobile-client-server.md @@ -17,7 +17,7 @@ import ExampleAdvertisingToken from '/docs/snippets/_example-advertising-token.m # UID2 Client-Server Integration Guide for Mobile -This guide is for mobile app publishers who want to integrate with UID2 by generating UID2 tokens server-side via a Public Operator or Private Operator and then passing the tokens and user identities into their mobile apps, which will in turn pass the tokens for bidstream use.   +This guide is for mobile app publishers who want to integrate with UID2 by generating UID2 tokens server-side via a Public Operator or Private Operator and then passing the tokens and user identities into their mobile apps, which will in turn pass the tokens for bidstream use.   This is called client-server integration because some integration steps are client-side and some are server-side. diff --git a/docs/guides/integration-options-private-operator.md b/docs/guides/integration-options-private-operator.md index 77854ede2..47db4414a 100644 --- a/docs/guides/integration-options-private-operator.md +++ b/docs/guides/integration-options-private-operator.md @@ -8,7 +8,7 @@ import Link from '@docusaurus/Link'; # UID2 Private Operator Integration Overview -UID2 participants that host their own Private Operator send their own first-party directly identifying information (DII) to their own, local UID2 Operator service, running in a private environment. +UID2 participants that host their own Private Operator send their own first-party directly identifying information (DII) to their own, local UID2 Operator service, running in a private environment. A Private Operator runs in an enclave—a virtual machine with additional security features to prevent unauthorized access, so that unauthorized individuals cannot download any configuration information or data from the virtual machine. @@ -16,6 +16,10 @@ Becoming a Private Operator includes several additional steps, and uses resource Learn about what the UID2 framework offers for Private Operators, including benefits, hosting options, documentation and other resources, and how to get started. +:::note +This page is about Private Operators. For information about Public Operators, or if you're not sure what the difference is or what an Operator is, see [The UID2 Operator](../ref-info/ref-operators-public-private.md). +::: + ## Private Operator Benefits Here are some of the intended benefits of participating in UID2 as a Private Operator: diff --git a/docs/guides/operator-guide-aws-marketplace.md b/docs/guides/operator-guide-aws-marketplace.md index d215ff8d5..9a98259cf 100644 --- a/docs/guides/operator-guide-aws-marketplace.md +++ b/docs/guides/operator-guide-aws-marketplace.md @@ -13,7 +13,7 @@ import AttestFailure from '/docs/snippets/_private-operator-attest-failure.mdx'; # UID2 Private Operator for AWS Integration Guide -The UID2 Operator is the API server in the UID2 ecosystem. For a Private Operator service running in AWS Marketplace, the UID2 Operator solution is enhanced with [AWS Nitro](https://aws.amazon.com/ec2/nitro/) Enclave technology. This is an additional security measure to help protect UID2 information from unauthorized access. +The UID2 Operator is the API server in the UID2 ecosystem. For a Private Operator service running in AWS Marketplace, the UID2 Operator solution is enhanced with [AWS Nitro](https://aws.amazon.com/ec2/nitro/) Enclave technology. This is an additional security measure to help protect UID2 information from unauthorized access. ## UID2 Private Operator for AWS diff --git a/docs/guides/operator-guide-azure-enclave.md b/docs/guides/operator-guide-azure-enclave.md index 6887b913c..888103cde 100644 --- a/docs/guides/operator-guide-azure-enclave.md +++ b/docs/guides/operator-guide-azure-enclave.md @@ -24,7 +24,7 @@ UID2 Private Operator for Azure is not supported in these areas: Europe, China. ## Prerequisites -Before deploying the UID2 Private Operator for Azure, complete these prerequisite steps: +Before deploying the UID2 Private Operator for Azure, complete these prerequisite steps: - [Set Up UID2 Operator Account](#set-up-uid2-operator-account) - [Install Azure CLI](#install-azure-cli) diff --git a/docs/guides/operator-private-gcp-confidential-space.md b/docs/guides/operator-private-gcp-confidential-space.md index 35be279ec..9056a938b 100644 --- a/docs/guides/operator-private-gcp-confidential-space.md +++ b/docs/guides/operator-private-gcp-confidential-space.md @@ -15,7 +15,7 @@ import ReleaseMatrix from '/docs/snippets/_private-operator-release-matrix.mdx'; This guide provides information for setting up the UID2 Operator Service in [Confidential Space](https://cloud.google.com/confidential-computing#confidential-space), a confidential computing option from [Google Cloud](https://cloud.google.com/docs/overview/) Platform. Confidential Space offers a secure enclave environment, known as a Trusted Execution Environment (TEE). :::note - UID2 Private Operator for GCP is not supported in these areas: Europe, China. + UID2 Private Operator for GCP is not supported in these areas: Europe, China. ::: The Operator Service runs in a Confidential Space "workload"—a containerized Docker image that runs in a secure cloud-based enclave on top of the Confidential Space image. diff --git a/docs/guides/summary-guides.md b/docs/guides/summary-guides.md index 89ddb0b83..7cb1cd342 100644 --- a/docs/guides/summary-guides.md +++ b/docs/guides/summary-guides.md @@ -113,7 +113,7 @@ The following resources are available for DSPs integrating with UID2. ## Private Operator Service Integrations -The following resources are available for Private Operator integrations. +The following resources are available for Private Operator integrations. | Integration Guide | Content Description | | :--- | :--- | diff --git a/docs/intro.md b/docs/intro.md index 0336887f4..5791a532a 100644 --- a/docs/intro.md +++ b/docs/intro.md @@ -75,7 +75,7 @@ The UID2 framework consists of the following components, all of which are curren | Component | Description | | :--- | :--- | | **Core Service** | A centralized service that manages access to salts, encryption keys, and other relevant data in the UID2 ecosystem. | -| **Operator Service** | A service that enables the management and storage of encryption keys and salts from the UID2 Core Service, hashing of users' personal data, encryption of raw UID2s, and decryption of UID2 tokens. There can be multiple instances of the service (public or private) operated by multiple [participants](#participants), known as operators.
