A data value used to specify a capability (also called a "capability descriptor"). For example:
- in a CapabilityList system, a c-list index is a designator
- in an ObjectCapabilityLanguage, variable identifiers are used as designators
- in the PasswordCapabilityModel there is no distinction between a capability and its designator.
The "scope" of a designator determines the context in which it can be used. For example, the scope of a c-list index is normally a single ProtectionDomain, and the scope of a variable identifier is normally specified by a program's block structure (LexicalScoping). In DistributedObjectCapabilityModel protocols, the scope of designators may (or may not) be restricted to a particular connection.
Some capability researchers consider there to be security benefits in restricting the scope of designators, in order to limit the extent of compromise if a capability designator is 'stolen' due to some implementation flaw -- especially in the case where designators are transmitted over a network (even if encrypted). Others argue that it is better to concentrate on preventing such implementation flaws, and that using designators with global scope can make protocols simpler.