*Most permissions requested via web intents
===Installed web applicationsapplication===
Unauthenticated applications provide a manifest, and can optionally be obtained through an app store.
*No restrictions on transport but limited to one app per origin (though an app may load assets and code from other origins).