Open operators run publicly available instances of the Operator Service and make them available to all relevant UID2 participants. There might also be private operators that run private instances of the Operator Service exclusively for their own use. All instances are designed with protections to keep critical UID2 data secure and interoperable, regardless of who operates the service. | +| **Operator Service** | A service that enables the management and storage of encryption keys and salts from the UID2 Core Service, hashing of users' personal data, encryption of raw UID2s, and decryption of UID2 tokens. There can be multiple instances of the service (public or private) operated by multiple [participants](#participants), known as operators.
Public Operators run publicly available instances of the Operator Service and make them available to all relevant UID2 participants. There might also be Private Operators that run private instances of the Operator Service exclusively for their own use. All instances are designed with protections to keep critical UID2 data secure and interoperable, regardless of who operates the service. | | **Opt-Out Service** | A global service that manages and stores user opt-out requests and disseminates them to publishers, operator service instances, and DSPs. | | **Transparency and Control Portal** | A user-facing website, [https://www.transparentadvertising.com/](https://www.transparentadvertising.com/), that allows consumers to opt out of UID2 at any time. | @@ -88,7 +88,7 @@ The following table lists the key participants and their roles in the UID2 [work | Participant | Role Description | | :--- | :--- | | **Core Administrator** | An organization (currently, The Trade Desk) that manages the UID2 Core Service and other [components](#components). For example, it distributes encryption keys and salts to UID2 operators and sends user opt-out requests to operators and DSPs. | -| **Operators** | Organizations that run the Operator Service (via the UID2 APIs). Operators receive and store encryption keys and salts from the UID2 Core Service, salt and hash personal data to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys.
Open operators run public instances of the Operator Service. For example, The Trade Desk currently serves as an open operator for the UID2 framework, available to all participants. If other open operators are available, a participant can choose which operator to work with.
Any participant can also choose to become a private operator to generate and manage UID2s. | +| **Operators** | Organizations that run the Operator Service (via the UID2 APIs). Operators periodically receive and store up-to-date encryption keys and salts from the UID2 Core Service, salt and hash personal data to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys.
Public Operators (Open Operators) run public instances of the Operator Service. For example, The Trade Desk currently serves as a Public Operator for the UID2 framework, available to all participants. If other Public Operators are available, a participant can choose which operator to work with.
Any participant can also choose to become a private operator to generate and manage UID2s. | | **DSPs** | DSPs integrate with the UID2 system to receive UID2s from advertisers (as first-party data) and third-party data providers (as third-party data) and leverage them to inform bidding on UID2s in the bidstream. | | **Data Providers** | Organizations that collect user data and push it to other UID2 participants—for example, advertisers, identity graph providers, and third-party data providers. | | **Advertisers** | Organizations that buy impressions across a range of publisher sites and use DSPs to decide which ad impressions to purchase and how much to bid on them. | diff --git a/docs/overviews/overview-publishers.md b/docs/overviews/overview-publishers.md index 4901beb15..b0a81addf 100644 --- a/docs/overviews/overview-publishers.md +++ b/docs/overviews/overview-publishers.md @@ -106,7 +106,7 @@ For a detailed summary of web integration options, see [Web Integration Overview |:-------------------------------------|:----------------------------------------------------------------------------------------------------| :--- | | Prebid (Overview) | [UID2 Integration Overview for Prebid](../guides/integration-prebid.md) | An overview of options for publishers who want to integrate with UID2 and generate UID2 tokens to be passed by Prebid.js or Prebid Mobile SDK in the RTB bidstream. | | Prebid.js Client-Side Integration | [UID2 Client-Side Integration Guide for Prebid.js](../guides/integration-prebid-client-side.md) | A guide for publishers who want to request UID2 tokens client-side, which is the easiest implementation approach, and choose to have Prebid.js manage the following: | -| Prebid.js Client-Server Integration | [UID2 Client-Server Integration Guide for Prebid.js](../guides/integration-prebid-client-server.md) | A guide for publishers who want to integrate with UID2 and generate UID2 tokens (advertising tokens) to be passed by Prebid.js in the RTB bidstream, but want to generate tokens server-side: for example, publishers who are using a Private Operator. | +| Prebid.js Client-Server Integration | [UID2 Client-Server Integration Guide for Prebid.js](../guides/integration-prebid-client-server.md) | A guide for publishers who want to integrate with UID2 and generate UID2 tokens (advertising tokens) to be passed by Prebid.js in the RTB bidstream, but want to generate tokens server-side: for example, publishers who are using a Private Operator. | | JavaScript (Overview) | [UID2 Integration Overview for JavaScript](../guides/integration-javascript.md) | An overview of options for publishers who want to integrate with UID2 using the JavaScript SDK. | | JavaScript Client-Side Integration | [Client-Side Integration Guide for JavaScript](../guides/integration-javascript-client-side.md) | A guide for publishers who want to integrate with UID2 using only client-side JavaScript changes, which is the easiest implementation approach.
