I have been reading about the HTML5 additions to the
Allows the content to be treated as being from its normal origin. If
this keyword is not used, the embedded content is treated as being
from a unique origin.
...[I]t can be used to embed content from a third-party site,
sandboxed to prevent that site from opening pop-up windows, etc,
without preventing the embedded page from communicating back to its
originating site, using the database APIs to store data, etc.
You can't access the document between an iFrame and the Parent window (from different domains). To communicate between frames in you'd need to use postMessage.
Using the allow-same-origin allows you to use, for example, cookies that are in the iFrame.
Here's a good reading to understand better iFrames' sandbox: http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/