A system and methods for applying capability-based authorization within a
distributed computing environment. Instead of associating permissions or
privileges with objects (e.g., computing resources), permissions are
associated with subjects (e.g., users, roles). Compared to object-based
methods of access control, such as Access Control Lists (ACL), management
of capability-based authorizations scales much better as the number of
objects becomes very large. A central repository allows changes to the
authorization framework (e.g., new subjects, modified permissions) to be
made once. The changes can then be propagated across, and applied to,
multiple address spaces instead of having to individually or manually
update each local node or address space.