Forgeability

It is difficult to prevent tokens from being forged.
A solution is to have the operating system hold all tokens instead of allowing the user to hold the token.
Tokens can be encrypted using a secret known only to the operating system.
Usually capabilities are backed up by ACLs or Directories and used as a sort of rights “cache”

It is difficult to prevent tokens from being forged.