"Capability Myths Demolished" (at http://srl.cs.jhu.edu/pubs/SRL2003-02.pdf ) explains the differences between various access control models that have come to be known as "capability systems", and sets the record straight about the properties widely attributed to the CapabilitySecurityModel.
This paper was rejected by the referees of Usenix Security 2003 (See http://www.eros-os.org/pipermail/cap-talk/2003-March/001133.html ). The answer to these objections was an invited paper: ParadigmRegained.