'web origin' -> 'origin'. fixes #173.

index.bs

@@ -58,7 +58,7 @@ spec: HTML51; urlPrefix: http://www.w3.org/TR/html51/
 This specification defines an API enabling the creation and use of strong, attested, cryptographic <em><a>scoped
 credentials</a></em> by web applications, for the purpose of strongly authenticating users. A <a>scoped credential</a> is
 created and stored by an <em><a>authenticator</a></em> at the behest of a <em><a>[RP]</a></em>, subject to <em><a>user
-consent</a></em>. Subsequently, the scoped credential can only be accessed by web origins belonging to that [RP].
+consent</a></em>. Subsequently, the scoped credential can only be accessed by origins belonging to that [RP].
 This scoping is enforced jointly by <em><a>conforming User Agents</a></em> and <em><a>authenticators</a></em>. 
 Additionally, privacy across <a>[RPS]</a> is maintained; [RPS] are not able to detect any properties, or even
 the existence, of credentials scoped to other [RPS].
@@ -239,7 +239,7 @@ NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
 
 : <dfn>Relying Party Identifier</dfn>
 : <dfn>RP ID</dfn>
-:: A Relying Party Identifier is derived from a <a>[RP]</a>'s web origin's hostname by computing the hostname's <a>eTLD+1</a>. 
+:: A Relying Party Identifier is derived from a <a>[RP]</a>'s origin's hostname by computing the hostname's <a>eTLD+1</a>. 
 
 : <dfn>Scoped Credential</dfn>
 :: Generically, a credential is data one entity presents to another in order to authenticate the former's identity [[RFC4949]].
@@ -285,7 +285,7 @@ and/or platform on the user's behalf. At no point does the script get access to
 information about the credentials in the form of objects. 
 
 The security properties of this API are provided by the client and the authenticator working together. The authenticator, which
-holds and manages credentials, ensures that all operations are scoped to a particular web origin, and cannot be replayed against
+holds and manages credentials, ensures that all operations are scoped to a particular origin, and cannot be replayed against
 a different origin, by incorporating the origin in its responses. Specifically, as defined in [[#signature-format]], the full
 origin of the requester is included, and signed over, in the attestation statement produced when a new credential is created as
 well as in all assertions produced by WebAuthn credentials.
@@ -294,9 +294,9 @@ Additionally, to maintain user privacy and prevent malicious [RPS] from probing
 other [RPS], each credential is also associated with a Relying Party Identifier, or RP ID. This RP ID is provided by the client
 to the authenticator for all operations, and the authenticator ensures that credentials created by a [RP] can only be used in
 operations requested by the same RP ID. Separating the origin from the RP ID in this way allows the API to be used in cases
-where a single [RP] maintains multiple web origins.
+where a single [RP] maintains multiple origins.
 
-The client facilitates these security measures by providing correct web origins and RP IDs to the authenticator for each
+The client facilitates these security measures by providing correct origins and RP IDs to the authenticator for each
 operation. Since this is an integral part of the WebAuthn security model, user agents MUST only expose this API to callers in
 <dfn>secure contexts</dfn>, as defined in [[secure-contexts]].
 
@@ -718,7 +718,7 @@ string-valued keys. Values may be any type that has a valid encoding in JSON. It
 <div dfn-for="ClientData">
     The <dfn>challenge</dfn> member contains the base64url encoding of the challenge provided by the RP.
 
-    The <dfn for="ClientData">origin</dfn> member contains the fully qualified web origin of the requester, as provided to the authenticator by
+    The <dfn for="ClientData">origin</dfn> member contains the fully qualified origin of the requester, as provided to the authenticator by
     the client, in the syntax defined by [[RFC6454]].
 
     The <dfn>rpId</dfn> member contains the RP ID of the requester, as computed by the client.