[h2onock]

This is a very good suggestion, do you have anything specific in mind? We've been looking at the the WAC spec (part of the Solid project) which is related, though different, and interesting. https://github.com/solid/web-access-control-spec do you have any thoughts on that?

[mikewarot]

Access control lists are more flexible than User,Group,World type permissions, but are nowhere as powerful or composable as capabilities.

[Edit] - Example: On a linux machine, how could you give access to only one file in the whole system? Answer: By setting the permissions on every single file other than the one in question to deny access. Set the permission to allow access on the one file you care to share.

With Capabilities, the token IS the permission... and it doesn't really take much to implement it, once you completely grok the idea.