2024 marked a significant year. AI became integral to our workflows, commerce and retail media networks soared, and Google did not deprecate cookies. Amidst these changes, ID bridging emerged as a hot topic, raising questions around identity reliability and transparency, which necessitated industry-wide standards. We believe the latest IAB OpenRTB specifications, produced in conjunction with supply and demand-side partners, set up the advertising industry for more transparent and effective practices.
So, what exactly is ID bridging?
As signals, like third-party cookies, fade, ID bridging emerged as a way for the supply-side to offer addressability to the demand-side. ID bridging is the supply-side practice of connecting the dots between available signals, that were generated in a way that is not the expected default behavior, to understand a user’s identity and communicate it to prospective buyers. It enables the supply-side to extend user identification beyond the scope of one browser or device.
Imagine you visit a popular sports website on your laptop using Chrome. Later, you use the same device to visit the same sports website, but this time, on Safari. By using identity resolution tools, a supply-side partner can infer that both visits are likely from the same user and communicate with them as such.
ID bridging is not inherently a bad thing. However, the practice has sparked debate, as buyers want full transparency into the use of a deterministic identifier versus an inferred one. This complicates measurement and frequency capping for the demand-side. Before OpenRTB 2.6, ID bridging led to misattribution as the demand-side could not attribute ad exposures, which had been served to a bridged ID, to a conversion, which had an ID different from the ad exposure.
OpenRTB 2.6 sets us up for a more transparent future
In 2010, the IAB, along with supply and demand-side partners, formed a consortium known as the Real-Time Bidding Project for companies interested in an open protocol for the automated trading of digital media. The OpenRTB specifications they produced became that protocol, adapting with the evolution of the industry.
The latest evolution, OpenRTB 2.6, sets out standards that strive to ensure transparency in real-time bidding, mandating how the supply-side should use certain fields to more transparently provide data when inferring users’ identities.
What’s new in OpenRTB 2.6?
Here are the technical specifications for the industry to be more transparent when inferring users’ identities:
- Primary ID field: This existing field now can only contain the “buyeruid,” an identifier mutually recognized and agreed upon by both buyer and seller for a given environment. For web environments, the default is a cookie ID, while for app activity, it is a mobile advertising ID (MAID), passed directly from an application downloaded on a device. This approach ensures demand-side partners understand the ID’s source.
- Enhanced identifier (EID) field: The EID field, designated for alternative IDs, now accommodates all other IDs. The EID field now has additional parameters that provide buyers transparency into how the ID was created and sourced, which you can see in the visual below:
Using the above framework, a publisher who wants to send a cross-environment identifier that likely belongs to the same user would declare the ID as “mm=5,” while listing the potential third-party identity resolution partner under the “matcher” field, which the visual below depicts. This additional metadata gives the demand-side the insights they need to evaluate the reliability of each ID.
“These updates to OpenRTB add essential clarity about where user and device IDs come from, helping buyers see exactly how an ID was created and who put it into the bidstream. It’s a big step toward greater transparency and trust in the ecosystem. We’re excited to see companies already adopting these updates and can’t wait to see the industry fully embrace them by 2025.”
Hillary Slattery, Sr. Director, Programmatic, Product Management, IAB Tech Lab
Experian will continue supporting transparency
As authenticated signals decrease due to cookie deprecation and other consumer privacy measures, we will continue to see a rise in inferred identifiers. Experian’s industry-leading Digital Graph has long supported both authenticated and inferred identifiers, providing the ecosystem with connections that are accurate, scalable, and addressable. Experian will continue to support the industry with its identity resolution products and is supportive of the IAB’s efforts to bring transparency to the industry around the usage of identity signals.
Supply and demand-side benefits of adopting the new parameters in OpenRTB 2.6
- Partner collaboration: Clarity between what can be in the Primary ID field versus the EID field provides clear standards and transparency between buyers and sellers.
