(''This section describing requirements was developed/written separately from the 4 security areas outlined above. both areas must be consistent and integrated'')
===Core Principles===
#User control: Users control what application permissions an application has at all times (pre, during and post installation).
#Secure by default: A user who chooses to accept the default permissions recommended by a store must be secure by default
#Least Privilege: Applications must be granted the minimum privileges necessary to function
#Minimize Permissions: APIs should be designed in such a way to provide the most functionality without the need to be granted permissions
===Trust Model===
#The user is the root source of trust for permissions settings.
#B2G devices will be shipped with a root Trusted Store which has the power to set the permissions defaults for an Web App.
#The user can choose to override store permissions (either granting or revoking privileges), but the store permissions should be safe for the user, and represent the minimum permissions the application needs to run.
#The store can also entrust other stores with the power to grant permissions (possibly a subset of permissions, or not privileged permissions)
=== Enforcement of permissions on device ===
# Permissions should be enforced regardless of version of B2G installed