The SDK for JavaScript manages token generation and token refresh automatically. | | JavaScript Client-Server Integration | [Client-Server Integration Guide for JavaScript](../guides/integration-javascript-client-server.md) | A publisher guide covering standard web integration scenarios that use the SDK for JavaScript and require tokens to be generated on the server side and passed to the publisher web pages. | diff --git a/docs/portal/api-keys.md b/docs/portal/api-keys.md index c9aa787ba..09b6dea7b 100644 --- a/docs/portal/api-keys.md +++ b/docs/portal/api-keys.md @@ -18,7 +18,7 @@ In the UID2 Portal, on the **API Keys** page, you can perform all activities rel ## Overview -The API key and client secret allow you to connect to the UID2 Operator Service and call API endpoints, directly or via one of the UID2 SDKs. These values identify you to the service. +The API key and client secret allow you to connect to the UID2 Operator Service and call API endpoints, directly or via one of the UID2 SDKs. These values identify you to the service. When you add an API key in the UID2 Portal, it's very important that you store the key and its corresponding secret securely and do everything necessary to make sure that these values are not compromised. For more information, see [API Key and Client Secret](../getting-started/gs-credentials.md#api-key-and-client-secret). diff --git a/docs/ref-info/glossary-uid.md b/docs/ref-info/glossary-uid.md index c4bb11028..be3a4a174 100644 --- a/docs/ref-info/glossary-uid.md +++ b/docs/ref-info/glossary-uid.md @@ -383,6 +383,15 @@ import Link from '@docusaurus/Link';
A string of characters that is used in the process of transforming an email address or phone number into a secure, opaque value that cannot by itself be traced back to the original value.
The UID2 service uses salt as part of the process, along with hashing and encryption, to secure the original value. Salt is added to the input value before hashing.
+
Salt bucket
+
A string of characters used to identify a specific salt value used in the process of creating a specific raw UID2. In this context, the term "bucket" does not reference a cloud storage bucket; the salt bucket ID is the identifier for a specific salt value.
+
Because salt values are refreshed from time to time, having the salt bucket ID is helpful when the salt value has been updated, so that the old and new values can be correlated.
+
Each UID2 has a salt bucket. The salt for each bucket rotates once every 12 months. Each salt bucket has an alphanumeric designation.
+
The UID2 Operator receives and stores up-to-date salts from the UID2 Core Service, and authorized UID2 participants can retrieve salt bucket IDs by calling the [POST /identity/buckets](../endpoints/post-identity-buckets.md) endpoint.
+
Salt buckets are rotated approximately once per year. This means that approximately 1/365th of the buckets are rotated daily. When the salt bucket is rotated, the raw UID2 value is updated accordingly, wich renders the previous value obsolete.
+
Authorized users should check for updated salt bucket IDs frequently.
+
For an example of a salt bucket ID, see the response to the `POST /identity/buckets` endpoint: Decrypted JSON Response Format.