- Identity resolution: The supply side has an industry-approved way to bring in inferred IDs while the demand side can evaluate these IDs, expanding addressability.
- Reducing risk: With accurate metadata available in the EID field, demand-side partners can evaluate who is doing the match and make informed decisions on whether they want to act on that ID.
Next steps for the supply and demand-sides to consider
For supply-side and demand-side partners looking to utilize OpenRTB 2.6 to its full potential, here are some recommended steps:
For the supply-side:
- Follow IAB Specs and provide feedback: Ensure you understand and are following transparent practices. Ask questions on how to correctly implement the specifications.
- Vet identity partners: Choose partners who deliver the most trusted and accurate identifiers in the market.
- Be proactive: Have conversations with your partners to discuss how you plan to follow the latest specs, which identity partners you work with, and explain how you plan to provide additional signals to help buyers make better decisions.
We are beginning to see SSPs adopt this new protocol, including Sonobi and Yieldmo.
“The OpenRTB 2.6 specifications are a critical step forward in ensuring transparency and trust in programmatic advertising. By aligning with these standards, we empower our partners with the tools needed to navigate a cookieless future and drive measurable results.”
Michael Connolly, CEO, Sonobi
These additions to the OpenRTB protocol further imbue bidding transactions with transparency which will foster greater trust between partners. Moreover, the data now available is not only actionable, but auditable should a problem arise. Buyers can choose, or not, to trust an identifier based on the inserter, the provider and the method used to derive the ID. While debates within the IAB Tech Lab were spirited at times, they ultimately drove a collaborative process that shaped a solution designed to work effectively across the ecosystem.”
Mark McEachran, SVP of Product Management, Yieldmo
For the demand side:
- Evaluation: Use the EID metadata to assess all the IDs in the EID field, looking closely at the identity vendors’ reliability. Select partners who meet high standards of data clarity and accuracy.
- Collaboration: Establish open communication with supply-side partners and tech partners to ensure they follow the best practices in line with OpenRTB 2.6 guidelines and that there’s a shared understanding of the mutually agreed upon identifiers.
- Provide feedback: As OpenRTB 2.6 adoption grows, consistent feedback from demand-side partners will help the IAB refine these standards.
Moving forward with reliable data and data transparency
As the AdTech industry moves toward a cookieless reality, OpenRTB 2.6 signifies a substantial step toward a sustainable, transparent programmatic ecosystem. With proactive adoption by supply- and demand-side partners, the future of programmatic advertising will be driven by trust and transparency.
Experian, our partners, and our clients know the benefits of our Digital Graph and its support of both authenticated and inferred signals. We believe that if the supply-side abides by the OpenRTB 2.6 specifications and the demand-side uses and analyzes this data, the programmatic exchange will operate more fairly and deliver more reach.
Latest posts
In 2022, Google began changing the availability of the information available in User-Agent strings across their Chromium browsers. The change is to use the set of HTTP request header fields called Client Hints. Through this process, a server can request, and if approved by the client, receive information that would have been previously freely available in the User-Agent string. This change is likely to have an impact on publishers across the open web that may use User-Agent information today. To explain what this change means, how it will impact the AdTech industry, and what you can do to prepare, we spoke with Nate West, our Director of Product. What is the difference between User-Agents and Client Hints? A User-Agent (UA) is a string, or line of text, that identifies information about a web server’s browser and operating system. For example, it can indicate if a device is on Safari on a Mac or Chrome on Windows. Here is an example UA string from a Mac laptop running Chrome: To limit the passive fingerprinting of users, Google is reducing components of the UA strings in their Chromium browsers and introducing Client Hints. When there is a trusted relationship between first-party domain owners and third-party servers, Client Hints can be used to share the same data. This transition began in early 2022 with bigger expected changes beginning in February 2023. You can see in the above example, Chrome/109.0.0.0, where browser version information is already no longer available from the UA string on this desktop Chrome browser. How can you use User-Agent device attributes today? UA string information can be used for a variety of reasons. It is a component in web servers that has been available for decades. In the AdTech space, it can be used in various ad targeting use cases. It can be used by publishers to better understand their