Capabilities based management of virtual areas

The invention claimed is: 1. A system that operates in a network communication environment in which communicants operating respective client nodes connect to an area in which ones of the communicants are able to establish respective presences, the system comprising: a processor; and a memory, coupled to the processor, having code stored therein that when executed by the processor, the processor performs operations comprising: executing an engine to manage capabilities on behalf of each of one or more of the communicants in the area, and provide for each communicant a respective capability ring that stores the communicant's persistent capabilities and transient capabilities that are granted as a result of applying capability rules to the communicant; monitoring states of the area, wherein the area is defined with a current state of the area, and the current state comprises an occupancy attribute that provides an indication of occupancy of the communicants in the area; dynamically updating the respective capability ring of the particular communicant based on changes in states of the communicants and the area, wherein the dynamically updating comprises based on a permissions check by the capabilities engine against the respective capability ring of the particular communicant, determining that the particular area is in a first state as defined by a first set of one or more values of the one or more attributes and automatically granting a respective transient capability to enter the particular area to the particular communicant, and based on a permissions check by the capabilities engine against the respective capability ring of the particular communicant, ascertaining that the particular area is in a second state as defined by a second set of one or more values of the one or more attributes in which the value of the occupancy attribute is different from the value of the occupancy attribute in the first state and automatically revoking the capability to enter the particular area from the particular communicant; and administering one or more of realtime communications between the client nodes of respective ones of the communicants who are co-present in the area. 2. The system of claim 1 , wherein the occupancy attribute value corresponds to a count of the communicants who are present in the area. 3. The system of claim 2 , wherein the first set of one or more values defining the first state of the area comprises an occupancy value greater than zero, and the second set of one or more values defining the second state of the area comprises an occupancy value of zero. 4. The system of claim 3 , wherein the first set of one or more values comprises a particular role attribute value indicating membership in a particular group, and the respective capability to enter the area is automatically granted to the particular communicant who is associated with the particular role attribute value. 5. The system of claim 3 , wherein the first set of one or more values comprises a particular role attribute value indicating membership in a particular group, and the automatically granting comprises automatically granting the respective capability to enter the area to the particular communicant without regard to membership in the particular group. 6. The system of claim 5 , wherein the automatically revoking comprises: responsive to a determination that occupancy in the virtual room by communicants who are not associated with the particular role attribute value is zero, automatically revoking the respective capability to enter the area from communicants who are not associated with the particular role attribute value. 7. The system of claim 2 , wherein the first set of one or more values defining the first state of the area comprises an occupancy value of zero, and the second set of one or more values defining the second state of the area comprises an occupancy value greater than zero. 8. The system of claim 1 , wherein the first set of one or more values comprises a particular value of a role attribute, and the automatically granting of the respective capability to enter the area is based on a particular one of the one or more communicants being associated with the particular value of the role attribute. 9. The system of claim 8 , wherein the automatically granting of the respective capability to enter the area is responsive to the particular communicant occupying the area. 10. The system of claim 9 , wherein the automatically revoking of the capability to enter the area is responsive to the particular communicant vacating the area. 11. The system of claim 9 , wherein the particular value of the role attribute is an owner of the area. 12. The system of claim 1 , wherein the first set of one or more values comprises a particular role attribute value, and the dynamically updating comprises automatically granting a respective capability to modify one or more attributes of the area to a particular communicant who is occupying the area and is not associated with the particular role attribute value; and further comprising allowing the particular communicant to modify the one or more attributes of the area conditioned on the particular communicant being present in the virtual room. 13. The system of claim 12 , wherein the allowing is further conditioned on a communicant who is associated with the particular role attribute value being present in the area during the allowing. 14. The system of claim 12 , wherein the particular role attribute value indicates ownership of the area. 15. The system of claim 12 , wherein the particular role attribute value indicates membership in a group that is associated with the area. 16. The system of claim 12 , wherein the allowing comprises allowing the particular communicant to modify the state of the area from a locked state to an unlocked state. 17. A non-transitory, computer readable medium that includes code that is executable by a computer system that operates in a network communication environment in which communicants operating respective client nodes connect to an area in which ones of the communicants are able to establish respective presences, wherein execution of the code by the computer system causes the computer system to perform operations comprising: executing an engine to manage capabilities on behalf of the communicants in the area, and provide for each communicant a respective capability ring that stores the communicant's persistent capabilities and transient capabilities that are granted as a result of applying capability rules to the communicant; monitoring states of the area, wherein the area is defined with a current state of the area, and the current state comprises an occupancy attribute that provides an indication of occupancy of the communicants in the area; dynamically updating the respective capability ring of the particular communicant based on changes in states of the communicants and the area, wherein the dynamically updating comprises based on a permissions check by the capabilities engine against the respective capability ring of the particular communicant, determining that the particular area is in a first state as defined by a first set of one or more values of the one or more attributes and automatically granting a respective transient capability to enter the particular area to the particular communicant, and based on a permissions check by the capabilities engine against the respective capability ring of the particular communicant, ascertaining that the particular area is in a second state as defined by a second set of one or more values of