Currently, the process model defines isolation principals using "sites" (scheme and etld+1) and "site URLs".  However, we've been extending and redefining sites beyond the original definition, and we are starting to hit situations in which GURLs or url::Origins alone aren't enough to represent a principal: 

1. We now support process isolation for particular origins ( issue 713444 ), where we use the full origin rather than just a scheme/etld+1.

2. Webview guests currently use a special site URL which doesn't match the site of actual web content being rendered inside them.  Eventually, we want to introduce knowledge of StoragePartition to support cross-process navigations and OOPIFs in guests.

3. With Isolate-Me (https://wicg.github.io/isolation/explainer.html), we might need to support knowledge of StoragePartitions as well.

4. Hosted apps use a chrome-extension:// site_url, which does not match the origin from which the web content is served.

Referring to the isolation principal using a site_url is confusing in those cases, and representing site_urls with GURLs has led to bugs since it's too easy to pass in the wrong kind of URL (e.g., a full URL to a function that expects a site URL). Two examples: https://codereview.chromium.org/2921063003/ for GetProcessHostForSite and https://codereview.chromium.org/2322673005/ for DoesSiteRequireDedicatedProcess.  Let's come up with something better!

Charlie notes that there was an earlier attempt at introducing a better notion of a principal in  issue 109792 , and that it might be time to revisit that.