## §SELF — miscsubjects portable reference

**Principle:** Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.

**This widget:** `article_bundle` — **LLM article bundle**
Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.
- **article slug:** `what-is-capability-token`
- **contains:** body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest
- **how to use:** Reference block for Grok/GPT/Gemini. Section §SELF explains the system.
- **read:** https://miscsubjects.com/api/articles/what-is-capability-token/bundle?format=markdown

### Logical proof (verify each step)
1. Articles are voxel graphs of tiered claims, not prose blobs. → https://miscsubjects.com/api/articles/constitution
2. Claims link to hash-chained sources via source_ids. → https://miscsubjects.com/api/articles/what-is-capability-token/sources
3. Ask reads topology; ingest/claim append to ledger. → https://miscsubjects.com/api/protocol
4. Models queue growth: populate → collaborate → repair → reflex. → https://miscsubjects.com/api/protocol/grow
5. Graph proves its own shape (reflex) and $/claim (yield). → https://miscsubjects.com/graph.html?layer=reflex
6. Full feature index + _explain on every API response. → https://miscsubjects.com/api/articles/system-map

### Related features (explains other parts of the system)
- **topology** — Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER. · https://miscsubjects.com/api/articles/what-is-capability-token/topology
- **voxels** — Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance. · https://miscsubjects.com/api/articles/what-is-capability-token/voxels
- **ask** — Answer only from topology; creates question_node with gaps and ingest_hint. · https://miscsubjects.com/api/articles/what-is-capability-token/prompts
- **ingest** — Parse pasted evidence → source ledger + claims + evidence_ingest node.
- **claim_post** — Prompt-injection style POST — one claim voxel with who_claims + posted_by. · https://miscsubjects.com/api/articles/what-is-capability-token/voxels
- **llm_manifest** — Machine-readable read/write contract for external LLMs. · https://miscsubjects.com/api/articles/llm-manifest

### Full index
- JSON: https://miscsubjects.com/api/articles/system-map
- Markdown: https://miscsubjects.com/api/articles/system-map?format=markdown

*Not medical advice. Tier-honest. Cite claim/source ids.*

---

# miscsubjects article bundle

> Reference bundle for Grok, GPT, Gemini, or a human reader. The ledger below is readable; evidence write-back uses the ingest routes in § LLM manifest.

## Article
- **slug:** `what-is-capability-token`
- **title:** What Is a Capability Token
- **url:** https://miscsubjects.com/a/what-is-capability-token
- **register:** standard
- **updated:** 2026-07-15T04:20:52.499Z
- **tags:** oip, kimi-import, self-explaining, voxel, concepts, what-is-capability-token

## Body

<!-- hierarchy:nav -->
> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Protocol Concepts](https://miscsubjects.com/a/oip-protocol-concepts) › **What Is a Capability Token**
>
> **Shelf:** Protocol Concepts · **Traversal:** self-explaining · hierarchical · voxel-ready
> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)

# What Is a Capability Token

## §SELF — what-is-capability-token

**What this page is:** A definition of a capability token and its eight defining properties.
**What it explains:** How capability tokens work as self-describing, self-limiting grants of authority, and how they differ from passwords and API keys.
**Why read it:** To understand how to design access credentials that carry their own constraints, require no central lookup, and limit damage if stolen.

### What a Capability Token Is

A capability token is a credential that proves the bearer has permission to perform a specific action on a specific object. It follows the capability security model: possession of the token equals permission to act. The token contains all the information needed to verify and scope the access — no separate identity check, no access control list, no central authority. It is a self-describing, self-limiting grant of authority.

### Why It Matters

Traditional access control relies on identity: a user proves who they are, and a central system checks permissions against an access control list. This creates bottlenecks (every check requires the central authority), fragility (if the authority fails, all access fails), and broad attack surfaces (stolen identity credentials grant everything that identity can access). A capability token inverts this: the token itself carries the permission. A bearer with the token can present it directly to the resource. There is no central check because the token contains its own constraints. If the token is stolen, the damage is limited to what that specific token permits — not everything the bearer owns.

### The Key Idea

The capability model treats permission as a transferable token, not as an entry in a database. A capability token encodes what object it targets, what operations it allows, how long it lasts, and any further restrictions — all within the token itself. The resource that receives the token can verify it using only the information in the token plus a cryptographic key. It does not need to ask a third party whether the token is valid.

### Properties of a Capability Token

A capability token has eight defining properties:

1. **Scoped.** The token specifies exactly what objects it can access and what operations it can perform. A token scoped to read file X cannot write file X and cannot access file Y. The scope is part of the token itself.

