Support Storage Partitioning (#383)

Mostly a "find and replace" of "origin" with "storage key" right now. 

More detailed integration will is being worked on in #334

Co-authored-by: Joshua Bell <[email protected]>

Author: arichiv

index.bs

@@ -65,6 +65,7 @@ spec: ecma262; urlPrefix: https://tc39.github.io/ecma262/
 spec: storage; urlPrefix: https://storage.spec.whatwg.org/
     type: dfn
         text: storage bucket; url: storage-bucket
+        text: storage key; url: storage-key
 </pre>
 
 <style>
@@ -416,14 +417,14 @@ To <dfn>create a sorted name list</dfn> from a [=/list=] |names|, run these step
 ## Database ## {#database-construct}
 <!-- ============================================================ -->
 
-Each [=/origin=] has an associated set of [=databases=]. A
+Each [=/storage key=] has an associated set of [=databases=]. A
 <dfn>database</dfn> has zero or more [=/object stores=] which
 hold the data stored in the database.
 
 <div dfn-for=database>
 
 A [=database=] has a <dfn>name</dfn> which identifies it within a
-specific [=/origin=]. The name is a [=/name=],
+specific [=/storage key=]. The name is a [=/name=],
 and stays constant for the lifetime of the database.
 
 A [=database=] has a <dfn>version</dfn>. When a database is first
@@ -455,7 +456,7 @@ There may be multiple [=/connections=] to a given [=database=] at
 any given time.
 
 A [=/connection=] can only access [=databases=] associated with the
-[=/origin=] of the global scope from which the [=/connection=] is
+[=/storage key=] of the global scope from which the [=/connection=] is
 opened.
 
 <aside class=note>
@@ -487,7 +488,7 @@ it hasn't already been.
 
 A [=/connection=] may be closed by a user agent in exceptional
 circumstances, for example due to loss of access to the file system, a
-permission change, or clearing of the origin's storage. If this occurs
+permission change, or clearing of the [=/storage key=]'s storage. If this occurs
 the user agent must run [=close a database
 connection=] with the [=/connection=] and with the <var ignore>forced flag</var> set to true.
 
@@ -1284,7 +1285,7 @@ An [=open request=]'s [=get the parent=] algorithm returns null.
 
 [=Open requests=] are processed in a <dfn>connection queue</dfn>.
 The queue contains all [=open requests=] associated with an
-[=/origin=] and a [=database/name=]. Requests added to the
+[=/storage key=] and a [=database/name=]. Requests added to the
 [=connection queue=] processed in order and each request must run
 to completion before the next request is processed. An open request
 may be blocked on other [=/connections=], requiring those
@@ -2200,7 +2201,7 @@ dictionary IDBDatabaseInfo {
     : |result| = await indexedDB . {{IDBFactory/databases()|databases}}()
     ::
         Returns a promise which resolves to a list of objects giving a snapshot
-        of the names and versions of databases within the origin.
+        of the names and versions of databases within the [=/storage key=].
 
         This API is intended for web applications to introspect the use of databases,
         for example to clean up from earlier versions of a site's code. Note that
@@ -2217,17 +2218,15 @@ The <dfn method for=IDBFactory>open(|name|, |version|)</dfn> method steps are:
 
 1. Let |environment| be [=/this=]'s [=/relevant settings object=].
 
-1. Let |origin| be |environment|'s [=environment settings object/origin=].
-
-1. If |origin| is an [=opaque origin=], [=throw=] a
-    "{{SecurityError}}" {{DOMException}} and abort these steps.
+1. Let |storageKey| be the result of running [=obtain a storage key=] given |environment|.
+    If failure is returned, then [=throw=] a "{{SecurityError}}" {{DOMException}} and abort these steps.
 
 1. Let |request| be a new [=open request=].
 
 1. Run these steps [=in parallel=]:
 
     1. Let |result| be the result of
-        [=/opening a database=], with |origin|,
+        [=/opening a database=], with |storageKey|,
         |name|, |version| if given and undefined
         otherwise, and |request|.
 
@@ -2288,17 +2287,15 @@ The <dfn method for=IDBFactory>deleteDatabase(|name|)</dfn> method steps are:
 
 1. Let |environment| be [=/this=]'s [=/relevant settings object=].
 
-1. Let |origin| be |environment|'s [=environment settings object/origin=].
-
-1. If |origin| is an [=opaque origin=], [=throw=] a
-    "{{SecurityError}}" {{DOMException}} and abort these steps.
+1. Let |storageKey| be the result of running [=obtain a storage key=] given |environment|.
+    If failure is returned, then [=throw=] a "{{SecurityError}}" {{DOMException}} and abort these steps.
 
