Unforgeable Distributed Capabilities

Alan Karp presented: A capability is a transferrable, unforgeable authorization to use the object it designates. Unforgeability means that knowing the bits associated with a capability cannot be used to gain the permission it grants. A problem arises when we want to access capabilities across machines, because we can only send bits between them. It would seem that someone who comes to know those bits can gain the permission of the capability they represent, making unforgeability impossible in a distributed system. A closer look reveals that is not always the case. page