2. **Expiring.** The token has a time-to-live (TTL) after which it becomes invalid. An expired token is rejected regardless of its other properties. This limits the window of damage from a stolen token.

3. **Revocable.** The issuer can invalidate the token before it expires. Revocation does not require modifying the token — it requires the resource to check a revocation list or status endpoint maintained by the issuer.

4. **Use-capped.** The token can be limited to a maximum number of invocations. After N uses, the token becomes invalid even if it has not reached its time expiry. This prevents unlimited exploitation of a leaked token.

5. **Risk-ceilinged.** The token carries a maximum risk level (for example, "low" or "high") and cannot access objects above that level. A low-risk token cannot perform high-risk operations even if the bearer attempts to misuse it.

6. **Argument-pinnable.** The issuer can fix certain arguments so the bearer cannot change them. For example, a token for a transfer operation can pin the destination account, preventing the bearer from redirecting the transfer to a different recipient.

7. **Duplicate-suppression.** Repeated identical invocations within a time window (approximately 90 seconds) return the same receipt instead of running the operation twice. This prevents accidental double-execution without requiring the bearer to track state.

8. **Audited.** Every use is logged under a unique audit ID. The audit ID is returned in the receipt and can be used to trace the invocation in system logs. This creates accountability without requiring the token to contain identity information.

### What It Is Not

- **Not a password:** A password proves identity. A capability token proves permission. A password grants everything the identity owns. A capability token grants only what the token specifies.

- **Not an API key:** An API key is typically a long-lived identifier that maps to a set of permissions stored on a server. A capability token is short-lived, self-describing, and carries its own constraints. An API key requires a server lookup; a capability token does not.

- **Not a role:** A role ("admin," "editor") is a category that maps to permissions through an external policy. A capability token is a specific grant for a specific action on a specific object. There is no indirection.

- **Not a certificate:** A certificate binds a public key to an identity. A capability token binds permission to a bearer. The two can be combined — a token can be signed with a key whose certificate is known — but they are conceptually distinct.

### How It Connects to Other Ideas

- **Capability-based security (operating systems):** The concept originated in operating system design, where a capability is an unforgeable reference to a protected resource. The same logic applies to distributed systems: the token is the unforgeable reference.

- **Macaroons and caveats:** Macaroons are a specific type of capability token that support chained delegation: the bearer can add further restrictions (caveats) and pass the token to another party, who is then bound by the original constraints plus the new ones. This is a more advanced form of the scoping and argument-pinning described above.

- **JSON Web Tokens (JWT):** JWTs are a common format for self-describing tokens. A capability token can be encoded as a JWT, but not all JWTs are capability tokens. A JWT is only a capability token if it encodes the capability model — scoped, expiring, revocable, and so on — rather than just identity claims.

- **Principle of least privilege:** This security principle states that a component should have only the permissions it needs to perform its function and no more. Capability tokens enforce this principle structurally: the token's scope defines the maximum permission, and the token cannot exceed it.

### Sources

- Dennis, Jack B., and Earl C. Van Horn. "Programming Semantics for Multiprogrammed Computations." *Communications of the ACM*, vol. 9, no. 3, 1966, pp. 143–155. (Early capability architecture.)
- Miller, Mark S., et al. "Capability-Based Financial Instruments: From Object Capabilities to Financial Contracts." *Proceedings of the 4th International Conference on Financial Cryptography*, 2000.
- Birgisson, Arnar, et al. "Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud." *Proceedings of NDSS*, 2014.
- Hardt, Dick. "The OAuth 2.0 Authorization Framework." RFC 6749, IETF, 2012.

---

## Up the tree

- [OIP root](https://miscsubjects.com/a/oip) — protocol root, zero-context entry
- [Thinker Reference hub](https://miscsubjects.com/a/oip-thinker-reference) — full hierarchy map
- [Protocol Concepts shelf](https://miscsubjects.com/a/oip-protocol-concepts) — siblings on this shelf
- [Voxel graph article](https://miscsubjects.com/a/what-is-voxel-graph) — how pages link as voxels
- [Self-describing protocol](https://miscsubjects.com/a/what-is-self-describing-protocol)

