[morecoffee]

> capability-based RPC system.

This sounds like a cool idea, but so far I haven't seen any good explanation of how it works, and why it will save me from rolling my own ACL system. For bragging about it in the very first sentence, there is surprisingly little detail about how it works.

[kentonv]

It's a complicated topic -- it requires thinking about things in a different way, and tends not to make a lot of sense until at some point it "clicks" and you realize all sorts of patterns you were already using are actually special cases of capabilities.

Here is some reading:

https://capnproto.org/rpc.html#security

https://sandstorm.io/how-it-works#capabilities

http://zesty.ca/capmyths/usenix.pdf