Object Capabilities

A type safe OO language allows a principal to get additional rights or access to resources by getting objects back from interfaces. And this is the ONLY way to acquire access rights to resources. This puts a lot of responsibility in the interface design of components. And it shows how dangerous object directories are where arbitrary clients can browse for usable objects. With object capabilities a client can find/get only objects she has access rights to.