Some use-cases require the ability to add a new application using the SOAP (or other remote) API.

This capability should be protected by a "Can Create Another Application" permission, which defaults to false, and the newly created application should inherit the permissions of the application under whose aegis it was created.