Object-capabilities are an amazing solution/paradigm to provide security, both flexibly and robustly. Ever since I discovered them and got to understand them, I'm bothered that there are pretty much no widely used tool using or providing them, and I'd like to lobby a bit for their adoption, possibly by either designing a system with them or porting a system to them.
As the Web is the platform to make newly produced applications easily visible and usable by numerous users, I'll probably go for a Web application. It also has the benefit that if I want to provide a service more than an easily deployed application, I don't have to worry about the programming language and tools I use, as long as they can answer HTTP requests (standalone server, CGI, FastCGI, whatever).
Now, one perfect fit for ocaps is some publication system, where you can edit and publish documents and use ocaps to restrict or delegate rights on the documents, and I'm already working on this. But are there other systems that would be an interesting target for an ocaps implementation? (because they are popular, because their security is praticularily a mess or a joke, because they would make a perfect match for ocaps, etc...)
That is, what web services do you use where you'd wish it could be more secure and could enable you to share more and delegate more or in an easier way than is currently possible?