Architecture

Learn the auction architecture of Bidding and Auction Services

Overview

Bidding and Auction (B&A) Services provides a set of services for ad buyers and sellers that runs in a Trusted Execution Environment (TEE) to facilitate a Protected Audience (PA) auction. This page describes the various auction configurations that B&A can be used in a PA auction.

Definitions

Term	Description
Protected Audience auction	An ad auction that involves cross-site data
Contextual auction	An ad auction that does not involve cross-site data. This auction follows the existing Real-Time Bidding (RTB) auction path.
Unified auction request	A request sent by the seller's JavaScript code from the browser that includes the payload for both the Protected Audience auction and the contextual auction.
Seller Ad Service (SAS)	The service responsible for handling the unified auction request from the browser. This may be a seller's existing RTB ad server. SAS is responsible for orchestrating both contextual and Protected Audience auctions.
Buyer Ad Service	The service responsible for submitting a contextual auction bid. This may be a buyer's existing ORTB ad server.

Services for buyers and sellers

B&A Services is composed of four services for buyers and sellers:

For buyers, Bidding Service and Buyer Front-End (BFE) Service are available for usage.
For sellers, Auction Service and Seller Front-End (SFE) Service are available for usage.

Participant	Service	Description
Buyer	Buyer Front-End (BFE) Service	The service handles the `GetBids` request from a seller's SFE. It is responsible for decrypting the payload, fetching the K/V signals, and calling Bidding Service's `GenerateBids`.
Buyer	Bidding Service	The service handles the `GenerateBids` request from BFE. It is responsible for running the buyer's bidding logic, and generating a bid.
Seller	Seller Front-End (SFE) Service	The service handles the `SelectAd` request from the Seller Ad Service. It is responsible for decrypting the payload, calling BFE's `GetBids` operation, fetching the K/V signals, calling Auction Service's `ScoreAd` operation, then returning the encrypted B&A auction result to SAS. When the service is a part of the top-level seller's stack in a server-orchestrated multi-seller auction, the service also handles the `GetComponentAuctionCiphertexts` request from SAS.
Seller	Auction Service	The service handles the `ScoreAd` request from SFE. It is responsible for running the seller's scoring logic, and providing the desirability score of a bid.

Architecture of a PA B&A auction for Web

The following diagram describes the basic Protected Audience auction with B&A Services with a single seller and a single buyer. The thick red outlined boxes represent services running in a TEE:

The client-side JavaScript code sends the unified auction request to SSP. The SAS sends a request to SFE, and the SFE sends a request to BFE for a bid

(Full-sized diagram)

The SSP's JavaScript code on the publisher page generates the encrypted B&A ad auction data by calling navigator.getInterestGroupAdAuctionData().
- This encrypted payload contains buyer's data and can only be decrypted inside an SFE in a TEE.
The SSP JavaScript code sends a unified auction request to Seller Ad Service.
- A unified auction request contains both the plaintext ORTB contextual auction payload and the encrypted B&A auction payload.
- The Seller Ad Service is your existing ad server, and does not run in a TEE.
The Seller Ad Service calls the DSP's RTB service to request the contextual auction bid and any buyer signals to be passed into the subsequent PA auction.
- This can be a step where a buyer signals their intent to participate in the PA auction.
After the contextual auction completes, SAS sends the SelectAd request to the SFE Service.
- Contextual auction winning bid and buyer signals are added to the SelectAd request payload.
SSP's SFE Service calls DSP's BFE Service with the GetBids request.
DSP's BFE calls the Bidding Service with the GenerateBids request.
Once the bid is received by SFE, the ScoreAd call is made to Auction Service.
- The bid with the highest desirability score is returned to SAS and then is forwarded to the JavaScript code on the page.
The auction is finished in the browser by passing the encrypted B&A auction result into the navigator.runAdAuction() call.

Auction configurations

A Protected Audience auction with B&A Services can be configured in the following ways:

Single-seller auction with B&A buyers
Mixed-mode auction with on-device buyers and B&A buyers
Multi-seller auction that can be device-orchestrated or server-orchestrated

Participants

To describe each auction configuration, the following participants are used in this guide:

Participant	Description
`DSP-A`	On-device buyer
`DSP-B`	On-device buyer
`DSP-X`	B&A buyer
`DSP-Y`	B&A buyer
`SSP-TOP`	Top-level seller
`SSP-OD`	On-device-only seller
`SSP-BA`	B&A-only seller
`SSP-MIX`	Mixed-mode seller

There are four DSPs:

DSP-A and DSP-B participate only in on-device auctions
DSP-X and DSP-Y participate both on-device auctions and B&A auctions

There are four SSPs, and each seller runs a different auction configuration:

SSP-OD runs an on-device-only auction
SSP-BA runs a B&A-only auction
SSP-MIX runs a mixed-mode auction
SSP-TOP runs a multi-seller auction:
- SSP-OD/BA/MIX participate as component sellers of SSP-TOP's multi-seller auction

Single-seller B&A auction

In a single-seller setup, one seller runs an auction that multiple buyers participate in. If the seller is running a B&A auction, the buyers must be running the buyer stack of B&A Services to submit a bid to the auction. The buyers and sellers don't need to use the same cloud provider.

