Capability is a signed message enabling the use of token

Usually, when a website wants to access user's tokens, the website needs user's permission. The site produces a filter which is applied to the user's election of tokens. The browser then present the filtered list to the user, so the user can decide which token to be used on the website.

In order to streamline the user experience, a token issuer can issue a capability to a website. The site that carries the capacity gets to learn the instances of the said token owned by the current user, without the user given explicit permission.

Example of this is that FIFA ticket can given a capacity to, so that can display special travel packages only valid to the FIFA ticket holders. This capacity allos to learn user's FIFA tickets without the user making explicit choice.

In traditional web2 websites, such integration is done by logging in to and "linking" the user's FIFA ticket account with his/hers account.

Capability is a concept being designed, and there is no data module for it yet.