Scope enforcement for mutations: how to avoid a container to modify deals it doesn't own

[AntoineJac]

Hi team,

Antoine here, CTO at Supply Finder. Reading through ARTF v1.0, I believe there is a gap around deal mutation ownership. I may be missing something, but I don't see how mutation ownership is enforced at the deal level

Questions
As I understand it, any container declaring expireDeals or adjustDeals could potentially propose a remove or replace on any deal ID in the bidstream, including deals owned by competing partners. If that's correct, a malicious container could systematically remove competing deals on an impression, leaving only its own and winning auctions at an artificially low floor.

Possible solution
One way to address this could be to leverage the SSP's existing knowledge of deal ownership and authorized third parties, carrying that signal directly in the bid request via an ext.artf extension on the OpenRTB Deal object:

"deals": [{ "id": "deal300", "bidfloor": 5.00, "ext": { "artf": { "authorized_containers": [ "partner-dealcurator-1", "other-third-party-2" ] } } }]

The idea would be that authorized_containers is populated at deal negotiation time, allowing deal owners to delegate mutation rights to trusted third parties via the SSP. The orchestrator could then use this as a hard gate before applying any deal mutation