For more reading see blog post by Chip Morningstar
and Randy Farmer. page 
"A capability is single thing that both designates a resource and authorizes some kind of access to it."
Capabilities solve “The Confused Deputy” problem in Windows, MacOS, and Unix derived OS Linux, Android, etc.
Three ways to obtain a capabilitiy in an ocap system:
# Creation
- We follow the convention that, as a byproduct of the act of creation, the creator receives a capability that provides full access to the new resource.
# Transfer
- Capability passing is how the authority graph the map of who has what authority to do what with what–can change over time
- The lack of a principled way to talk about how authorities change over time is another big problem with the ACL model
# Endowment
- Endowment means you were born with the capability.
- An object’s creator can give it a reference to some other object as part of its initial state.
- Creation + transfer can use to have an immutable object that holds a capability
- Avoid infinite regress.
From @hierophantos