The factory design began at an NCSC meeting on military security and capability systems. I had been saying for a while to anyone in ear-shot that capability systems were clearly able to confine programs. I had some hand waving arguments sufficient to bring doubt on the assertion that they were incapable of confinement, but insufficient to convince that they could confine. During the meeting someone challenged me to say just how confinement might work. That night I thought several hours about the problem. The next morning I described a solution that is rather like the current factory design but was rather more complicated than I had thought. I convinced most or all of the attendees that the factory design was sound.