A single-seller architecture where one SFE communicates with multiple BFEs to receive bids

(Full-sized diagram)

In the preceding setup, SSP-BA runs a B&A auction that DSP-X and DSP-Y participate in using the buyer stack of B&A Services. The seller's Ad Service runs a contextual auction first for DSP-X and DSP-Y, then runs a Protected Audience auction by sending the SelectAd request to the seller's SFE Service. The contextual auction winning bid and the signals for each buyer are passed into the SelectAd call. Then the SFE Service sends GetBids requests to DSP-X's and DSP-Y's BFE which will call their Bidding Service to generate a bid.

The encrypted B&A auction result is returned to the client, and is passed into the runAdAuction() call. A single-seller auction config looks like the following:

await navigator.runAdAuction({
  seller: 'https://ssp-ba.example',
  requestId: 'g8312cb2-da2d-4e9b-80e6-e13dec2a581c',
  serverResponse: Uint8Array(560) [193, 120, 4, …] // Encrypted B&A auction result
})

The requestId value comes from the getInterestGroupAdAuctionData() call on the client, and the serverResponse data comes from the server-side B&A auction.

Mixed-mode auction

In the mixed-mode configuration, buyers can participate in the seller's auction from on-device or B&A. The blue arrows represent the on-device auction path and the red arrows represent the B&A auction path:

A mixed-mode seller architecture where buyers can submit their bids from on-device or B&A

(Full-sized diagram)

In this setup, DSP-A and DSP-B are buyers that submit their bids on-device, and DSP-X and DSP-Y are buyers that submit their bids using B&A. The on-device buyers participate in an on-device PA auction in the browser, and the B&A buyers participate in the B&A auction setup described in the single-seller auction section.

The contextual auction is executed first for all buyers in order to collect the contextual auction winning bid and the buyer signals. Then, the B&A auction runs and the buyer signals from the contextual auction are passed into the SelectAd request to SFE. The encrypted B&A auction result returned from SFE is forwarded to the browser. After the B&A auction, its result is fed into the on-device auction that the on-device buyers participate in.

A mixed-mode single-seller auction config for the on-device portion of the auction looks similar to the following:

await navigator.runAdAuction({
  seller: 'https://ssp-mix.example',
  decisionLogicURL: 'https://ssp-ba.example/score-ad.js',
  componentAuctions: [
    // B&A auction
    {
      seller: 'https://ssp-mix.example',
      requestId: 'f5135cb2-da2d-4e9b-80e6-e13dec2a581c',
      serverResponse: Uint8Array(560) [133, 20, 14, …]
    },
    // On-device auction
    {
      seller: 'https://ssp-mix.example',
      interestGroupBuyers: ['https://dsp-a.example', 'https://dsp-b.example'],
      decisionLogicURL: 'https://ssp-mix.example/on-device-score-ad.js',
    }
  ]
})

Parallelization of on-device and B&A auctions

Without parallelization, the auctions are executed sequentially where the contextual auction runs, then the B&A auction, and finally the on-device auction. With parallelization implemented, the contextual auction runs first again, but its result and signals are streamed back to the client in order to start the on-device auction in parallel before the B&A auction finishes.

A diagram describing how the contextual auction bid and signals and SelectAd result are streamed back to the browser JavaScript code

(Full-sized diagram)

The JavaScript code in the client sends the unified auction request to SAS, and SAS starts the contextual auction and the PA B&A auction. When SAS receives a response from a buyer's RTB server, the buyer signals for the on-device auction can be streamed back to the browser, along with the contextual auction winner once all bids are received. The streamed buyer signals are used to generate a bid on-device, and the contextual auction winner is used as a bid floor when scoring the bids.

In SAS, the seller generates a UUID nonce that is set in the Ad-Auction-Result-Nonce response header when streaming the contextual auction data to the browser. The same nonce is used in the SelectAd call to SFE for the B&A auction, and that nonce becomes included in the returned SelectAd response from SFE. During the client-side auction phase, the browser verifies that the nonce in the Ad-Auction-Result-Nonce response header matches the nonce in the encrypted auction result payload.

See the explainer to learn more about mixed-mode parallelization.

Multi-seller auction

There are two ways to run a PA multi-seller auction with B&A:

Device-orchestrated auction where the call to each component seller's ad service originates from the browser
Server-orchestrated auction where the call to each component seller's ad service originates from the top-level seller's ad service

Device-orchestrated multi-seller auction

In a device-orchestrated multi-seller auction, each component seller is free to run their auction in a configuration of their choice. On-device sellers, B&A sellers, and mixed-mode sellers can all participate in the top-level auction.

