With Eclipse Biscuit, you can:

• allow decentralized verification through public key cryptography
• allow offline attenuation where, from each token, a new one with narrower rights can be generated

This is another authorisation token scheme. It's similar in some ways to UCANs, but looks a lot easier to integrate.