Good work. I'm happy to see this for Redox. There are numerous implementations of capabilities now, and they confirm that the concept really does simplify access control and sandboxing.