+
Salted hash
When a salt value is added to the input string before applying the hash function, the result is a salted hash. When the input value is salted before hashing, an attacker who has the hash cannot determine the input value by trying many possible inputs to arrive at the same output.
diff --git a/docs/ref-info/ref-operators-public-private.md b/docs/ref-info/ref-operators-public-private.md index 80ae3e23f..88f44efa4 100644 --- a/docs/ref-info/ref-operators-public-private.md +++ b/docs/ref-info/ref-operators-public-private.md @@ -17,7 +17,13 @@ All instances of the Operator Service are designed with rigorous protections in There can be multiple instances of the Operator Service, operated by multiple participants. Each of these participants is known as a UID2 Operator. -A UID2 Operator is simply an organization that runs the Operator Service. Operators receive and store encryption keys and salts from the UID2 Core Service, salt and hash personal data to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys. +A UID2 Operator is simply an organization that runs the Operator Service. Operators periodically perform multiple tasks including the following: + +- Receive and store up-to-date encryption keys and salts from the UID2 Core Service. +- Salt and hash personal data to return raw UID2s. +- Encrypt raw UID2s to generate UID2 tokens. +- Distribute UID2 token decryption keys. +- Download the latest user opt-out information from the UID2 Opt-Out Service. UID2 Operators fall into two categories: diff --git a/docs/ref-info/ref-tokens.md b/docs/ref-info/ref-tokens.md index 15a54982f..7d5be26ac 100644 --- a/docs/ref-info/ref-tokens.md +++ b/docs/ref-info/ref-tokens.md @@ -43,7 +43,7 @@ Here are some key points about refresh tokens: - By using the UID2 Prebid.js module (see [UID2 Integration Overview for Prebid.js](../guides/integration-prebid.md)) - When a new UID2 token is generated and returned in response to the refresh token, a new refresh token is returned along with it. - In most cases, you can refresh tokens on the client side, even if the token was generated on the server side. For details about refresh functionality for the various SDKs, see [SDK Functionality](../sdks/summary-sdks.md#sdk-functionality) (*Refresh UID2 Token* column). -- When the UID2 Operator service receives the refresh token with a request for a new UID2 token, it checks for user opt-out. If the user has opted out of UID2, no new UID2 token is generated. For details, see [User Opt-Out](../getting-started/gs-opt-out.md). +- When the UID2 Operator Service receives the refresh token with a request for a new UID2 token, it checks for user opt-out. If the user has opted out of UID2, no new UID2 token is generated. For details, see [User Opt-Out](../getting-started/gs-opt-out.md). ### Recommended Token Refresh Frequency From e024136bd32e013a92a0ccb43d028e59470fa7ce Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Fri, 4 Oct 2024 09:49:27 -0400 Subject: [PATCH 2/6] updated salt bucket def from AT --- docs/ref-info/glossary-uid.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/ref-info/glossary-uid.md b/docs/ref-info/glossary-uid.md index be3a4a174..7ea23b0ed 100644 --- a/docs/ref-info/glossary-uid.md +++ b/docs/ref-info/glossary-uid.md @@ -384,12 +384,11 @@ import Link from '@docusaurus/Link';
The UID2 service uses salt as part of the process, along with hashing and encryption, to secure the original value. Salt is added to the input value before hashing.
Salt bucket
-
A string of characters used to identify a specific salt value used in the process of creating a specific raw UID2. In this context, the term "bucket" does not reference a cloud storage bucket; the salt bucket ID is the identifier for a specific salt value.
-
Because salt values are refreshed from time to time, having the salt bucket ID is helpful when the salt value has been updated, so that the old and new values can be correlated.
-
Each UID2 has a salt bucket. The salt for each bucket rotates once every 12 months. Each salt bucket has an alphanumeric designation.
-
The UID2 Operator receives and stores up-to-date salts from the UID2 Core Service, and authorized UID2 participants can retrieve salt bucket IDs by calling the [POST /identity/buckets](../endpoints/post-identity-buckets.md) endpoint.
-
Salt buckets are rotated approximately once per year. This means that approximately 1/365th of the buckets are rotated daily. When the salt bucket is rotated, the raw UID2 value is updated accordingly, wich renders the previous value obsolete.
-
Authorized users should check for updated salt bucket IDs frequently.
+
A salt bucket is used to manage secret salt values over time. Each bucket contains a single current salt value, which remains active for approximately one year before being rotated to a new value. Buckets can be updated independently of one another.
+
There are just over one million salt buckets, and each email address or phone number is assigned to a specific bucket in a deterministic manner. However, this assignment is not permanent; it might change when the bucket's current secret salt is rotated to a new value.
+ +
Salt bucket ID
+
A salt bucket ID is a unique string of characters that identifies a specific Salt bucket. The salt bucket ID can be used to check which salt buckets have recently had their salt values updated, indicating which emails or phone numbers need their raw UID2 values regenerated.
For an example of a salt bucket ID, see the response to the `POST /identity/buckets` endpoint: Decrypted JSON Response Format.
