Redo integrity verification in IsolatedContext spec (#44)

This addresses the issues raised by @domfarolino in #42 regarding how the spec was tying integrity verification to browsing context group. Rather than attaching integrity verification information to browsing context group, which doesn't exist for all environments, this moves the information to a user agent level map.

isolated-contexts.bs

@@ -388,20 +388,25 @@ the associated [=environment settings object/global object=].
 
 ### Integrity ### {#html-integrity}
 
-A [=browsing context group=] has an <dfn for="browsing context group" export>
-integrity origin</dfn>, which is an [=origin=] or `null`.
-
-A [=browsing context group=] has an <dfn for="browsing context group" export>
-integrity verification algorithm</dfn>, which is `null` or an
+An <dfn export>integrity verification algorithm</dfn> is an
 [=implementation-defined=] algorithm that accepts a [=request=] and a
-[=response=], and returns a [=boolean=]. A [=browsing context group=]'s
-[=integrity verification algorithm=] MUST be non-null if its
-[=integrity origin=] is non-null.
+[=response=], and returns a [=boolean=].
 
 Note: A typical [=integrity verification algorithm=] might verify that a
 response body hashes to an expected value, or that it originated from a known
 bundle of resources.
 
+A [=user agent=] holds an <dfn export>origin integrity verification map</dfn>,
+which is a [=map=] of [=tuple origins=] to
+[=integrity verification algorithms=].
+
+Note: How user agents populate the [=origin integrity verification map=] is
+outside the scope of this specification, which is focused on the properties
+needed to establish integrity and isolation.
+<a href="https://github.com/WICG/isolated-web-apps/">Isolated Web Apps</a>
+provide one possible implementation by basing this map on the set of installed
+Isolated Web Apps.
+
 ### Environment Settings Object properties ### {#html-environment-properties}
 
 <div algorithm="environment settings object mitigates injection">
@@ -427,20 +432,15 @@ these properties will not mutate during an environment's lifetime.
 <div algorithm="environment settings object is an isolated context">
 An [=environment settings object=] |environment| is an
 <dfn export>isolated context</dfn> if the following algorithm returns `true`:
-    1.  Let |browsing context group| be the [=browsing context group=] that 
-        |environment| belongs to.
     1.  If |environment| does not [=environment settings object/meaningfully
         mitigate injection attacks=], return `false`.
-    1.  If |environment|'s [=cross-origin isolated capability=] is not
-        [=concrete=], return `false`.
+    1.  If |environment|'s [=cross-origin isolated capability=] is
+        not [=concrete=], return `false`.
     1.  If |environment| does not [=environment settings object/mitigate UI
         Redressing attacks=], return `false`.
-    1.  If |browsing context group|'s [=browsing context group/integrity
-        origin=] is null, return `false`.
-    1.  Let |integrity origin| be |browsing context group|'s
-        [=browsing context group/integrity origin=].
-    1.  If |environment|'s [=origin=] is not [=same origin=] with |integrity
-        origin|, return `false`.
+    1.  Let |origin| be |environment|'s [=origin=].
+    1.  If the [=user agent=]'s [=origin integrity verification map=][|origin|]
+        does not [=map/exist=], return `false`.
     1.  Return `true`.
 </div>
 
@@ -459,24 +459,14 @@ and a [=response=] |response|, run these steps. Possible return values are
 <ol>
   <li>Let |client| be |request|'s [=request/client=].</li>
   <li>If |client| is `null`, return "`not applicable`".</li>
+  <li>Let |origin| be |request|'s [=request/origin=].</li>
   <li>
-    Let |browsing context group| be the [=browsing context group=] that
-    |client| belongs to.
+    If the [=user agent=]'s [=origin integrity verification map=][|origin|]
+    does not [=map/exist=], return "`not applicable`".
   </li>
   <li>
-    Let |integrity origin| be |browsing context group|'s [=integrity origin=].
-  </li>
-  <li>
-    Let |integrity verification algorithm| be |browsing context group|'s
-    [=integrity verification algorithm=].
-  </li>
-  <li>
-    If |integrity origin| or |integrity verification algorithm| are `null`,
-    return "`not applicable`".
-  </li>
-  <li>
-    If |request|'s [=request/origin=] is not [=same origin=] with |integrity
-    origin|, return "`not applicable`".
+    Let |integrity verification algorithm| be the [=user agent=]'s
+    [=origin integrity verification map=][|origin|].
   </li>
   <li>
     If |response|'s [=response/body=] is `null`, return "`invalid`".
@@ -612,8 +602,10 @@ after similarly handling [{{CrossOriginIsolated}}] (step 4 below).
 ## Storage ## {#monkey-storage}
 
 The [=obtain a storage key for non-storage purposes=] algorithm is extended to
-require double-keying on all storage within a [=browsing context group=]
-containing [=Isolated Contexts=].
+require double-keying on all storage belonging to an
+<a href="https://html.spec.whatwg.org/multipage/webappapis.html#environment">
+environment</a> with a [=top-level origin=] known by the [=user agent=] to have
+an [=integrity verification algorithm=].
 
 <div algorithm="obtain a storage key for non-storage purposes isolated context">
 To obtain a storage key for non-storage purposes, given an
@@ -628,13 +620,12 @@ environment</a> |environment|, run these steps:
     </li>
 
     <li><ins>
-      Let |integrity origin| be the [=browsing context group/integrity origin=]
-      of the [=browsing context group=] that |environment| belongs to.
+      Let |top-level origin| be |environment|'s [=top-level origin=].
     </ins></li>
-
     <li><ins>
-      If |integrity origin| is non-null, return a [=tuple=] consisting of
-      |integrity origin| and |origin|.
+      If the [=user agent=]'s [=origin integrity verification map=]
+      [|top-level origin|] [=map/exists=], return a [=tuple=] consisting of
+      |top-level origin| and |origin|.
     </ins></li>
 
     <li>