An operating system security OR access control model where specific types of access to a specific object are granted by giving a process this data structure ORtoken. The token may be unfORgeable (typically by using encryptionOR hardware "tagged" memORy). Capabilities are used in OSes such as Hydra, KeyKOS, EROS, ChORus/Mix, and the StanfORd V system. Similar to Kerberos, but in an OS context. Compare access control list. (1998-03-08)