If you don't want a PDF or scribd, clicky to Cambridge project page: http://www.cl.cam.ac.uk/research/security/capsicum/

In particular, the Usenix talk about Capsicum has been recorded: http://www.youtube.com/watch?v=raNx9L4VH2k

Somewhat related -- I have always thought it would be cool to build a capability system like this into a language with a strong H-M type system. I think it would be an interesting study to have the bare minimum privileges passed via type dependences. Done well this would have any given bit of code only have the bare minimum to do its job.

Also: some types of automatic security checks at compile time too!

Have you seen http://lambda-the-ultimate.org/node/1635 (Lightweight static capabilities)? Author's page: http://okmij.org/ftp/Computation/lightweight-dependent-typin...

I had not seen that, thanks for the pointer!

A note for those who thought that Unix has had capabilities forever. POSIX defines something called capabilities that are very, very different from a true capability system. This is a true capability system.