Salted hash
From f4463a269264a6b570e8d16b831d26ca545fe301 Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Wed, 9 Oct 2024 12:17:27 -0400 Subject: [PATCH 3/6] edits from SW --- docs/endpoints/post-identity-map.md | 4 ++-- docs/endpoints/post-optout-status.md | 4 ++-- docs/getting-started/gs-faqs.md | 4 ++-- docs/intro.md | 4 ++-- docs/ref-info/glossary-uid.md | 2 +- docs/ref-info/ref-operators-public-private.md | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/endpoints/post-identity-map.md b/docs/endpoints/post-identity-map.md index f57816a2f..f520f38ac 100644 --- a/docs/endpoints/post-identity-map.md +++ b/docs/endpoints/post-identity-map.md @@ -19,8 +19,8 @@ Here's what you need to know: - The maximum request size is 1MB. - To map a large number of email addresses, phone numbers, or their respective hashes, send them in *sequential* batches with a maximum batch size of 5,000 items per batch. -- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and map directly identifying information (DII) consecutively. -- Be sure to store mappings of email addresses, phone numbers, or their respective hashes.
Not storing mappings may increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of raw UID2s need to be updated daily. See also [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md) and [FAQs for Advertisers and Data Providers](../getting-started/gs-faqs.md#faqs-for-advertisers-and-data-providers). +- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and send batches of hashed or unhashed directly identifying information (DII) values consecutively, without creating multiple parallel connections. +- Be sure to store mappings of email addresses, phone numbers, or their respective hashes.
Not storing mappings could increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of raw UID2s need to be updated daily. See also [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md) and [FAQs for Advertisers and Data Providers](../getting-started/gs-faqs.md#faqs-for-advertisers-and-data-providers). ## Request Format diff --git a/docs/endpoints/post-optout-status.md b/docs/endpoints/post-optout-status.md index f6ca963dd..492b8aa62 100644 --- a/docs/endpoints/post-optout-status.md +++ b/docs/endpoints/post-optout-status.md @@ -9,7 +9,7 @@ import Link from '@docusaurus/Link'; # POST /optout/status -Checks the opt-out status of raw UID2s. Given a list of raw UID2s, this endpoint returns the raw UID2s that have opted out, as well as the time that the opt-out took place. For more information, see [User Opt-Out](../getting-started/gs-opt-out.md). +Checks the opt-out status of raw UID2s. Given a list of raw UID2s, this endpoint returns the raw UID2s that have opted out, as well as the time that the opt-out took place. For more information, see [User Opt-Out](../getting-started/gs-opt-out.md). Used by: This endpoint is used by advertisers, data providers, DSPs, and sharers. More generally, this is for participants who have access to raw UID2s but do not have access to the underlying email addresses or phone numbers and want to know opt-out status. @@ -24,7 +24,7 @@ For details, refer to the following documentation, depending on your role: The key guidelines for managing batches of requests to this endpoint are as follows: - To check the opt-out status of a large number of UID2s, send them in sequential batches with a maximum batch size of 5,000 items per batch. -- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and send batches of raw UID2s consecutively. +- Unless you are using a Private Operator, do not send batches in parallel. In other words, use a single HTTP connection and send batches of raw UID2s consecutively, without creating multiple parallel connections. ## Request Format diff --git a/docs/getting-started/gs-faqs.md b/docs/getting-started/gs-faqs.md index 78349f096..2e749130d 100644 --- a/docs/getting-started/gs-faqs.md +++ b/docs/getting-started/gs-faqs.md @@ -183,8 +183,8 @@ The system should follow the [email normalization rules](gs-normalization-encodi Yes. Not storing mappings may increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of UID2s need to be updated daily. -:::info -Unless you are using a Private Operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, in batches of 5,000 emails at a time. In other words, do your mapping without creating multiple parallel connections. +:::important +Unless you are using a Private Operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, in batches of 5,000 emails at a time. In other words, do your mapping without creating multiple parallel connections. ::: #### How should I handle user opt-outs? diff --git a/docs/intro.md b/docs/intro.md index 5791a532a..3b59c0fcd 100644 --- a/docs/intro.md +++ b/docs/intro.md @@ -38,7 +38,7 @@ The UID2 framework is built on the following technical principles: - **Distributed integration**: Multiple certified integration paths provide options for publishers, advertisers, and third-party data providers to manage and exchange UID2 tokens. -- **Decentralized storage**: The framework does not have a centralized storage for personal data mappings. All participants maintain only their own data. +- **Decentralized storage**: The framework does not have a centralized storage for personal data (DII) mappings. All participants maintain only their own data. - **Lean infrastructure**: The UID2 system is light and inexpensive to operate. @@ -88,7 +88,7 @@ The following table lists the key participants and their roles in the UID2 [work | Participant | Role Description | | :--- | :--- | | **Core Administrator** | An organization (currently, The Trade Desk) that manages the UID2 Core Service and other [components](#components). For example, it distributes encryption keys and salts to UID2 operators and sends user opt-out requests to operators and DSPs. | -| **Operators** | Organizations that run the Operator Service (via the UID2 APIs). Operators periodically receive and store up-to-date encryption keys and salts from the UID2 Core Service, salt and hash personal data to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys.
