A capability system is sort of like having lots and lots of those roles. But a key element is that within the system you don't have to be an administrator or have any kind of privileged-operation access to create a new capability, you just do it, and then you can pass it around (loosely equivalent to giving the role to others).
Capability systems include a way to _pass_ capabilities as part of the basic routine operations.
No comments yet.