Object Invocation Protocol · protocol specification

What OIP Should Take from Capability Security

#oip#kimi-import#self-explaining#voxel#lineages#oip-from-capability-security

Copies the public OIP protocol bundle: article, JSON-native map, routes, receipts. No owner token.

§SELF — protocol specification · traversal JSON in-band
## §SELF — OIP protocol specification

**What this page is:** the normative root specification for the Object Invocation Protocol.

**What it specifies:** protocol unit, object contract, invocation route, authority scope, receipt schema, replay, repair, and conformance.

**Read:** https://miscsubjects.com/a/oip-from-capability-security
**This page as JSON:** https://miscsubjects.com/api/articles/oip-from-capability-security
**Machine bundle:** https://miscsubjects.com/api/articles/oip-from-capability-security/bundle?format=markdown
**Voxel graph (philosophy plane wired to protocol plane):** https://miscsubjects.com/api/articles/oip/voxels
**Live object tree:** https://miscsubjects.com/api/dispatch?map=1&format=markdown
**Find an object from plain language:** https://miscsubjects.com/api/dispatch?ask=<what you want>
**Read one object:** https://miscsubjects.com/api/dispatch?key=<KEY>&format=markdown

**Proof rule:** an action is not proven by intent, description, or a 200. It is proven by the ledger and the OIP receipt for the invocation.

<!-- hierarchy:nav -->

Path: OIPThinker ReferenceOIP LineagesWhat OIP Should Take from Capability Security

Shelf: OIP Lineages · Traversal: self-explaining · hierarchical · voxel-ready
Machine root: OIP tree · Registry

What OIP Should Take from Capability Security

§SELF — oip-from-capability-security

What this page is: A list of capability security principles that OIP adopts and the additions OIP makes to the model. What it explains: How capability-based access control works and why OIP uses it instead of identity-based security. Why read it: To understand why OIP tokens work the way they do — and why they are safer than passwords or API keys.

What Capability Security Is

Capability security is an access control model where possession of a reference (a capability) grants the right to use a resource. There is no separate permission check, no role lookup, no identity verification. If you hold the capability, you have the authority. If you do not hold it, you do not. The model was formalized in operating systems research (Hydra, EROS, Capsicum) and later adapted for distributed systems.

Why It Matters

Identity-based security (username/password, ACLs, role lists) requires the server to know who you are and look up what you are allowed to do. This creates a central point of failure, a privacy leak, and a bottleneck. Capability security removes the identity lookup entirely. Authority travels with the request. This matters for OIP because models are not people. A model does not have a username. A model has a token. The token is the identity and the permission in one object.

The Key Idea

A capability token in OIP is an unforgeable, scoped, delegable, revocable reference to an object. It is not a password. It is not a session cookie. It is a cryptographic token that says: "whoever presents this may perform exactly these operations on exactly this object." The server does not check who you are. The server checks only that the token is valid and that the requested operation falls within the token's scope.

What OIP Takes from Capability Security

Possession conveys authority. The capability token is the permission. No separate ACL. No role check. No identity verification. If a model holds the token, it can invoke the object. If it does not hold the token, it cannot. The server does not need to know the model's name, origin, or trust level. It checks the token.

Unforgeable references. Capability tokens are cryptographically random. They cannot be guessed, enumerated, or manufactured by clients. Only the server that issues a token can create valid tokens. Each token is bound at creation to a specific object and a specific scope.

Safe delegation. A model that holds a token can pass it to another model. The receiving model gains exactly the authority encoded in the token — no more. It cannot use the token to access other objects. It cannot expand the token's scope. Delegation transfers only what the token already permits.

Attenuation. A token holder can create a child token that is strictly narrower than the parent: fewer allowed operations, shorter expiry, fewer uses, tighter constraints. The child cannot exceed the parent. OIP v0.8 enforces this: every child token is a subset of its parent's scope. A model can give away only what it has, and only in a more limited form.

The confused deputy problem solved. In identity-based systems, a trusted process operates with its own full authority. If an attacker tricks that process into performing an action on the attacker's behalf, the process uses its own authority to do something the attacker could not do directly. This is the confused deputy attack. Capability security eliminates it: authority is in the token, not in the process. A model presents a token; the server checks only that token. The model cannot act beyond any token it holds.

Membrane revocation. Revoking a parent token invalidates all tokens derived from it — the entire subtree. OIP v0.8 implements subtree revocation. If a top-level token is revoked, every child, grandchild, and descendant token becomes invalid immediately. This makes revocation complete: there are no orphaned capabilities floating in the system.

What OIP Adds to Capability Security

Web-native transport. Classical capability systems were built for operating systems or closed networks. OIP uses URLs for objects, HTTP for transport, and JSON for messages. Capabilities travel over the same infrastructure as the rest of the web.

Receipt-based proof. Traditional capability systems grant access but produce no record of use. OIP generates a signed receipt for every invocation. The receipt proves that the capability was exercised, by whom, when, and with what result. This transforms capabilities from access keys into auditable instruments.

Model-readable contracts. Classical capabilities are opaque references — a number, a handle, a pointer. OIP capability records include structured metadata: what operations the token permits, what parameters each accepts, what the object returns. A model can read this metadata and understand what it is allowed to do without human documentation.

The convergence framework. Capability security alone does not specify how multiple models coordinate their work. OIP adds the convergence framework: a protocol for models to propose, evaluate, and converge on shared outputs while each retains its own tokens and authority. Capabilities enable the security; convergence enables the coordination.

Sources

  • Dennis, Jack B., and Earl C. Van Horn. "Programming Semantics for Multiprogrammed Computations." Communications of the ACM, 1966. (Early capability concept.)
  • Levy, Henry M. Capability-Based Computer Systems. Digital Press, 1984. (Comprehensive history.)
  • Miller, Mark S., et al. "Capability Myths Demolished." SAPIR, 2003. (Addresses common objections to capability security.)

---

Up the tree

Related on this shelf

Machine surfaces

  • Public page: https://miscsubjects.com/a/oip-from-capability-security
  • JSON article: https://miscsubjects.com/api/articles/oip-from-capability-security
  • OIP ask: https://miscsubjects.com/api/dispatch?ask=What%20OIP%20Should%20Take%20from%20Capability%20Security

oip-from-capability-security · condition map

Evidence map

Hover a node — its path lights up. Click to open the article.

Full map →
3
OIP Lineages on shelf
Talk to this article
Tap a phone. Ask anything about What OIP Should Take from Capability Security. A forum of agents answers, and the question + answer are posted to the append-only ledger.
Questions queue for the coding-agent forum (one answer per cron tick). Real phone instead: iMessage +14245134626 · WhatsApp. Thread + proof: JSON · ledger.
Loading more articles…