Zebra Copy, a small business in Palo Alto and Cupertino, does business with HP. Some 2,000 HP employees are permitted to order work from them. The system in place uses ACLs, so Zebra Copy has a database of HP employees and what each is allowed to do.
Every time an employee changes roles, HP must notify Zebra Copy, and they must update their database. HP has some 20,000 such business partners, and Zebra Copy has several hundred companies it does business with.
If capabilities were used, life would be much simpler. Zebra Copy would give HP a capability for each access right. It would be up to HP to manage those capabilities. When someone at HP changed jobs, it would be HP's responsibility to make sure that the capability was transferred properly. Should a capability be stolen or misused, HP would be responsible until it notified Zebra Copy to revoke it. Zebra Copy would need only keep one set of capabilities for each contract; HP would not need to keep suppliers informed of personnel changes.