Those aren't mutually exclusive. Object capabilities are a core part of what makes the L4s faster than Mach. Mach had to do a permissions check on every IPC message since the port table is global. And since it was global, practically that was an expensive ACL check. You don't even have to do a full permissions check on capability endpoints since the mere fact that you have a handle to it is proof of that you have the appropriate permissions.