-This specification is closer to +The same-origin policy can be overridden for a variety of use cases, such as +for -Cross-origin resource sharing (CORS) both in concept and practice. The -result of this is that correlatable information can be shared between origins -and while that can lead to positive security outcomes (no public key -registration burden), it can also lead to negative privacy outcomes (tracking). -Those that use this specification are warned that there are trade-offs with -each approach and to use the mechanism that maximizes security and privacy -according to the needs of the individual or organization. Using a +Cross-origin resource sharing (CORS). This specification allows for the +cross-origin resource sharing of verification methods and service endpoints, +which means that correlatable identifiers might be shared between origins. While +resource sharing can lead to positive security outcomes (reduced cryptographic +key registration burden), it can also lead to negative privacy outcomes +(tracking). Those that use this specification are warned that there are +trade-offs with each approach and to use the mechanism that maximizes security +and privacy according to the needs of the individual or organization. Using a [=controller document=] for all use cases is not always advantageous when a same-origin bound cryptographic key would suffice.