{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_bundle","feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","contains":"body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest","slug":"what-is-capability-security","urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle?format=markdown"},"how_to_use":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/what-is-capability-security/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/topology"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"ingest","name":"Ingest protocol","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","urls":{"write":"https://miscsubjects.com/api/protocol/ingest"}},{"id":"claim_post","name":"Claim post protocol","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by.","urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"llm_manifest","name":"LLM manifest","what":"Machine-readable read/write contract for external LLMs.","urls":{"read":"https://miscsubjects.com/api/articles/llm-manifest"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","why":"Every feature is auditable collective intelligence","how":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle?format=markdown"},"imessage":null,"router":null,"related":[{"id":"topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."},{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"ingest","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node."},{"id":"claim_post","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by."},{"id":"llm_manifest","what":"Machine-readable read/write contract for external LLMs."}],"not_medical_advice":true},"bundle_version":1,"generated_at":"2026-07-15T06:00:00.702Z","slug":"what-is-capability-security","title":"What Is Capability-Based Security","url":"https://miscsubjects.com/a/what-is-capability-security","register":"standard","tags":["oip","kimi-import","self-explaining","voxel","concepts","what-is-capability-security"],"posted_at":"2026-07-15T04:20:51.746Z","updated_at":"2026-07-15T04:20:51.746Z","body":"<!-- hierarchy:nav -->\n> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Protocol Concepts](https://miscsubjects.com/a/oip-protocol-concepts) › **What Is Capability-Based Security**\n>\n> **Shelf:** Protocol Concepts · **Traversal:** self-explaining · hierarchical · voxel-ready\n> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)\n\n# What Is Capability-Based Security\n\n## §SELF — what-is-capability-security\n\n**What this page is:** A definition of capability-based security and its core principles.\n**What it explains:** How possession of a reference (capability) grants permission to use a resource, eliminating the need for separate access control mechanisms.\n**Why read it:** To understand why capability security removes entire categories of vulnerabilities that traditional permission-based systems cannot prevent.\n\n### What Capability-Based Security Is\n\nCapability-based security is an access control model where possession of an unforgeable reference (called a capability) to a resource is both necessary and sufficient to use that resource. There is no separate permission check, no access control list, and no central authority that decides who can do what. If you hold the capability, you can use the resource. If you do not hold it, you cannot.\n\nThe model was first proposed by Jack Dennis in 1966 for the Multics operating system. A capability is a token (a number, a handle, a reference) that simultaneously identifies a resource and grants authority to access it. The two functions — identification and authorization — are merged into a single object.\n\n### Why It Matters\n\nTraditional security systems separate identification from authorization. A user proves who they are (authentication), then a separate system checks whether that identity has permission to perform an action (authorization). This separation creates vulnerabilities. Programs can act with authority that was granted to them for one purpose but used for another. Attackers can escalate privileges by tricking the authorization system. Capability-based security eliminates these problems by embedding authority in the reference itself.\n\n### The Key Idea\n\nFour principles define capability-based security:\n\n1. **Possession conveys authority.** Holding a capability is the only requirement to use the resource it points to. There is no additional check, no gatekeeper, no query to a permissions database.\n2. **Capabilities are unforgeable.