*Most permissions requested via web intents
===Installed web applications===
Unauthenticated applications provide a manifest, and can optionally be obtained through an app store.
*No restrictions on transport but limited to one app per origin (though an app may load assets and code from other origins).