I've been thinking about app permission models, especially as we're working on B2G and need a way for users to safely and thoughtfully manage the apps on their device. Most permission models strive to do precisely one thing: allow apps to ask for consent to use features.
The problem I have with "allow/deny" consent to use features is that there's not a clear usage intention in having the access; a mirror app that asks for access to your camera probably doesn't need to store data it gets from the sensor, but it could go so far as to store video (and perhaps send it to "sneakyprivacyinvadors.com" to spy on you).
If apps can explain their usage intentions, consumers of the apps have more context and can make better decisions about the permissions they grant. While the software probably can't make sure the usage intentions are actually followed, this commitment to customers puts the app developers on the hook for doing the right thing.
Head on over to the discussion in mozilla.dev.webapps where I've posted my thoughts, and let us know what you think.
Edit (23-May-2012 / 9:33 PDT): Google Groups (the public archive) did not pick up my original post to the group. If you're not subscribed via NNTP or the dev-webapps mailing list, you can see my original post in the quoted text of the first reply by Paul.