*User can monitor permission state and change app permissions via consistent permission notification UI
*Privileges granted are limited to explicit list of application assets; we must enforce security boundaries between trusted code and any untrusted content that the app may also load.
*Same No same-origin not restrictions for app content; same origin still enforced for non-app content.
===Certified application===