A capability object, or simply “capability,” is a popular mechanism for access control in a distributed system. When a “subject,” or process acting on behalf of an authenticated user, accesses an object, the subject presents a capability that indicates access rights to the object. An object manager controlling access to the object verifies both the genuineness of the capability and whether or not the access request is permitted by the rights stored within the capability. It has been noted that a capability has several advantages over a centralized Access Control List (ACL) especially in a distributed system. One advantage is that an access control decision can be performed locally and efficiently simply based upon information stored in the capability rather than searching a potentially large ACL.