Rewrite introduction to same-origin section.

index.html

@@ -3110,15 +3110,17 @@ <h3>Relationship to the Same-Origin Policy</h3>
 as a <dfn>pairwise identifier</dfn>.
       </p>
       <p>
-This specification is closer to
+The same-origin policy can be overridden for a variety of use cases, such as
+for
 <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing">
-Cross-origin resource sharing</a> (CORS) both in concept and practice. The
-result of this is that correlatable information can be shared between origins
-and while that can lead to positive security outcomes (no public key
-registration burden), it can also lead to negative privacy outcomes (tracking).
-Those that use this specification are warned that there are trade-offs with
-each approach and to use the mechanism that maximizes security and privacy
-according to the needs of the individual or organization. Using a
+Cross-origin resource sharing</a> (CORS). This specification allows for the
+cross-origin resource sharing of verification methods and service endpoints,
+which means that correlatable identifiers might be shared between origins. While
+resource sharing can lead to positive security outcomes (reduced cryptographic
+key registration burden), it can also lead to negative privacy outcomes
+(tracking). Those that use this specification are warned that there are
+trade-offs with each approach and to use the mechanism that maximizes security
+and privacy according to the needs of the individual or organization. Using a
 [=controller document=] for all use cases is not always advantageous when a
 same-origin bound cryptographic key would suffice.
       </p>