If you don't want a PDF or scribd, clicky to Cambridge project page:
<a href="http://www.cl.cam.ac.uk/research/security/capsicum/" rel="nofollow">http://www.cl.cam.ac.uk/research/security/capsicum/</a>
Somewhat related -- I have always thought it would be cool to build a capability system like this into a language with a strong H-M type system. I think it would be an interesting study to have the bare minimum privileges passed via type dependences. Done well this would have any given bit of code only have the bare minimum to do its job.<p>Also: some types of automatic security checks at compile time too!
A note for those who thought that Unix has had capabilities forever. POSIX defines something called capabilities that are very, very different from a true capability system. This is a true capability system.