capability
An {operating system} security or
access control model where specific types of access to a
specific object are granted by giving a process this data
structure or {token}.
The token may be unforgeable (typically by using {encryption}
or hardware "tagged" memory). Capabilities are used in OSes
such as {Hydra}, {KeyKOS}, {EROS}, {Chorus}/{Mix}, and the
{Stanford V system}. Similar to {Kerberos}, but in an OS
context.
Compare {access control list}.
(1998-03-08)