w3c · martinthomson · Feb 26, 2025 · Feb 27, 2025 · Feb 26, 2025 · Feb 25, 2025
diff --git a/api.bs b/api.bs
@@ -881,6 +881,50 @@ excludes expired [=impressions=] from [=attribution=]. However, the
 [=user agent=] should not retain expired [=impressions=] indefinitely.
 
 
+### Site Names ### {#site-name-algorithm}
+
+The [=impression store=] saves information
+about three types of [=site=]:
+the [=impression/impression site=],
+an optional [=impression/intermediary site=],
+and a [=set=] of [=impression/conversion sites=].
+
+These [=sites=] MUST all be in [=scheme-and-host=] form,
+with a [=scheme=] of "`https`".
+This means that a simple string serialization of a [=host=]
+is sufficient to identify the site.
+The API is therefore able to use a simple [=string=]
+to represent [=sites=].
+
+<p class=note>
+It is also possible for an implementation to internally represent sites
+using just the [=host=] part of the tuple.
+</p>
+
+To <dfn>parse a site</dfn>,
+returning either [=site=] or failure,
+given a [=string=] |input|,
+run these steps:
+
+1.  Let |host| be the value returned by invoking [=host parser=],
+    passing |input|.
+
+1.  If |host| is failure, return failure.
+
+1.  Let |site| be the value returned by [=registrable domain|obtain a registrable domain=],
+    passing |host|.
+
+1.  If |site| is null, return failure.
+
+1.  Return a [=scheme-and-host=] tuple of ("`https`", |site|).
+
+<p class=note>
+This algorithm successfully produces a site from strings
+that contain more [=domain labels=] than the [=registrable domain=].
+For example, "`extra.example.com`" is parsed as "`example.com`".
+</p>
+
+
 ## State For Privacy Budget Management ## {#privacy-state}
 
 [=User agents=] maintain three pieces of state
@@ -890,6 +934,7 @@ that are used to manage the expenditure of [=privacy budgets=]:
     of the per-[=site=] and per-[=epoch=] [=privacy budgets=].
     It is updated by [=deduct privacy budget=].
 
+
 *   The [=epoch start store=] records when each [=epoch=] starts
     for [=impression sites=].
     This store is initialized as a side effect
@@ -1073,21 +1118,37 @@ and given <a dictionary lt=PrivateAttributionImpressionOptions>|options|</a>:
 <!-- TODO: Check the {{PermissionPolicy/save-impression}} policy. -->
 
 1.  Collect the implicit API inputs from |settings|:
-    1.  The timestamp is set to |settings|'s [=environment settings object/current wall time=].
-    1.  The [=impression site=] is set to the result of
+    1.  Let |timestamp| be |settings|'s [=environment settings object/current wall time=].
+    1.  The [=impression site=] |site| is set to the result of
         [=obtain a site|obtaining a site=] from the [=top-level origin=].
-    1.  The [=intermediary site=] is set to
+    1.  The [=intermediary site=] |intermediarySite| is set to
         1.   a value of `undefined` if the [=origin=] is [=same site=]
              with the [=top-level origin=],
         1.   otherwise, the result of
              [=obtain a site|obtaining a site=] from the [=origin=].
 1.  Validate the page-supplied API inputs:
-    1. If |options|.{{PrivateAttributionImpressionOptions/lifetimeDays}} is 0,
+    1.  If |options|.{{PrivateAttributionImpressionOptions/lifetimeDays}} is 0,
         throw a {{RangeError}}.
-    1. Clamp |options|.{{PrivateAttributionImpressionOptions/lifetimeDays}} to
+    1.  Clamp |options|.{{PrivateAttributionImpressionOptions/lifetimeDays}} to
         the [=user agent=]'s upper limit.
-1.  If the Private Attribution API is [[#opt-out|enabled]], save the impression
-    to the [=impression store=].
+    1.  Let |conversionSite| be the result of invoking [=parse a site=]
+        with |options|.{{PrivateAttributionImpressionOptions/conversionSite}}.
+    1.  If |conversionSite| is failure, return {{SyntaxError}}.
+1.  If the Private Attribution API is [[#opt-out|disabled]], return.
+1.  Construct |impression| as a [=impression|saved impression=] comprising:
+    *   [=impression/Filter Data=] set to
+        |options|.{{PrivateAttributionImpressionOptions/filterData}}.
+    *   [=impression/Impression Site=] set to |site|.
+    *   [=impression/Intermediary Site=] set to |intermediarySite|.
+    *   [=impression/Conversion Sites=] set to a single element [=set=]
+        containing |conversionSite|.
+    *   [=impression/Timestamp=] set to |timestamp|.
+    *   [=impression/Lifetime=] set to
+        |options|.{{PrivateAttributionImpressionOptions/lifetimeDays}},
+        multiplied by a [=duration=] of one day.
+    *   [=impression/Histogram Index=] set to
+        |options|.{{PrivateAttributionImpressionOptions/histogramIndex}}.
+1.  Save |impression| to the [=impression store=].
 
 <p class=advisement><a method for=PrivateAttribution>saveImpression()</a>
 does not return a status indicating whether the impression was recorded.
@@ -2108,18 +2169,26 @@ The privacy architecture is courtesy of the authors of [[PPA-DP]].
 
 <pre class=anchors>
 urlPrefix: https://html.spec.whatwg.org/; spec: html; type: dfn
+    text: host; url: #concept-origin-host
     text: obtain a site
     text: origin; url: #concept-origin
     text: relevant settings object
     text: same site
+    text: scheme; url: #concept-origin-scheme
+    text: scheme-and-host
     text: site
     text: top-level origin; url: #concept-environment-top-level-origin
     text: iframe; url: #child-navigable
 urlPrefix: https://infra.spec.whatwg.org/; spec: infra; type: dfn;
-    text: user agent
     text: set; url: #sets
+    text: string
+    text: user agent
 urlPrefix: https://storage.spec.whatwg.org/; spec: storage; type: dfn;
     text: storage key
+urlPrefix: https://url.spec.whatwg.org/; spec: url; type: dfn;
+    text: domain label
+    text: host parser; url: #concept-host-parser
+    text: registrable domain; url: #host-registrable-domain
 urlPrefix: https://w3ctag.github.io/privacy-principles/; type: dfn;
     text: cross-site recognition
     text: same-site recognition