audience. The shift to limit access and information shared is to prevent nefarious usage of the data. What are the benefits of Client Hints? By using Client Hints, a domain owner, or publisher, can manage access to data activity that occurs on their web properties. Having that control may be advantageous. The format of the information shared is also cleaner than parsing a string from User-Agents. Although, given that Client Hints are not the norm across all browsers, a long-term solution may be needed to manage UA strings and Client Hints. An advantage of capturing and sharing Client Hint information is to be prepared and understand if there is any impact to your systems and processes. This will help with the currently planned transition by Google, but also should the full UA string become further restricted. Who will be impacted by this change? Publishers across the open web should lean in to understand this change and any potential impact to them. The programmatic ecosystem supporting real-time bidding (RTB) needs to continue pushing for adoption of OpenRTB 2.6, which supports the passing of client hint information in place of data from UA strings. What is Google’s timeline for implementing Client Hints? Source: Google Do businesses have to implement Client Hints? What happens if they don’t? Not capturing and sharing with trusted partners can impact capabilities in place today. Given Chromium browsers account for a sizable portion of web traffic, the impact will vary for each publisher and tech company in the ecosystem. I would assess how UA strings are in use today, where you may have security concerns or not, and look to get more information on how to maintain data sharing with trusted partners. We can help you adopt Client Hints Reach out to our Customer Success team at tapadcustomersuccess@experian.com to explore the best options to handle the User-Agent changes and implement Client Hints. As leaders in the AdTech space, we’re here to help you successfully make this transition. Together we can review the options available to put you and your team on the best path forward. About our expert Nate West, Director of Product Nate West joined Experian in 2022 as the Director of Product for our identity graph. Nate focuses on making sure our partners maintain and grow identity resolution solutions today in an ever-changing future state. He has over a decade of experience working for media organizations and AdTech platforms. Latest posts
Up next in our Ask the Expert series, Ben Rothke, Senior Information Security Manager, reviews two certifications that should be part of your information security strategy: Service Organization Control (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001. Tapad, a part of Experian, is 27001 and SOC 2 Type 2 compliant. Two information security certifications you can trust Seals from Good Housekeeping and Underwriters Laboratories give consumers confidence that they can trust the product that they’re buying. For IT solutions or service providers, what, or who can you turn to for that seal of approval? There are many equivalent third-party attestations you can use. But which should you trust? The International Organization for Standardization (ISO) 27001 The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC) International Organization for Standardization (ISO) 27001 is an international standard for information security from the ISO. ISO 27001 is globally acknowledged and sets requirements for controls, maintenance, and certification of an information security management system (ISMS). This international standard provides organizations with a framework to identify, manage and reduce risks related to the security of information System and Organization Controls (SOC) The SOC, as defined by the AICPA, is a set of audit reports. SOC reports, like 27001 certificates, are used by service organizations to give their customers the confidence they have adequate information security controls in place to protect the data that they handle. SOC 2 is an assessment of controls at a service organization regarding security, availability, processing integrity, confidentiality, and privacy. The purpose of the report is to provide extensive information and assurance to a broad range of users about the controls at a service organization that are relevant to the security, availability, and processing integrity of the systems that process user data, as well as the confidentiality and privacy of the information processed by these systems. Why ISO 27001 and SOC 2 are important The value of these third-party attestations is two-fold: Organizations can show they have passed an independent external audit Third-party attestations save organizations the time of having to do their own audits In addition to 27001 and SOC 2 Type 2 compliance, we are also certified with ISO 27017 and 27018, which are add-ons to 27001 that are specific to cloud computing. We take the security and privacy of our customers’ data as seriously as they do. Every cloud service provider (CSP) has a responsibility matrix that details what security and privacy tasks they are responsible for and which ones the customer is responsible for. Any cloud