Permissions For Web Applications
Traditionally Web applications are untrusted, treated as potentially malicious, and hence "sandboxed" to deny them the ability to affect the user's system or access user data. As we add capabilities to the Web platform, we sometimes encounter situations where legitimate applications want functionality that must be denied to malicious applications. A natural solution is to ask the user whether such requests should be permitted.
more on weblogs.mozillazine.org
Robert O'Callahan of Mozilla compares usability of permission model of Android and web browsers.
