>From e6a5cded445f832f416325c8cbc520115d40c334 Mon Sep 17 00:00:00 2001
From: IkiWiki <ikiwiki.info>
Date: Sat, 26 Jan 2019 10:06:17 -0500
Subject: [PATCH] I added a concrete example to the capability page.

---
 capability.mdwn | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/capability.mdwn b/capability.mdwn
index 0ebe5cd4..32a9b68f 100644
--- a/capability.mdwn
+++ b/capability.mdwn
@@ -28,6 +28,16 @@ sent a string to identify the file to B, the identifier lacks a
 than A intended.  By ensuring that [[designation]] and [[authorization]] are
 always bound together, these problems are avoided.
 
+If you found the above example a little too abstract, then consider the example
+found on the [[wikipedia|https://en.wikipedia.org/wiki/Confused_deputy_problem]]
+page.  Suppose a trusted server runs a compilation process, bills clients for
+using the service, and stores billing information in the "bills.txt" file. The
+compilation server needs clients to provide the name of the input and output
+files to compile the program.  Suppose a client calls the compilation server
+and specifies the output file as the "billing.txt" file.  The server compiles
+the program, and then overwrites the billing information.  Now the server does
+not know who to bill for the use of its services.
+
 Capability-based system architectures strive to meet the *principle of least
 privilege* ({{$wikipedia_polp}}).
 
-- 
2.20.1