Level of Abstraction

It is difficult to be both clear and precise here. Each of the two systems has a clear concept of exactly what a capability is. (Perhaps they are indeed the same concept.) A pattern of bits is not a capability unless it is found in a protected place where the software trusted to interpret bits as capabilities, can be sure that it indeed represents a capability. Bits arriving on a wire are not capabilities as far as the local trusted code is concerned. A local capability must be constructed that suitably corresponds to the original. There is a larger set of code, perhaps trusted by a smaller set of people, that treats such bits as capabilities after applying the disciplines of cryptography to them.

Remarkably this subtle distinction seems to cause no confusion problems for those accustomed to thinking about them and it is seldom necessary to distinguish which kind of capability one refers to. Perhaps the best was to think about the issue is to admit that different portions of an application suite depend on different TCBs.