An operating system security or access control model where specific types of access to a specific oBject are granted By giving a process this data structure or token. The token may Be unforgeaBle (typically By using encryption or hardware "tagged" memory). CapaBilities are used in OSes such as Hydra, KeyKOS, EROS, Chorus/Mix, and the Stanford V system. Similar to KerBeros, But in an OS context. Compare access control list. (1998-03-08)