 1. Let |request| be a new [=open request=].
 
 1. Run these steps [=in parallel=]:
 
     1. Let |result| be the result of
-        [=/deleting a database=], with |origin|,
+        [=/deleting a database=], with |storageKey|,
         |name|, and |request|.
 
     1. Set |request|'s [=request/processed flag=] to true.
@@ -2344,16 +2341,14 @@ The <dfn method for=IDBFactory>databases()</dfn> method steps are:
 
 1. Let |environment| be [=/this=]'s [=/relevant settings object=].
 
-1. Let |origin| be |environment|'s [=environment settings object/origin=].
-
-1. If |origin| is an [=opaque origin=],
-    then return [=/a promise rejected with=] a "{{SecurityError}}" {{DOMException}}.
+1. Let |storageKey| be the result of running [=obtain a storage key=] given |environment|.
+    If failure is returned, then return [=/a promise rejected with=] a "{{SecurityError}}" {{DOMException}}
 
 1. Let |p| be [=/a new promise=].
 
 1. Run these steps [=in parallel=]:
 
-    1. Let |databases| be the [=/set=] of [=databases=] in |origin|.
+    1. Let |databases| be the [=/set=] of [=databases=] in |storageKey|.
         If this cannot be determined for any reason, then [=/reject=] |p| with
         an appropriate error (e.g. an "{{UnknownError}}" {{DOMException}})
         and terminate these steps.
@@ -4964,16 +4959,16 @@ The <dfn attribute for=IDBTransaction>onerror</dfn> attribute is an [=/event han
 
 <div algorithm>
 
-To <dfn>open a database</dfn> with |origin| which requested the [=database=] to be opened, a database |name|, a database |version|, and a |request|, run these steps:
+To <dfn>open a database</dfn> with |storageKey| which requested the [=database=] to be opened, a database |name|, a database |version|, and a |request|, run these steps:
 
-1. Let |queue| be the [=connection queue=] for |origin| and |name|.
+1. Let |queue| be the [=connection queue=] for |storageKey| and |name|.
 
 1. Add |request| to |queue|.
 
 1. Wait until all previous requests in |queue| have been processed.
 
 1. Let |db| be the [=database=] [=database/named=] |name| in
-    |origin|, or null otherwise.
+    |storageKey|, or null otherwise.
 
 1. If |version| is undefined, let |version| be 1 if |db| is null, or
     |db|'s [=database/version=] otherwise.
@@ -5060,7 +5055,7 @@ optional |forced flag|, run these steps:
 
     <aside class=note>
       The <a event>`close`</a> event only fires if the connection closes
-      abnormally, e.g. if the origin's storage is cleared, or there is
+      abnormally, e.g. if the [=/storage key=]'s storage is cleared, or there is
       corruption or an I/O error. If {{IDBDatabase/close()}} is called explicitly
       the event *does not* fire.
     </aside>
@@ -5089,18 +5084,18 @@ optional |forced flag|, run these steps:
 
 <div algorithm>
 
-To <dfn>delete a database</dfn> with the |origin| that
+To <dfn>delete a database</dfn> with the |storageKey| that
 requested the [=database=] to be deleted, a database |name|, and a
 |request|, run these steps:
 
-1. Let |queue| be the [=connection queue=] for |origin| and |name|.
+1. Let |queue| be the [=connection queue=] for |storageKey| and |name|.
 
 1. Add |request| to |queue|.
 
 1. Wait until all previous requests in |queue| have been processed.
 
 1. Let |db| be the [=database=] [=database/named=] |name| in
-    |origin|, if one exists. Otherwise, return 0 (zero).
+    |storageKey|, if one exists. Otherwise, return 0 (zero).
 
 1. Let |openConnections| be the [=/set=] of all [=/connections=]
     associated with |db|.
@@ -6606,10 +6601,10 @@ of user tracking:
     User agents may require the user to authorize access to databases
     before a site can use the feature.
 
-: Origin-tracking of stored data
+: Attribution of third-party storage
 ::
     User agents may record the [=/origins=] of sites that contained content
-    from third-party origins that caused data to be stored.
+    from third-party [=/origins=] that caused data to be stored.
 
     If this information is then used to present the view of data
     currently in persistent storage, it would allow the user to make
@@ -6717,12 +6712,12 @@ user's wish list; or a hostile site could set a user's session
 identifier to a known ID that the hostile site can then use to track
 the user's actions on the victim site.
 
-Thus, strictly following the <span>origin</span> model described in
+Thus, strictly following the storage key partitioning model described in
 this specification is important for user security.
 
-If origins or database names are used to construct paths for
+If host names or database names are used to construct paths for
 persistence to a file system they must be appropriately escaped to
-prevent an adversary from accessing information from other origins
+prevent an adversary from accessing information from other [=/storage keys=]
 using relative paths such as "`../`".
 
 ## Persistence risks ## {#persistence-risks}