Design Goals
1. Capability-based access control
2. Meta-model
3. Partial understanding
4. Interface refactoring