It is not clear which came first historically except that mathematical language theorists have pioneered the ideas that underpin Capabilities in the small more than a century ago. Those who first gave precise definitions of what it meant to be a mathematical proposition found themselves dealing with these issues, but with names we might now not recognize. Lexical scoping along with parameter logic has burried within it most or all of the insights of capabilities.
Early Burroughs machines tried to be faithful to this plan in the instruction set design. Capsicum seeks hardware support for capabilities so that not even malicious compilers can violate capability discipline. Other platforms rely on conventional hardware and trusted compilers and I see no reason why this cannot work. But I need to understand what they claim in better detail. For a secure platform what they claim needs to be melded with what loaders and other system components do to arrange for the execution of these compiled programs. I have not seen an integrated plan for such systems. I think that IBM has evolved System 38 into such a system. I do not know what claims IBM makes about their current offerings.
If you can trust the compiler and all your software is written in the language of that compiler then you may be able to build a complete capability platform without novel hardware support. Perhaps it suffices to trust a compiler back-end into which other compilers for other languages feed their code.
I am enthusiastic about all of these efforts; they complement Capabilities in the Large.
The benefits arise in a set of firewalls that vastly limit the damage that can be done when some component, such as a browser, falls prey to maliciously crafted data from the internet and, despite its design, abuses its authority to the detriment of the user. Chrome and other browsers take great pains to avoid this but still advise the customer not to click on suspected links.