design: Capability-based security is like DI with proxies

Rather than expecting an application to respect and correctly implement the desired authorisation, capability-based approaches flip this approach by obtaining and passing around the capabilities themselves.

For example if you invoke some function and pass a path and saying "write your results here" then the process has to use ambient security to open a file handle with correct mode. In you instead open the file handle in the capability layer and pass it in then you've injected the combination of path + mode.

Possible use case: Provide AI agents with proxies to their resources, so they can't over-reach