There are two lines of development in the history of capabilities: hardware and software. The ideas precede the name especially in the hardware line of development. Henry Levy’s book Capability-Based Computer Systems is a good history of the hardware developments.

Capability like descriptors were perhaps the earliest schemes to control the access of problem programs to real memory, but soon the development of virtual memory supplanted the descriptor schemes. Most modern computers have two modes of operation; the privileged and problem modes. The virtual memory provides to the problem program something much like the real memory in that the problem program uses ordinary numbers as addresses to access its memory but those addresses are first translated by some memory mapping hardware to real addresses before real memory is accessed. The privileged program controls this map and thus limits what real memory the problem programs can access. These memory maps were conceived as schemes for the privileged program to provide to the problem program the same simple memory model that program tools, such as compilers, had adapted to. Descriptors required that user code reference those descriptors. While the flat memory model was easier to explain and implement, it was arguably harder for the compiler which had to compile instructions to compute addresses of arrays laid out in flat memory.

Some capability work proceeded with hardware using such memory maps. Cal TSS was designed for a Control Data 6400. The Hydra system, described in Levy’s book, used largely standard hardware. Keykos and Eros use standard hardware.

Computer Languages and Capabilities

Languages after the first Fortran, partition the program into blocks where data is defined. Only code in the block where the data is defined can access that data except when code X calls code Y in another block X can pass access to its data to Y. Such access is in the form of an argument which is a reference to X’s data. While Y is running it can access this data. This reference is like a capability. Implementations differ on whether invalid programs can break the rules and access data in other blocks. The rules of C and C++ seem to not permit implementations that prevent invalid access. The first clear proposal to use this style of security to solve real system security problems was by Jonathan Rees: A Security Kernel Based on the Lambda Calculus. Java provides better performance than most interpretive systems but Java’s library is incompatible with using Java object references as capabilities. I think that Microsoft’s CLR has the same problem.
Burroughs material and more