Public Operators (Open Operators) run public instances of the Operator Service. For example, The Trade Desk currently serves as a Public Operator for the UID2 framework, available to all participants. If other Public Operators are available, a participant can choose which operator to work with.
Any participant can also choose to become a private operator to generate and manage UID2s. | +| **Operators** | Organizations that run the Operator Service (via the UID2 APIs). Operators periodically receive and store up-to-date encryption keys and salts from the UID2 Core Service, salt and hash DII to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys.
Public Operators (Open Operators) run public instances of the Operator Service. For example, The Trade Desk currently serves as a Public Operator for the UID2 framework, available to all participants. If other Public Operators are available, a participant can choose which operator to work with.
Any participant can also choose to become a private operator to generate and manage UID2s. | | **DSPs** | DSPs integrate with the UID2 system to receive UID2s from advertisers (as first-party data) and third-party data providers (as third-party data) and leverage them to inform bidding on UID2s in the bidstream. | | **Data Providers** | Organizations that collect user data and push it to other UID2 participants—for example, advertisers, identity graph providers, and third-party data providers. | | **Advertisers** | Organizations that buy impressions across a range of publisher sites and use DSPs to decide which ad impressions to purchase and how much to bid on them. | diff --git a/docs/ref-info/glossary-uid.md b/docs/ref-info/glossary-uid.md index 7ea23b0ed..18dd74a82 100644 --- a/docs/ref-info/glossary-uid.md +++ b/docs/ref-info/glossary-uid.md @@ -315,7 +315,7 @@ import Link from '@docusaurus/Link';
Operator
An Operator is an organization or entity that runs the UID2 Operator Service. The UID2 Operator is the API server in the UID2 ecosystem.
-
Operators perform multiple functions, such as receiving encryption keys and salts from the UID2 Core Service, salting and hashing personal data to return raw UID2s, and encrypting raw UID2s to generate UID2 tokens.
+
Operators perform multiple functions, such as receiving encryption keys and salts from the UID2 Core Service, salting and hashing personal data (DII) to return raw UID2s, and encrypting raw UID2s to generate UID2 tokens.
A participant can also choose to become a Private Operator to access UID2 APIs and to generate raw UID2s and UID2 tokens from within a private infrastructure.
For details, see participants and The UID2 Operator.
diff --git a/docs/ref-info/ref-operators-public-private.md b/docs/ref-info/ref-operators-public-private.md index 88f44efa4..d0db98540 100644 --- a/docs/ref-info/ref-operators-public-private.md +++ b/docs/ref-info/ref-operators-public-private.md @@ -20,9 +20,9 @@ There can be multiple instances of the Operator Service, operated by multiple pa A UID2 Operator is simply an organization that runs the Operator Service. Operators periodically perform multiple tasks including the following: - Receive and store up-to-date encryption keys and salts from the UID2 Core Service. -- Salt and hash personal data to return raw UID2s. +- Salt and hash DII to return raw UID2s. - Encrypt raw UID2s to generate UID2 tokens. -- Distribute UID2 token decryption keys. +- Distribute UID2 token decryption keys to server-side SDKs (see [SDKs: Summary](../sdks/summary-sdks.md)). - Download the latest user opt-out information from the UID2 Opt-Out Service. UID2 Operators fall into two categories: From fe180417a2ad922ad7925cf37c85fc73efb312b4 Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Wed, 9 Oct 2024 16:32:15 -0400 Subject: [PATCH 4/6] restore copy mod --- docs/ref-info/ref-operators-public-private.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/ref-info/ref-operators-public-private.md b/docs/ref-info/ref-operators-public-private.md index fa31a797d..d0db98540 100644 --- a/docs/ref-info/ref-operators-public-private.md +++ b/docs/ref-info/ref-operators-public-private.md @@ -17,7 +17,13 @@ All instances of the Operator Service are designed with rigorous protections in There can be multiple instances of the Operator Service, operated by multiple participants. Each of these participants is known as a UID2 Operator. -A UID2 Operator is simply an organization that runs the Operator Service. Operators receive and store encryption keys and salts from the UID2 Core Service, salt and hash DII to return raw UID2s, encrypt raw UID2s to generate UID2 tokens, and distribute UID2 token decryption keys. +A UID2 Operator is simply an organization that runs the Operator Service. Operators periodically perform multiple tasks including the following: + +- Receive and store up-to-date encryption keys and salts from the UID2 Core Service. +- Salt and hash DII to return raw UID2s. +- Encrypt raw UID2s to generate UID2 tokens. +- Distribute UID2 token decryption keys to server-side SDKs (see [SDKs: Summary](../sdks/summary-sdks.md)). +- Download the latest user opt-out information from the UID2 Opt-Out Service. UID2 Operators fall into two categories: From b98daa3ef452bf1e0839d4e01a815b5753bf3f76 Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Wed, 9 Oct 2024 16:37:10 -0400 Subject: [PATCH 5/6] additional edit from SW --- docs/ref-info/ref-operators-public-private.