[kkajla]

As I understand it, "capabilities" in capability-based schemes uniquely reference an object and specify a list of access rights on that object. This seems fairly similar to tuples in Zanzibar, which reference a unique object, an access right, and a unique subject whom the access right belongs to. You can think of Zanzibar as a layer used for defining, storing, and querying for capabilities.

[hamburglar]

Yeah, I believe capability/verb simply maps directly to relation in Zanzibar speak. “Can edit” vs “is an editor”. I’m more accustomed to the verb style, so whenever I read about authz systems that use relations or roles, I’m constantly mapping the concepts in my head to try to find examples where they aren't 1:1 and have yet to think of any.