Most existing capability-based systems have either of the following issues.

1. Too low granularity of capabilities (an app can access network, but actually should be allowed to access e.g. just several OSI 4 or higher protocols, have limited bandwidth, shouldn't have access to any OSI 3 or lower information, etc.)

2. Too high granularity (e.g. SELinux is super complex which is contra-productive as it's therefore quite often ignored or quite incorrectly configured)

To solve this, capabilites shouldn't be fix, but rather shall be a turing-complete executable code/assembly (imagine Linux BPF JIT). Then one can provide a standard library with low-grained capability-building-blocks (like e.g. Android does) and allow for fine-grained specification in all scenarios.

How do you want to approach this granularity/complexity issue in WASI?