[hamandcheese]

> The 'cap' in Cap'n Proto is for https://en.wikipedia.org/wiki/Capability-based_security

This seems to go completely unmentioned on the home page, other than the word “capability system” in the very first sentence.

What does capability based security mean for a data interchange format? The notion hardly makes any sense to me.

From the homepage: “Think JSON, except binary.”

What would JSON look like with capability-based security?

> You can work with results without actually having the results, e.g. before the results exist

This sounds exactly like promises, or perhaps a functional effect system. What does this have to do with data serialization?

[lucozade]

Cap'n Proto has a remote object system using interface references.

When a reference is constructed, only the creator has the capability of invoking the interface. If the reference is then passed to another server, they and only they have the capability of invoking the interface.

That's what they mean by capability.

[kentonv]

Cap'n Proto has a serialization layer and an RPC layer. The capability-based security part is mostly a feature of the RPC layer, not the serialization. The serialization does assist slightly in defining a way to encode remote references.

> This sounds exactly like promises

Yes, the API is Promise-based. Both Cap'n Proto and JavaScript Promises are inspired by the E programming language, which is a strict object-capability language.

[c-cube]

It's a promise you can send to other processes, even to the machine that is supposed to fulfill that promise. That allows batching of calls that depend on one another.