==Same Origin Policy==
Same origin policy should not be enforced for certified apps or privileged apps, since each app has its own cookie store. The app would have to declare its intent to bypass same-origin policy.
==Cookie & Password management==
Cookies and passwords are stored per app. See [[Apps/Security#Data_stored_per_app|below]].
==Format for privileged and certified apps==