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/ref-info/ref-operators-public-private.md b/docs/ref-info/ref-operators-public-private.md index d0db98540..fe7ce739c 100644 --- a/docs/ref-info/ref-operators-public-private.md +++ b/docs/ref-info/ref-operators-public-private.md @@ -24,6 +24,7 @@ A UID2 Operator is simply an organization that runs the Operator Service. Operat - Encrypt raw UID2s to generate UID2 tokens. - Distribute UID2 token decryption keys to server-side SDKs (see [SDKs: Summary](../sdks/summary-sdks.md)). - Download the latest user opt-out information from the UID2 Opt-Out Service. +- Support a number of UID2 endpoints. For details, see [UID2 Endpoints: Summary](../endpoints/summary-endpoints.md). UID2 Operators fall into two categories: From 01ea6f9ed9a9cb421caa3aaab5eb189c84e6a2a5 Mon Sep 17 00:00:00 2001 From: genwhittTTD Date: Mon, 14 Oct 2024 10:25:21 -0400 Subject: [PATCH 6/6] edits from AT --- docs/endpoints/post-identity-map.md | 2 +- docs/getting-started/gs-faqs.md | 6 +++--- docs/guides/operator-guide-azure-enclave.md | 4 ++-- docs/guides/operator-private-gcp-confidential-space.md | 4 ++-- docs/ref-info/ref-operators-public-private.md | 4 ++-- docs/sdks/sdk-ref-javascript.md | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/endpoints/post-identity-map.md b/docs/endpoints/post-identity-map.md index 093d353dc..183d59fb9 100644 --- a/docs/endpoints/post-identity-map.md +++ b/docs/endpoints/post-identity-map.md @@ -9,7 +9,7 @@ import Link from '@docusaurus/Link'; # POST /identity/map -Maps multiple email addresses, phone numbers, or their respective hashes to their raw UID2s and salt bucket IDs. You can also use this endpoint to check for updates to opt-out information. +Maps multiple email addresses, phone numbers, or their respective hashes to their raw UID2s and salt bucket IDs. You can also use this endpoint to check for updates to opt-out information. Used by: This endpoint is used mainly by advertisers and data providers. For details, see [Advertiser/Data Provider Integration Guide](../guides/advertiser-dataprovider-guide.md). diff --git a/docs/getting-started/gs-faqs.md b/docs/getting-started/gs-faqs.md index 2e749130d..6a3d4ec47 100644 --- a/docs/getting-started/gs-faqs.md +++ b/docs/getting-started/gs-faqs.md @@ -46,9 +46,9 @@ No. UID2 participants must not generate UID2s from Protected Health Information, #### Should I use a Public Operator or a Private Operator? -For most participants, Public Operator is the simplest solution. A Public Operator integration is a much easier option than creating your own Private Operator. However, having a Private Operator instance has many advantages. The best choice depends on your unique scenario and needs. +For most participants, Public Operator is the simplest solution. A Public Operator integration is a much easier option than hosting your own Private Operator. Having a Private Operator instance has some advantages, but adds extra complexities and costs. -For more information to help you arrive at a decision, refer to the following: +The best choice depends on your unique scenario and needs. For more information to help you arrive at a decision, refer to the following: 1. [The UID2 Operator](../ref-info/ref-operators-public-private.md) @@ -184,7 +184,7 @@ The system should follow the [email normalization rules](gs-normalization-encodi Yes. Not storing mappings may increase processing time drastically when you have to map millions of email addresses or phone numbers. Recalculating only those mappings that actually need to be updated, however, reduces the total processing time because only about 1/365th of UID2s need to be updated daily. :::important -Unless you are using a Private Operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, in batches of 5,000 emails at a time. In other words, do your mapping without creating multiple parallel connections. +Unless you are using a Private Operator, you must map email addresses, phone numbers, or hashes consecutively, using a single HTTP connection, with a maximum batch size of 5,000 items per batch. In other words, do your mapping without creating multiple parallel connections. ::: #### How should I handle user opt-outs? diff --git a/docs/guides/operator-guide-azure-enclave.md b/docs/guides/operator-guide-azure-enclave.md index 888103cde..bcf948d1f 100644 --- a/docs/guides/operator-guide-azure-enclave.md +++ b/docs/guides/operator-guide-azure-enclave.md @@ -12,7 +12,7 @@ import ReleaseMatrix from '/docs/snippets/_private-operator-release-matrix.mdx'; # UID2 Private Operator for Azure Integration Guide -This guide provides information for setting up the UID2 Operator Service in an instance of [Confidential Containers](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers), a confidential computing option from Microsoft Azure. Confidential Containers instances run in a hardware-backed Trusted Execution Environment (TEE) that provides intrinsic capabilities such as data integrity, data confidentiality, and code integrity. +The UID2 Operator is the API server in the UID2 ecosystem. This guide provides information for setting up the UID2 Operator Service as a Private Operator in an instance of [Confidential Containers](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers), a confidential computing