Adam Barth said: > I think HTML 5 has notions of "origin" and "effective script origin" > (or some such) that separate these two concepts. It might be worth > syncing up our internal names with the spec to make these concepts > more accessible to future developers. I tend to agree. Most of the new HTML 5 interfaces use "same origin policy" which is intentionally much simpler than ll the effective script origin and cookie access policies from older interfaces. Internally, the SecurityOrigin object is used to track origin information. HTML5 databases and localStorage (and probably others) use a subset of their interface but also use them in a somewhat different manner than the rest of WebKit (they're used in an immutable way and there can easily be multiple SecurityOrigin objects for the same origin). It probably makes sense to split SecurityOrigin into 2 classes so that this distinction is more clear and there's less room for error. For reference, I believe these 2 mails contain all the points of the thread: http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008038.html http://lists.macosforge.org/pipermail/webkit-dev/2009-June/008043.html