-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathtasks.yaml
135 lines (119 loc) · 5.05 KB
/
tasks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# This file defines a list of tasks to be provisioned.
-
# The DAP task ID is provided in base64url-encoded form, much like in request
# paths. IDs are 32 bytes long, and they should be randomly generated, per
# DAP's recommendation.
task_id: "G9YKXjoEjfoU7M_fi_o2H0wmzavRb2sBFHeykeRhDMk"
# HTTPS endpoint of the peer aggregator.
peer_aggregator_endpoint: "https://example.com/"
# The DAP batch mode. See below for an example of a leader-selected task.
batch_mode: TimeInterval
# The task's VDAF. Each VDAF requires its own set of parameters.
vdaf: !Prio3Sum
max_measurement: 4096
# The DAP role of this Janus instance in this task. Either "Leader" or
# "Helper".
role: Leader
# The VDAF verify key, in base64url-encoded form. The key's length is
# determined by the task's VDAF.
vdaf_verify_key: "1CmuYNtBLYIoXN8bU0T_XA"
# The task's end time, as a number of seconds after the Unix epoch.
task_end: 1704088800
# Time in seconds after which reports expire and may be garbage collected.
# This is a Janus-specific parameter. Garbage collection for a task may
# be disabled by setting this to `null`.
report_expiry_age: 7776000
# Minimum number of reports that a batch must contain before the batch may be
# collected.
min_batch_size: 100
# The DAP task's time precision. This determines how clients round report
# timestamps, and sets the minimum duration of any batch interval for time
# interval queries.
time_precision: 1800
# This determines the maximum allowable clock skew between clients and the
# aggregator, in seconds. If a report is received that has a timestamp further
# in the future than this amount, it will be rejected. This is a
# Janus-specific parameter.
tolerable_clock_skew: 60
# The collector's HPKE configuration. The public key is encoded in base64url.
collector_hpke_config:
id: 183
kem_id: X25519HkdfSha256
kdf_id: HkdfSha256
aead_id: Aes128Gcm
public_key: 4qiv6IY5jrjCV3xbaQXULmPIpvoIml1oJmeXm-yOuAo
# Authentication token hash used by the leader to authenticate requests made
# to the helper. This value should only be included in leader-role tasks.
#
# Each token's `type` governs how it is inserted into HTTP requests if used by
# the leader to authenticate a request to the helper.
aggregator_auth_token:
# DAP-Auth-Token values are encoded in unpadded base64url, and the decoded
# value is sent in an HTTP header. For example, this token's value decodes
# to "aggregator-235242f99406c4fd28b820c32eab0f68".
type: "DapAuth"
token: "YWdncmVnYXRvci0yMzUyNDJmOTk0MDZjNGZkMjhiODIwYzMyZWFiMGY2OA"
# Authentication token hash used by the leader to authenticate requests
# received from the collector. This value should only be included in
# leader-role tasks.
#
# The `type` determines how tokens are parsed from HTTP requests, and it has
# the same set of allowable values as the `type` of an `aggregator_auth_token` stanza.
#
# `hash` is the SHA-256 hash of the token value, encoded in unpadded base64url.
collector_auth_token_hash:
type: "Bearer"
hash: "MJOoBO_ysLEuG_lv2C37eEOf1Ngetsr-Ers0ZYj4vdQ"
# This aggregator's HPKE keypairs. The first keypair's HPKE configuration will
# be served via the `hpke_config` DAP endpoint. All keypairs will be tried
# when decrypting report shares. Both the public key and private key fields
# are encoded in base64url.
hpke_keys:
- config:
id: 164
kem_id: X25519HkdfSha256
kdf_id: HkdfSha256
aead_id: Aes128Gcm
public_key: bK5esYAgvRb7eWto4IlzDV5fMpmdTeO0K56sV-rf9xo
private_key: wFRYwiypcHC-mkGP1u3XQgIvtnlkQlUfZjgtM_zRsnI
- task_id: "D-hCKPuqL2oTf7ZVRVyMP5VGt43EAEA8q34mDf6p1JE"
peer_aggregator_endpoint: "https://example.org/"
batch_mode: !LeaderSelected
batch_time_window_size: null
vdaf: Prio3Count
role: Helper
vdaf_verify_key: "ZXtE4kLqtsCOr8h_pNUeoQ"
task_end: 1704088800
report_expiry_age: null
min_batch_size: 100
time_precision: 300
tolerable_clock_skew: 60
collector_hpke_config:
id: 80
kem_id: X25519HkdfSha256
kdf_id: HkdfSha256
aead_id: Aes128Gcm
public_key: KHRLcWgfWxli8cdOLPsgsZPttHXh0ho3vLVLrW-63lE
# Authentication token hash used by the helper to authenticate requests
# received from the leader. This value should only be included in helper-role
# tasks.
#
# The `type` corresponds to the `type` of an `aggregator_auth_token` stanza,
# and the helper will only accept the auth token if it is presented in a
# request in the indicated manner.
#
# `hash` is the SHA-256 hash of the token value, encoded in unpadded base64url.
aggregator_auth_token_hash:
type: "Bearer"
hash: "MJOoBO_ysLEuG_lv2C37eEOf1Ngetsr-Ers0ZYj4vdQ"
# Note that this task does not have a collector authentication token, since
# it is a helper role task.
collector_auth_token_hash:
hpke_keys:
- config:
id: 37
kem_id: X25519HkdfSha256
kdf_id: HkdfSha256
aead_id: Aes128Gcm
public_key: nvoVceq50ScadLoeE3E4tgFkzF85UfdiEQOPZSKVx0Y
private_key: oA38bVlfuTvi_rg6ciYI1S0tWQuwwDhBDzHSBXKCYVc