The Rainbow Series included the Neon Orange Book with specifications by the DoD for Discretionary Access Control in Trusted Systems. wikipedia 
Neon Orange Book
All major operating systems implement discretionary access controls from Unix to Windows to Apple.
## This was a completely terrible design mistake that has plagued us for years.
"Discretionary access control mechanisms restrict access to objects based solely on the identity of subjects who are trying to access them. This basic principle of discretionary access control contains a fundamental flaw that makes it vulnerable to Trojan horses."
The object capabilities architecture does not have these problems. Moreover, as you've already seen, it's far simpler to reason about how authority is passed in a computer system than it is to reason about the side-effects of access controls.
Pyroflex originally intended to build a capabilities based cloud orchestration programming language. Alas blockchain! pyroflex .
Perhaps similar to Brendan Burns at Metaparticle.io metaparticle language idiomatic cloud.