If I understood correctly what I've found searching around, a capability is "an unforgeable ticket, which when presented can be taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket" (1). So there is an authority that gives a capability to an object, which in turn can pass the capability to some other trusted object ("Capabilities can be delegated" and "Capabilities can be copied" (2)).

When you need to access something, you must pass a ticket that will be verified on the other side; in other words, invoking a method is not sufficient, you need the right ticket.

There is still something unclear to me: who will issue tickets? Will an object request a ticket or the object itself will be created with some tickets?

HTH, Valerio

1) http://www.cap-lore.com/CapTheory/ProtInf/
2) http://www.eros-os.org/essays/capintro.html