option from Microsoft Azure. Confidential Containers instances run in a hardware-backed Trusted Execution Environment (TEE) that provides intrinsic capabilities such as data integrity, data confidentiality, and code integrity. When the Docker container for the UID2 Operator Confidential Containers instance starts up, it completes the attestation process that allows the UID2 Core Service to verify the authenticity of the Operator Service and the enclave environment that the Operator Service is running in. @@ -24,7 +24,7 @@ UID2 Private Operator for Azure is not supported in these areas: Europe, China. ## Prerequisites -Before deploying the UID2 Private Operator for Azure, complete these prerequisite steps: +Before deploying the UID2 Private Operator for Azure, complete these prerequisite steps: - [Set Up UID2 Operator Account](#set-up-uid2-operator-account) - [Install Azure CLI](#install-azure-cli) diff --git a/docs/guides/operator-private-gcp-confidential-space.md b/docs/guides/operator-private-gcp-confidential-space.md index 9056a938b..846ac69cc 100644 --- a/docs/guides/operator-private-gcp-confidential-space.md +++ b/docs/guides/operator-private-gcp-confidential-space.md @@ -12,10 +12,10 @@ import ReleaseMatrix from '/docs/snippets/_private-operator-release-matrix.mdx'; # UID2 Private Operator for GCP Integration Guide -This guide provides information for setting up the UID2 Operator Service in [Confidential Space](https://cloud.google.com/confidential-computing#confidential-space), a confidential computing option from [Google Cloud](https://cloud.google.com/docs/overview/) Platform. Confidential Space offers a secure enclave environment, known as a Trusted Execution Environment (TEE). +This guide provides information for setting up the UID2 Operator Service as a Private Operator instance in [Confidential Space](https://cloud.google.com/confidential-computing#confidential-space), a confidential computing option from [Google Cloud](https://cloud.google.com/docs/overview/) Platform. Confidential Space offers a secure enclave environment, known as a Trusted Execution Environment (TEE). :::note - UID2 Private Operator for GCP is not supported in these areas: Europe, China. + UID2 Private Operator for GCP is not supported in these areas: Europe, China. ::: The Operator Service runs in a Confidential Space "workload"—a containerized Docker image that runs in a secure cloud-based enclave on top of the Confidential Space image. diff --git a/docs/ref-info/ref-operators-public-private.md b/docs/ref-info/ref-operators-public-private.md index fe7ce739c..e1465bb86 100644 --- a/docs/ref-info/ref-operators-public-private.md +++ b/docs/ref-info/ref-operators-public-private.md @@ -17,7 +17,7 @@ All instances of the Operator Service are designed with rigorous protections in There can be multiple instances of the Operator Service, operated by multiple participants. Each of these participants is known as a UID2 Operator. -A UID2 Operator is simply an organization that runs the Operator Service. Operators periodically perform multiple tasks including the following: +A UID2 Operator is an organization that runs the Operator Service. Operators periodically perform multiple tasks including the following: - Receive and store up-to-date encryption keys and salts from the UID2 Core Service. - Salt and hash DII to return raw UID2s. @@ -67,6 +67,6 @@ For most participants, Public Operator is the simplest solution. The down side of the Private Operator option is that it requires ongoing engineering effort to build and maintain. Because a Private Operator instance is managed by the participant, there are continual updates and changes that are required and must be completed within a specified time frame. -A Public Operator integration is a much easier option than creating your own instance. There is no cost to the participant, and virtually no engineering work is needed other than initial setup and configuration. +A Public Operator integration is a much easier option than hosting your own instance. There is no cost to the participant, and virtually no engineering work is needed other than initial setup and configuration. For these reasons, we recommend choosing a Public Operator. diff --git a/docs/sdks/sdk-ref-javascript.md b/docs/sdks/sdk-ref-javascript.md index 434d4d869..77c983323 100644 --- a/docs/sdks/sdk-ref-javascript.md +++ b/docs/sdks/sdk-ref-javascript.md @@ -577,7 +577,7 @@ window.__uid2.callbacks.push(callbackFunction); #### Take advantage of `setIdentity` and other new features -Previous versions of the SDK had only one way to provide a new identity: in the call to `init`. This meant that some publishers had to make use of various workarounds to provide a new identity later in the page lifecycle. You might be able to simplify your integration by removing these workarounds and simply calling `setIdentity` if you want to pass a new identity to the SDK after `init` has been called. +Previous versions of the SDK had only one way to provide a new identity: in the call to `init`. This meant that some publishers had to make use of various workarounds to provide a new identity later in the page lifecycle. You might be able to simplify your integration by removing these workarounds and just calling `setIdentity` if you want to pass a new identity to the SDK after `init` has been called. #### Change how you call init