Data sharing between Aggregation Service and Coordinators
Key Generation and Distribution Service
An essential part of how Coordinators operate, the role of Key Hosting Service is to house keys created from the Key Generation Service, whose role is to create Data Encryption Keys (DEK), and to provide them either for public-facing or private use. Public Key Hosting Service uses a Content Delivery Network (CDN) to provide such keys for encryption of user-data on the Chrome or Android clients for Aggregation Service and B&A Service. Private Key Hosting Service uses secured APIs that provide private keys that can only be accessed from within a TEE instance for decryption purposes. In the case of Aggregation Service, this would be to decrypt the raw aggregatable reports given from Attribution Reporting API or Private Aggregation API.
Aggregatable Report Accounting
The Aggregatable Reporting Account Service is used for accounting to ensure reports are not processed more than once. To do this, it uses the shared ID and the reporting origin received from Aggregation Service. When the aggregation service calls Aggregatable Reporting Account Service for budget consumption, it sends the shared ID and the reporting origin to Aggregatable Reporting Account Service. This service uses the origin for authorization and both the origin and the shared ID to keep track of budget consumption.
If the budget has not already been consumed for the specified shared ID, Aggregatable Reporting Account Service consumes the budget, keeps track of the consumption for the shared ID in a ledger, and returns a success code to Aggregation Service. The Aggregation service then generates a summary report and releases it to the ad tech. If consumption fails, an error is returned to the Aggregation Service and the aggregation job fails. Aggregation service in turn returns this error code to the ad tech.
Read more about Aggregatable Report Accounting and Cross-Cloud Coordinators.