Capability

security

Definition

Capability

A capability $⟨\text{object},\text{rights}⟩$ is an unforgeable ticket (token) that defines the privileges of its holder.

Subject-Centred

Each capability is associated with a subject. Capabilities are usually implemented via random strings (cryptographically protected, e.g. via HMAC) or controlled by the operating system. They can be passed from one subject to another.

Token Validity

The reference monitor checks only the validity of the token. There is no need to identify the subject.