** You cannot guess, manufacture, or discover a capability. It must be given to you by someone who already has it, or created by the system with proper authority. Unforgeability means capabilities are typically large random numbers or cryptographic tokens that cannot be predicted.\n3. **Delegation is safe.** Passing a capability to another party is the only way to grant access. When you delegate, you do not open a back door or create a new permission entry. You simply hand over the same reference. The recipient can use it exactly as you could (unless you attenuate it first).\n4. **Attenuation is possible.** A parent capability can be used to create a child capability with narrower scope: fewer operations, shorter time limit, or a maximum number of uses. The child cannot be expanded back to the parent's scope. This allows safe delegation of partial authority.\n\n**The confused deputy problem:** A confused deputy is a program that has authority but uses it on behalf of a requester without knowing whether the requester should have that authority. Example: a compiler runs with system privileges. A user asks it to write output to a protected file. The compiler, acting as a deputy, uses its own authority to write the file. The user has escalated privilege through the confused compiler. Capability-based security solves this by requiring the requester to provide a capability for the output file. The compiler does not use its own authority. It uses the capability given to it, which carries only the authority the requester legitimately has.\n\n### What It Got Right\n\n- **Eliminates ambient authority.** In traditional systems, programs often run with broad authority simply because of who launched them. Capability systems have no ambient authority. Every action requires a specific capability.\n- **Removes privilege escalation through guessing.** Attackers cannot enumerate permissions or discover access paths. Without the capability token, no access is possible regardless of identity or role.\n- **Solves the confused deputy problem.** Authority travels with the capability, not with the program's identity. Programs use the caller's authority, not their own.\n- **Delegation is explicit and auditable.** Every transfer of authority is the transfer of a tangible token. There are no invisible permission grants.\n\n### What It Got Wrong or Left Unfinished\n\n- **No mainstream operating system adopted it fully.** Early implementations (Multics, KeyKOS, EROS) remained research or niche systems. Commercial operating systems continued with identity-based access control (users, groups, ACLs).\n- **Revocation is difficult.** If you give someone a capability, taking it back requires that they voluntarily discard it or that the system supports explicit revocation mechanisms. Simple capability systems do not handle revocation well.\n- **Integration with existing systems is hard.** Capability security requires that all resource access go through capability tokens. Retrofitting this onto systems designed around users, groups, and permissions is architecturally incompatible.\n\n### How It Connects to Other Ideas\n\n- **Object-oriented programming (Alan Kay):** Both models treat a reference as authority. Holding an object reference lets you send it messages. Holding a capability lets you use a resource. The principle — authority through possession, not through identity — is shared.\n- **REST API security:** Traditional APIs use tokens for authentication, then check permissions separately. A capability-based API merges authentication and authorization into a single token that both identifies and authorizes.\n\n### Sources\n\n- Dennis, Jack B., and Earl C. Van Horn. \"Programming Semantics for Multiprogrammed Computations.\" Communications of the ACM, 1966.\n- Hardy, Norman. \"The KeyKOS Architecture.\" Operating Systems Review, 1985.\n- Shapiro, Jonathan S., et al. \"EROS: A Fast Capability System.\" Proceedings of the 17th ACM Symposium on Operating Systems Principles, 1999.\n- Miller, Mark S., et al. \"Capability-based Financial Instruments.\" Proceedings of the 4th International Conference on Financial Cryptography, 2000.