I was reading https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy#Scope_of_storage_access yesterday and noticed that it does not use the registrable domain as the key.

In particular, if tracker.example is granted storage access on foo.example.com, and the user navigates to example.com that also embeds tracker.example, tracker.example does not have storage access. If the user then navigates to bar.foo.example.com which also embeds tracker.example, tracker.example does have storage access.

I suspect we are flexible with regards to this, but I thought I'd bring it up to see what people think.