This disclosure describes dynamic access control using capabilities (via dynamic access control interface (150)) on a blockchain system (180). The blockchain data structure is a time- stamped list of blocks, chained together cryptographically. In this disclosure, capabilities can be recorded on a blockchain system (via capabilities storage (170)) and thus access propagation is known. This makes revocation of access achievable by recording a new transaction, which in effect removes the previous authorization. There will be no change to transaction history and instead a new transaction records (170) the current status of the capability. An example implementation on a blockchain system (180) is given in Ethereum, which allows programs called "smart contracts" to run as transactions.