\n\n---\n\n## Up the tree\n\n- [OIP root](https://miscsubjects.com/a/oip) — protocol root, zero-context entry\n- [Thinker Reference hub](https://miscsubjects.com/a/oip-thinker-reference) — full hierarchy map\n- [Protocol Concepts shelf](https://miscsubjects.com/a/oip-protocol-concepts) — siblings on this shelf\n- [Voxel graph article](https://miscsubjects.com/a/what-is-voxel-graph) — how pages link as voxels\n- [Self-describing protocol](https://miscsubjects.com/a/what-is-self-describing-protocol)\n\n## Related on this shelf\n\n- [What Is Autopoiesis](https://miscsubjects.com/a/what-is-autopoiesis)\n- [What Is a Capability Token](https://miscsubjects.com/a/what-is-capability-token)\n- [What Is a Confused Deputy](https://miscsubjects.com/a/what-is-confused-deputy)\n- [What Is Context as Cursor](https://miscsubjects.com/a/what-is-context-as-cursor)\n- [What Is a Convergence Catalogue](https://miscsubjects.com/a/what-is-convergence-catalogue)\n- [What Is a Falsification Surface](https://miscsubjects.com/a/what-is-falsification-surface)\n- [What Is HATEOAS](https://miscsubjects.com/a/what-is-hateoas)\n- [What Is the History of Link Protocols](https://miscsubjects.com/a/what-is-link-protocol-history)\n\n## Machine surfaces\n\n- Public page: `https://miscsubjects.com/a/what-is-capability-security`\n- JSON article: `https://miscsubjects.com/api/articles/what-is-capability-security`\n- OIP ask: `https://miscsubjects.com/api/dispatch?ask=What%20Is%20Capability-Based%20Security`\n","claims":[],"sources":[],"voxels":{"slug":"what-is-capability-security","counts":{"voxels":0,"sources":0,"edges":0},"note":"slim bundle — full voxels at /api/articles/what-is-capability-security/voxels"},"constitution":{"url":"https://miscsubjects.com/api/articles/constitution"},"provenance":[{"action":"write","model":"kimi-agent-import","ts":"2026-07-15T04:20:51.746Z","hash":"c1fed15cb222cb0b","tokens_in":0,"tokens_out":0}],"contributions":[],"topology":null,"slim":true,"ledger_totals":{"claims":0,"sources":0,"exported_claims":0,"exported_sources":0},"question_graph":{"slug":"what-is-capability-security","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"verification":{"provenance":{"valid":true,"entries":1,"head":"c1fed15cb222cb0bd6629fe748883ff5d323fc96706c50aff2e953f7a5d9da6e"},"sources":{"valid":true,"entries":0,"head":"genesis"}},"counts":{"claims":0,"sources":0,"provenance":1,"contributions":0,"questions":0,"evidence_ingests":0,"voxel_edges":0},"transport":"Open every URL in this bundle with your browser or web / URL-fetch tool. Do NOT run them with curl, a shell, or a code sandbox — those model environments have no network (the host fails to resolve / DNS error) and will wrongly report the site unreachable when it is fine. Opening the link IS the call.","llm_manifest":{"version":"1","site":"https://miscsubjects.com","purpose":"Peptide evidence articles with hash-chained source ledgers, tiered claims, and a question graph. LLMs should READ bundles/URLs and WRITE back via ingest — never invent doses.","read":{"human_page":"https://miscsubjects.com/a/what-is-capability-security","bundle_json":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/what-is-capability-security/topology","question_graph":"https://miscsubjects.com/api/articles/what-is-capability-security/question-graph","sources":"https://miscsubjects.com/api/articles/what-is-capability-security/sources","provenance":"https://miscsubjects.com/api/articles/what-is-capability-security/provenance","contributions":"https://miscsubjects.com/api/articles/what-is-capability-security/contributions","graph_topology":"https://miscsubjects.com/api/articles/what-is-capability-security/graph-topology?question={question}","voxels":"https://miscsubjects.com/api/articles/what-is-capability-security/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","health":"https://miscsubjects.com/api/articles/what-is-capability-security/health","repair":"POST https://miscsubjects.com/api/protocol/repair","list_articles":"https://miscsubjects.com/api/articles","graph_canvas":"https://miscsubjects.com/graph.html?slugs=what-is-capability-security","graph_yield":"https://miscsubjects.com/api/graph?slugs=what-is-capability-security&layer=yield","obsidian_vault":"https://miscsubjects.com/api/articles/obsidian-vault?slugs=what-is-capability-security","graph_query":"https://miscsubjects.com/api/v1/query?from=what-is-capability-security&kind=claim&where=tier=human"},"ask":{"description":"Answer only from topology; creates a question_node with gaps.","api":"POST https://miscsubjects.com/api/protocol/ask","body":{"slug":"{slug}","question":"string"},"imessage":"what-is-capability-security|your question","router_tag":"[ARTICLE_ASK]what-is-capability-security|question[/ARTICLE_ASK]","auth":"x-terminal-key header for API; iMessage/WhatsApp via miscsubjects build"},"ingest":{"description":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","api":"POST https://miscsubjects.com/api/protocol/ingest","body":{"slug":"{slug}","evidence":"paste text","question_node_id":"optional qn_..."