This is very closely related to how seL4 [0] allows delegating (subsets of) a processes own capabilities. The difference would be that this Windows kernel code isn't formally verified to uphold it's security model to a level where send-only capabilities are proven data-diodes (i.e., the sel4_Send() syscall blocks (potentially indefinitely), and it's sel4_NBSend() silently drops the message if the receiver isn't already waiting) a success/failure indication), whereas seL4 comes with extensive proofs.