A diagram describing how multiple sellers running different auction configurations can submit their auction result to the top-level seller

(Full-sized diagram)

In this setup, SSP-TOP, who is the top-level seller, runs a multi-seller auction that SSP-OD, SSP-BA, and SSP-MIX participate in:

SSP-OD, who runs an on-device-only PA auction, submits their on-device component auction config to the top-level seller.
SSP-BA, who runs a B&A auction, sends a unified auction request to its Seller Ad Service and runs its own contextual and B&A auctions. The results are submitted to the top-level seller.
SSP-MIX, who runs a mixed-mode auction, executes the B&A auction first on the server, then submits both the B&A auction result and the on-device auction configuration.

The top-level seller collects the component auction configs from each seller, and constructs an auction config that looks similar to the following:

await navigator.runAdAuction({
  seller: 'https://ssp-top.example',
  decisionLogicURL: 'https://ssp-top.example/score-ad.js',
  componentAuctions: [
    // SSP-BA's B&A-only auction
    {
      seller: 'https://ssp-ba.example',
      requestId: 'g8312cb2-da2d-4e9b-80e6-e13dec2a581c',
      serverResponse: Uint8Array(560) [193, 120, 4, …] // Encrypted B&A auction result
    },
    // SSP-MIX's B&A auction of mixed-mode
    {
      seller: 'https://ssp-mix.example',
      requestId: 'f5135cb2-da2d-4e9b-80e6-e13dec2a581c',
      serverResponse: Uint8Array(560) [133, 20, 4, …] // Encrypted B&A auction result
    }.
    // SSP-MIX's on-device auction of mixed-mode
    {
      seller: 'https://ssp-mix.example',
      interestGroupBuyers: ['https://dsp-a.example', 'https://dsp-b.example'],
      decisionLogicURL: 'https://ssp-mix.example/score-ad.js',
    }
    // SSP-OD's on-device auction
    {
      seller: 'https://ssp-od.example',
      interestGroupBuyers: ['https://dsp-a.example', 'https://dsp-b.example'],
      decisionLogicURL: 'https://ssp-od.example/score-ad.js',
    }
  ]
})

Server-orchestrated multi-seller auction

In a server-orchestrated multi-seller auction, the calls to the component seller's ad services are made from the top-level seller's ad service. In this setup, component sellers cannot run an on-device or a mixed-mode auction; all sellers must use B&A and all buyers must submit their bids using B&A.

The top-level SSP sends a unified auction request to its Seller Ad Service. The Seller Ad Service calls the SFE to run the GetComponentAuctionCipherTexts operation. The returned ciphertexts are then sent to each component seller's ad service that conducts its own B&A auctions

(Full-sized diagram)

In this diagram, SSP-TOP runs a server-orchestrated multi-seller auction that SSP-BA-X and SSP-BA-Y participate in.

A single unified auction request that contains the contextual and PA auctions payload for all participants is sent from the browser to the top-level seller's ad service. Then SAS makes a GetComponentAuctionCiphertexts call to SFE with the payload. SFE will decrypt the payload, separate the payloads by each component seller, and return the re-encrypted payloads to the top-level seller's SAS.

The proto definitions for GetComponentAuctionCiphertexts request and response are the following:

// Request sent from the top-level seller's ad service to SFE
message GetComponentAuctionCiphertextsRequest {
  bytes protected_auction_ciphertext = 1; // Generated in the browser
  repeated string component_sellers = 2; // The list of all component sellers
}

// Response returned from SFE to the top-level seller's ad service
message GetComponentAuctionCiphertextsResponse {
  // A map of component sellers and their re-encrypted payloads
  map<string, bytes> seller_component_ciphertexts = 1;
}

With each component seller's payload, the top-level seller's SAS calls component sellers' SAS, and each component SAS executes their component B&A auction. Then, the results of the component auctions are returned to the top-level seller's SFE, and the component auction bids are scored by the top-level seller's Auction Service. The bid with the highest desirability score is returned to SFE, and that encrypted payload is sent to SAS to be returned to the client. In the browser, the top-level seller finishes the auction by calling navigator.runAdAuction() and supplying the encrypted server auction result payload.

Next steps

After reading this guide, you can take the next following steps:

Learn more

For a deeper understanding of how B&A for Protected Audience works, see the following explainers on GitHub:
Experiment with Protected Audience with B&A by following the End-to-End Local Testing codelab.
For seller integration, see Integrate with B&A as a seller.

Have questions?

Ask questions about BIdding and Auction Services by opening an issue in the B&A Services repository.
Ask questions about Privacy Sandbox in general by opening an issue in the privacy-sandbox-dev-support repository.