The Full SafeFrame Presentation (PPT)

Download Report

Transcript The Full SafeFrame Presentation (PPT)

Dec 11th, 2012
IAB SafeFrames
Co-Chairs
Sean Snider, Yahoo!
Prabhakar Goyal, Microsoft
SafeFrames: An Overview
 What are SafeFrames?
● A secure and flexible framework that provides the ability to
create containers around HTML content served from sources
external (e.g. Ad Server) to a host server (i.e. Publisher)
1
SF In-page Communication
Publisher
Webpage
1. External Content
Received (as data)
External
Party
Server
2. API Initiated
3. Vendor Content
Rendered
4. Communication
2
SafeFrame
SafeFrames Technology
Host
Content Domain
3
External
Content
Ads
SafeFrames Technology
Host
Content Domain
4
Host
Secondary
Domain
Where SafeFrame
lives
Where external
party content is
served
External
Content
Ads
SafeFrames Technology
Host
SafeFrame
API
Content Domain Protocols for
communicatio
n
5
Host
Secondary
Domain
Where SafeFrame
lives
Where external
party content is
served
External
Content
Ads
SafeFrames: Value Added
 Consumer Safety
 Host Benefits (i.e. Publisher)
● Transparency
● Control / Stability
 External Party Benefits (i.e. Ad Agency)
● More rich-media demand in more places
● Transparency
 Standardized Functionality
4
SafeFrames: Consumer Safety
 Content from un-vetted sources do not have
direct access to the host web page
● Cannot set/read host cookies without explicit
publisher permission
● Cannot set/read HTML form data
● Proprietary rules can be implemented to further
enhance security
5
SafeFrames: Transparency
 Host web page has a container around
content
● Allows for geometric information about the external
content to be easily measured and shared (e.g.
viewability).
● Meta-data passing between host and external content
is explicitly defined
● Both host and external content are aware of various
rich-media functions
6
SafeFrames: Control / Stability
 No JavaScript/CSS/HTML element name
pollution
 Host can measure performance easily
 Rich-media functionality is clearly defined
and known
7
Safe Frames: Standardization
 Functionality clearly defined and is
extensible over time
● Rich-media
● Meta-data
● Host URL
10
SafeFrames: Host Decisions
Currently using
iframe?
Yes
No
Implement
SafeFrame
Yes*
Allowing rich
media?
No
Yes
9
Does SafeFrame
support my rich
media types?
SafeFrames: External Party Decisions
No
Use current
behavior
Inside iframe?
Yes
No
Nested immediately
under host?
window.parent == top
Yes
Implement
SafeFrame
9
Yes
No
$sf.ext
JavaScript
namespace
exists?
SafeFrames: Rich-Media Matrix
11