*User can monitor permission state and change app permissions via consistent permission notification UI
*Privileges granted are limited to explicit list of application assets; we must enforce security boundaries between trusted code and any untrusted content that the app may also load.
*Same origin not enforced for app content.
===Certified application===