Five features are mostly Zope 3 features, though Five has some extras, and some limitations.
Everything from the zope.interface package works. Zope 3 interfaces are the foundation of the component architecture, and also the foundation of schemas.
ZCML is the Zope Configuration Markup Language, an XML application. Zope 3 (and Five) code consists of a lot of components that can be plugged together using ZCML.
If you put a site.zcml in the home directory of your Zope instance, this is the root of the ZCML tree. An example of site.zcml is in site.zcml.in. If you don't place a site.zcml, Five falls back on fallback.zcml.
ZCML in Five has special directive, five:loadProducts, to load the ZCML (meta.zcml, configure.zcml) of all installed Zope 2 products, if available.
Another special directive, five:loadProductsOverrides is available to load any overriding ZCML (overrides.zcml) in these products. In the overrides.zcml you can override existing views or adapters, in this or in other products.
You can use adapters in Five, just like in Zope 3.
Zope 3 views work in Five, including layers and skins. To make them work however, you need to make a Zope 2 class "traversable". This can be done by using the five:traversable directive in ZCML.
Five before release 0.3 used to use Zope 3's page template engine, but in the interests of increased compatibility with Zope 2, we've switched to using Zope 2's. There should be no real difference to any code, however. We may decide to switch back to Zope 3's engine again eventually if we can resolve the compatibility issues.
One thing to be aware of is that the page template engine runs completely in trusted mode, just like Python code. That is, as soon as the page template engine is running, no Zope 2 or Zope 3 security checks are made.
Five supports edit and add forms. Typical Zope 3 examples of these should work.
Five aims to eradicate declareProtected, ClassSecurityInfo and initializeClass from your Zope 2 code.
In order to do this, Five provides the Zope 3 way of declaring permissions from ZCML, but uses the Zope 2 mechanisms to actually set them. To declare permissions for methods and templates on views you use the permission attribute on the browser:page directive, and specify a Zope 2 permission (given a Zope 3 name). You can find a list of these permissions in permissions.zcml in Five. The permission check takes place before the view is executed.
The content directive can also be used to declare permissions on Zope 2 content classes. Note however that these permissions will be ignored by views anyway, as they are trusted -- it only serves to protect directly exposed methods on content classes (the python scripts and the ZPublisher).
Five supports the concept of a local sites and local site managers. See localsite.txt for more information.
Five supports sending Zope 3 object events when objects are added, moved, renamed, copied and deleted. The use of manage_afterAdd & co methods is deprecated.