According to discussions on the mailing list [1][2], there seem to be a consensus that origins listed in manifest's "allow-navigation" are not considered part of the installed application, and thus that permissions granted to the application do not apply for these origins. However this is not clearly stated in the specification. I therefore suggest to add a clarification in section "8. Navigation". Something like:
Origins listed in this manifest property are not considered part of the application itself, and hence do not inherit the application privileges as defined in section 10.
According to discussions on the mailing list [1][2], there seem to be a consensus that origins listed in manifest's "allow-navigation" are not considered part of the installed application, and thus that permissions granted to the application do not apply for these origins. However this is not clearly stated in the specification. I therefore suggest to add a clarification in section "8. Navigation". Something like: