> So, translating this into capability-speak,
> presumably what I'm getting at is that the guy who is supplying content
> should be able to attach capabilities to the content, right? And also
> choose how those capabilities relate to the identity of the client user
> (or something)?
Exactly. Certainly the client didn't have access to anything at all except by virtue of the fact that the content provider made some capabilities accessable via the web server as a semi-trusted agent. An HTML file itself, for example, is named by a capability.
shap