We were discussing reading recommendations for understanding ACLs vs capabilities recently, and @expede recommended a few resources on the topic:
- A short read with good intuitions: Should ld-ocap be built on top of Verifiable Credentials? · Issue #6 · w3c-ccg/zcap-ld · GitHub
- Capability Myths Demolished: https://srl.cs.jhu.edu/pubs/SRL2003-02.pdf
- Capability-based Financial Instruments: An Ode to the Granovetter Diagram
- Capabilities in the context of Secure ECMAScript (SES): Agoric + Protocol Labs // Part 2 - Object-capability Programming in Javascript - Mark Miller - YouTube
- ACLs Don’t: http://waterken.sourceforge.net/aclsdont/current.pdf