Hybrid Capability Model

A hybrid-capability system in one in which access is allowed only if it satisfies both ObjectCapabilityModel rules and AccessControlList rules.

The IBM System/38, now known as the AS/400, has two kinds of capabilities: normal object-capabilities and so-called "unauthorized capabilities". For the latter, access also carries a principle-ID, and is allowed only if the AccessControlList mechanism says it's ok.

Hybrid-capability systems include

IBM System/38 aka AS/400
Karger's SCAP
Li Gong's ICAP
this paper from OOPSLA '92: http://citeseer.ist.psu.edu/context/76003/0

CategorySecurity CategorySecurityModel CapabilitySecurityModel