This could be a JNLP question, but it's really about signing versus not signing.
I find that if I sign the applet's jar, I get permissions I don't get if I don't sign it, even though I haven't asked for any permissions. What's disturbing about this is that neither the JNLP spec (look under Launch) nor the Permissions spec (look here [http://download.oracle.com/javase/1.4.2/docs/guide/security/permissions.html#SecMgrChecks] -- I don't know if there's a more recent version) make any mention of signing. (Well, the JNLP spec says you need to sign if you ask for permissions, but I'm not asking for any permissions in the JNLP.)
So, my question is: Where is the set if permissions that an applet gets solely by virtue of being signed documented? Failing that, is it possible to get the security manager to list out the permissions I have?