Enforcing access control policies in Information-Centric Networking (ICN) is difficult due to there being multiple copies of contents in various network locations. Traditional Access Control List (ACL)-based schemes are ill-suited for ICN, because all potential content distribution servers should have an identical access control policy or they should contact a centralized ACL server whenever their contents are accessed by consumers. To address these problems, we propose a distributed capability access control scheme for ICN. The proposed scheme is composed of an internal capability and an external capability. The former is included in the content and the latter is added to a request message sent from the consumer. The content distribution servers can validate the access right of the consumer through the internal and external capabilities without contacting access control policies. The proposed model also enhances the privacy of consumers by keeping the content name and consumer identification anonymous. The performance analysis and implementation show that the proposed scheme is feasible and more efficient than other access control schemes.