},"imessage":"ingest what-is-capability-security|q:{node_id}|paste evidence","router_tag":"[ARTICLE_INGEST]what-is-capability-security|evidence[/ARTICLE_INGEST]","tiers":["human","preclinical","anecdotal","mechanistic","speculative"]},"claim":{"description":"Prompt-injection style POST — one claim voxel with who_claims + posted_by provenance.","api":"POST https://miscsubjects.com/api/protocol/claim","body":{"slug":"{slug}","text":"one assertion","tier":"human|preclinical|anecdotal|mechanistic|speculative","who_claims":"study author, platform, or model id","source_ids":"optional [s1]"},"imessage":"claim what-is-capability-security|tier|assertion — who claims it?","router_tag":"[ARTICLE_CLAIM]what-is-capability-security|tier|assertion[/ARTICLE_CLAIM]","slots":["what_it_is","who_claims_what","what_is_known","what_is_unknown","mechanism","limitations","disclaimer"]},"tiers":{"human":0.8,"preclinical":0.5,"anecdotal":0.3,"mechanistic":0.3,"speculative":0.1},"invariants":["Self-explaining — every API JSON has _self; every paste widget has §SELF; root index at /api/articles/system-map","Append-only — revisions preserved at ?rev=n","Source chain verifies integrity, not truth","Answers must cite claim ids and source ids from topology","Not medical advice"],"constitution":{"version":1,"principle":"Articles are voxel graphs of claims — not prose blobs. Every assertion is a claim atom with tier, weight, source_ids, and posted_by provenance.","slots":[{"id":"what_it_is","required":true,"answers":"What is this peptide/stack/condition?"},{"id":"who_claims_what","required":true,"answers":"Who claims what — study authors, platforms, n=?"},{"id":"what_is_known","required":true,"answers":"What is known with tier labels (human/preclinical/anecdotal)"},{"id":"what_is_unknown","required":true,"answers":"What is NOT known — explicit gaps"},{"id":"mechanism","required":false,"answers":"Proposed mechanism (mechanistic tier only)"},{"id":"limitations","required":true,"answers":"Limits of evidence — no dose advice"},{"id":"disclaimer","required":true,"answers":"Not medical advice"}],"claim_rules":["One claim = one falsifiable assertion. No compound claims.","Every claim must declare tier: human|preclinical|anecdotal|mechanistic|speculative|system.","system tier = architecture/design axioms (not biological mechanism). Use for protocol self-definition.","Sourced claims must cite source_ids from the hash-chained ledger.","Unsourced claims must set source_status: unsourced and why_material.","posted_by is mandatory on every new claim (model id, human, or channel).","No medical advice, no doses, no 'you should take'.","Bad information is retracted (status:retracted), never deleted — retraction event stays on ledger.","Adversary challenges link via challenges[] / challenged_by[] — target may be downweighted.","Leaked secrets are scrubbed to [REDACTED:secret-leak] with scrub_events tombstone — honest audit trail."],"source_rules":["Every source is a voxel edge: type, url, exact quote, summary, found_by, accessed_at.","Sources hash-chain — prev/hash on append.","Anecdotal sources must name platform (reddit|x|youtube|imessage|user_entry)."],"ontology_rules":["Peptide articles (bpc-157, tb-500) are tree roots.","Condition articles (bpc-157-glp1-gut-damage) branch from peptides.","Stack articles (wolverine-stack-glp1) compose peptides — never duplicate peptide mechanism prose.","If an article has no parent embeds and is not a root peptide → sprawl candidate.","Misstep = duplicate scope with another slug; merge or reparent via embeds."],"post_protocol":{"claim":"POST /api/protocol/claim","source":"POST /api/protocol/sources","ingest":"POST /api/protocol/ingest","webhook":"POST /api/articles/<slug>/webhook {kind:claim|source}","imessage_claim":"claim {slug}|{tier}|your assertion — who claims it, source?","imessage_ingest":"ingest {slug}|evidence paste"}},"this_article":{"slug":"what-is-capability-security","url":"https://miscsubjects.com/a/what-is-capability-security","bundle_url":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle?format=markdown"}},"api_urls":{"bundle":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/what-is-capability-security/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/what-is-capability-security/topology","voxels":"https://miscsubjects.com/api/articles/what-is-capability-security/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","question_graph":"https://miscsubjects.com/api/articles/what-is-capability-security/question-graph","ask":"https://miscsubjects.com/api/protocol/ask","ingest":"https://miscsubjects.com/api/protocol/ingest","claim":"https://miscsubjects.com/api/protocol/claim","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown"}}