An operating system security or access control model where specific types of access to a specific object are granted by giving a process this data structure or token.The token may be unforgeable (typically by using encryption or hardware "tagged" memory).Capabilities are used in OSes such as Hydra, KeyKOS, EROS, Chorus/Mix, and the Stanford V system.Similar to Kerberos, but in an OS context.Compare access control list.(1998-03-08)