customer that needs to be made aware of what their security tasks are is putting themselves at risk. So, when you want to engage a CSP, ask them for their attestations. They worked hard for them and will be proud to share their compliance. We’re powered by decades of setting standards in marketing services At Experian, we’re a privacy-first business. We’re highly focused on respecting people, their data, and their privacy. We continue to show our dedication to information security by completing these security audits every year. The constant changes to data compliance regulations can be challenging to navigate, but you don’t have to do it alone. Contact us today. We will be your guide so you can ethically and confidently reach your customers. Contact us today About our expert Ben Rothke, Senior Information Security Manager Ben Rothke, CISSP, CISA, is a Senior Information Security Manager at Tapad, a part of Experian. He has over 25 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine. Latest posts
Experian kicks off the AdTech year at CES What better way to jump-start start 2023 than a trip to Las Vegas for the Consumer Electronics Show (CES). Our team was thrilled to participate in this annual kick-off with the AdTech community. The uniqueness of what CES has become for our industry can be defined as the intersection between technology brands, digital, television, and AdTech. CES creates the space necessary for marketing and advertising leaders to collaborate to drive rewarding outcomes for the year ahead. Our goal in attending CES was to connect with our partners, clients, and industry leaders to build relationships, form strategic plans, and listen. The opportunity to learn about our industry’s challenges and goals enables us to develop initiatives, drive success, and support our clients and partners. Keep reading for our 2023 CES AdTech recap. “I have been to CES too many times to mention the number; this year was as energetic, collaborative, engaged, and effective as I can ever recall. Our presence was first-class and meticulously organized, which made our interactions as robust as possible. It's a team effort, and we appreciate all the work that goes into this event. “ – Greg Koerner, Vice President of Digital Advertising Sales Our CES AdTech recap Supporting publishers and advertisers is top of mind for us. Many of our conversations focused on the technologies we deliver or collaborate with our partners to provide. Clean rooms and activation were two common themes throughout our discussions. Clean rooms Consumer privacy, regulatory requirements, and data deprecation are driving the AdTech industry to talk about and explore clean rooms. There’s a need to address data collection, storage, analysis, and sharing. Clean rooms are a potential solution that can standardize data and address interoperability issues. Activation In 2023, we predict that digital activation will increase. We continue to see increased demand for environments where alternative identifiers are being transacted (like demand side platforms and video). Social platforms will continue to experience volatility and advertisers will shift their focus to demand-side, video, and supply-side platforms. Download our 2023 Digital audience trends and predictions report to learn where you should activate your audiences in 2023. We can help plan your 2023 digital activation strategy. How we support clean rooms and activation Our Consumer Sync and Consumer View products support these areas and can help you understand people better–so you and your customers can connect with confidence. What is Consumer Sync? Consumer Sync, our consumer identity product, enables signal agnostic collaboration across marketers and technologies, bringing together digital devices, IDs, households, and attributes. Consumer Sync’s Resolution and Collaboration solutions can help you gain a better understanding of your consumers and make identities actionable in any environment. What is Consumer View? Consumer View, our data discovery product, offers marketers a robust, privacy-first understanding of their customers and prospects. Grounded in consumer identity, Consumer View provides the data foundation to engage consumers where, when, and how they want. Consumer View’s Audience and Attribution solutions provide expansive coverage so that you can fill in the gaps to better understand your prospects. Additionally, our collaborative efforts with strong partnerships across the clean room ecosystem and with our activation partners help our clients serve the best ads, at the best times, to the right audience. “CES is back and was a great way to kick off the new year! We were able to meet with a high volume of clients to eagerly talk about building new solutions for the TV space. We are excited to see where these conversations lead in the next few months.” – Ali Mack, Senior Director of TV Advertising Sales Let’s navigate what’s new in our industry, together We can help you connect with your consumers in innovative, impactful ways. Contact us to continue the conversation and learn more about our Consumer Sync and Consumer View products. We can help you take advantage of the opportunities on the horizon.