Principals:
- You should be as secure as using a standalone app
- Different sites should not be able to learn about each other
- The same sites should.
Components:
- Subjects: Entities that actually do stuff. (Basically JS Scripts)
- Objects: Resources that the subjects interact with. (DOM, Cookies)
- Access Policies: Includes Same Origin Policy (SOP) and Cookie Policy