apply comment from Ruben

Author: michielbdejong

README.md

@@ -392,9 +392,9 @@ The authorization of trusted web app is a running battle between readers and wri
 
 In solid a maxim is, you have complete control of he data. Therefore it is up to the owner of the data, the publisher, the controller of the ACL, or more broadly the person running the solid server, to specify who gets access, be it people or apps.   However another maxim is that you can chose which app you use.  So of Alice publishes data, and Bob want to use his favorite app,  then how does that happen?  
 
- - The web server can run with a given trusted domain configured by the pod provider.
- - A specific ACL can be be made to allow a given app to access a given file or folder of files.
- - Someone with acl:Control access to the resource could give in their profile a statement that they will allow users to use a given app.
+ - A Web server MAY be configured such that a given list of origins is unconditionally trusted for incoming HTTP requests. The origin check is then bypassed for these domains, but all other access control mechanisms remain active.
+ - A specific ACL can be made to allow a given app to access a given file or folder of files, using `acl:origin`.
+ - Someone with `acl:Control` access to the resource could give in their profile a statement that they will allow users to use a given app.
 
 ```
  <#me> acl:trustedApp [ acl:origin  <https://calendar.example.com>;