Capability

A security term describing a way of controlling access dynamically in a computing system by treating access to objects as provided by a "key" instead of via an "ID Card" (user rights). This is generally more principled, since each object is required to access functionality individually on a lease-per-object basis, while still being able to transfer the use of those leases to other objects during the lease's term.

What is a Capability, Anyway?.
Essays on Capabilities and Security on EROS web site.
Norman Hardy's site devoted to capability theory, notably:
- A GUI for a Capability System
- Capabilities in disguise
The SPEEDOS Project a software-engineering toolkit based on capabilities and confinement.
Mark S. Miller Home Page, in particular his Agoric Open Systems Papers (see also Security and E, a programming language built with capabilities in mind).
Don't miss this article by Jonathan Rees: W7, a security kernel based on the Lambda Calculus, that could have been called "Lambda, the ultimate capability".
In this thread on comp.lang.misc Peter Van Roy compares name values in Oz with capabilities and then concludes:
You're right, name values are a kind of capability too! They only have one operation, though: equality comparison.
CapabilitySecurityModel page on the C2 Wiki.

Page in this topic: coyotos

Also linked from: Actor E EROS GO! Hermes Information-Flow Security KeyKOS Microkernel Debate Sebyla Security User Rights Vault