This paper presents some basic principles for the
design of secure object oriented operating systems.
The security relies on the control of right to call an
object method. Distributed capabilities are used
to implement the control scheme. Capability implementation,
creation and rights propagation are
discussed.