## Related on this shelf

- [What Is Autopoiesis](https://miscsubjects.com/a/what-is-autopoiesis)
- [What Is Capability-Based Security](https://miscsubjects.com/a/what-is-capability-security)
- [What Is a Confused Deputy](https://miscsubjects.com/a/what-is-confused-deputy)
- [What Is Context as Cursor](https://miscsubjects.com/a/what-is-context-as-cursor)
- [What Is a Convergence Catalogue](https://miscsubjects.com/a/what-is-convergence-catalogue)
- [What Is a Falsification Surface](https://miscsubjects.com/a/what-is-falsification-surface)
- [What Is HATEOAS](https://miscsubjects.com/a/what-is-hateoas)
- [What Is the History of Link Protocols](https://miscsubjects.com/a/what-is-link-protocol-history)

## Machine surfaces

- Public page: `https://miscsubjects.com/a/what-is-capability-token`
- JSON article: `https://miscsubjects.com/api/articles/what-is-capability-token`
- OIP ask: `https://miscsubjects.com/api/dispatch?ask=What%20Is%20a%20Capability%20Token`


## Claims (0)


## Voxel graph (0 atoms · 0 edges)
- full graph: https://miscsubjects.com/api/articles/what-is-capability-token/voxels

## Article constitution

- full: https://miscsubjects.com/api/articles/constitution

## Source ledger (0)
- chain valid: yes · head: `genesis`

## Provenance (1 model passes)
- chain valid: yes · head: `d9439b3866e347b4`

- write · kimi-agent-import · 2026-07-15T04:20 · hash `d9439b3866e3`

## Question graph
- questions: 0 · evidence ingests: 0

## LLM manifest — how to communicate with this ledger

- system map: https://miscsubjects.com/api/articles/system-map?format=markdown
- topology (ranked): https://miscsubjects.com/api/articles/what-is-capability-token/topology
- ingest: POST https://miscsubjects.com/api/protocol/ingest
- claim: POST https://miscsubjects.com/api/protocol/claim

### Quick actions for this article
- **Read live:** https://miscsubjects.com/api/articles/what-is-capability-token/topology
- **Ask (API):** POST https://miscsubjects.com/api/protocol/ask `{"slug":"what-is-capability-token","question":"..."}`
- **Ingest your findings:** POST https://miscsubjects.com/api/protocol/ingest or text `ingest what-is-capability-token|your evidence`
- **Post one claim:** POST https://miscsubjects.com/api/protocol/claim or text `claim what-is-capability-token|tier|assertion`
- **iMessage ask:** `what-is-capability-token|your question`
- **System map:** https://miscsubjects.com/api/articles/system-map?format=markdown


---

## §SELF — miscsubjects portable reference

**Principle:** Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.

**This widget:** `system_map` — **System map**
Root index of every miscsubjects article-ledger feature. Start here if you have zero context.
- **article slug:** `what-is-capability-token`
- **contains:** body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest
- **how to use:** Root index of every miscsubjects article-ledger feature. Start here if you have zero context.
- **read:** https://miscsubjects.com/api/articles/system-map

### Logical proof (verify each step)
1. Articles are voxel graphs of tiered claims, not prose blobs. → https://miscsubjects.com/api/articles/constitution
2. Claims link to hash-chained sources via source_ids. → https://miscsubjects.com/api/articles/what-is-capability-token/sources
3. Ask reads topology; ingest/claim append to ledger. → https://miscsubjects.com/api/protocol
4. Models queue growth: populate → collaborate → repair → reflex. → https://miscsubjects.com/api/protocol/grow
5. Graph proves its own shape (reflex) and $/claim (yield). → https://miscsubjects.com/graph.html?layer=reflex
6. Full feature index + _explain on every API response. → https://miscsubjects.com/api/articles/system-map

### Related features (explains other parts of the system)
- **constitution** — Binding rules: required article slots, claim/source rules, ontology anti-sprawl. · https://miscsubjects.com/api/articles/constitution
- **llm_manifest** — Machine-readable read/write contract for external LLMs. · https://miscsubjects.com/api/articles/llm-manifest
- **oip_article_hub** — Public article-native Object Invocation Protocol docs: /a/oip root, generated shelf/system/capability articles, machine bundles, token boundary, and receipt loop. · https://miscsubjects.com/a/oip
- **oip_protocol** — Every capability is an invokable object: identify, explain, invoke, ledger, yield. · https://miscsubjects.com/a/oip
- **bundle** — Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution. · https://miscsubjects.com/api/articles/what-is-capability-token/bundle?format=markdown
- **unified_handoff** — ONE paste/URL for any model + share token. Same self-explaining pattern as article bundle, but whole build. · https://miscsubjects.com/api/handoff?format=markdown

### Full index
- JSON: https://miscsubjects.com/api/articles/system-map
- Markdown: https://miscsubjects.com/api/articles/system-map?format=markdown

*Not medical advice. Tier-honest. Cite claim/source ids.*