diff --git a/src/syndicated-actor-model.md b/src/syndicated-actor-model.md
index 46ea474..40b7f96 100644
--- a/src/syndicated-actor-model.md
+++ b/src/syndicated-actor-model.md
@@ -348,10 +348,10 @@ instance. The client remains blissfully unaware that anything untoward happened.
 ## Object-capabilities for access control
 
 [Object capabilities](https://en.wikipedia.org/wiki/Object-capability_model) are the only
-properly compositional way to secure a distributed system. They are a natural fit for
-Actor-style systems, as demonstrated by E and its various descendants [[Miller 2006][], [Van
-Cutsem et al 2007][], [Stiegler and Tie 2010][], [Yoo et al 2012][] and others], so it makes sense
-that they would work well for the Syndicated Actor Model.
+properly compositional way to secure a distributed system.[^justification-and-examples] They
+are a natural fit for Actor-style systems, as demonstrated by E and its various descendants
+[[Miller 2006][], [Van Cutsem et al 2007][], [Stiegler and Tie 2010][], [Yoo et al 2012][] and
+others], so it makes sense that they would work well for the Syndicated Actor Model.
 
 The main difference between SAM capabilities and those in E-style Actor models is that
 syndicated capabilities express pattern-matching-based restrictions on the *assertions* that
@@ -434,6 +434,11 @@ in Linda.” ACM TOPLAS 7, no. 1 (January 2, 1985): 80–112.
 Carriero. “Coordination Languages and Their Significance.” Communications of the ACM 35, no. 2
 (February 1, 1992): 97–107. [[DOI]](https://doi.org/10.1145/129630.129635)</span>
 
+[Karp 2015]: #ref:karp-2015
+[**Karp 2015**] <span id="ref:karp-2015">Karp, Alan H. “Access Control for IoT: A Position
+Paper.” In IEEE Workshop on Security and Privacy for IoT. Washington, DC, USA, 2015.
+[[PDF]](https://alanhkarp.com/publications/Access-Control-for-IoT.pdf)</span>
+
 [Konieczny et al 2009]: #ref:konieczny-2009
 [**Konieczny et al 2009**] <span id="ref:konieczny-2009">Konieczny, Eric, Ryan Ashcraft, David
 Cunningham, and Sandeep Maripuri. “Establishing Presence within the Service-Oriented
@@ -498,3 +503,8 @@ USENIX Annual Technical Conference. Boston, Massachusetts, 2012.
 [^background-on-interests]: For more on assertions of interest, see
   [here](https://syndicate-lang.org/about/#conversational-frames-conversational-knowledge) and
   [here](https://syndicate-lang.org/tonyg-dissertation/html/#x_2_2_0_0_8).
+
+[^justification-and-examples]: Karp [[2015][Karp 2015]] offers a good justification of this
+    claim along with a worked example of object-capabilities in a personal-computing setting.
+    The capabilities are ordinary E-style capabilities rather than SAM-style capabilities, but
+    the conclusions hold.