Cross-system financial transactions increasingly require policy enforcement that is portable, tamper-evident, and verifiable across organizational and jurisdictional boundaries. Existing authorization frameworks, including OAuth 2.0, attribute-based access control (ABAC), and smart contract-based approaches, address policy enforcement within single trust domains but lack mechanisms for binding policy to transaction context across heterogeneous systems. This working paper introduces the SPT-Txn (Sovereign Policy Token Transaction) Framework, a token-based architecture for transaction-scoped policy enforcement. The framework defines a hierarchy of cryptographically bound token primitives, Capability Acquisition Tokens (CATs), Capability Tokens, and runtime transaction tokens, governed by a format-agnostic Token-Based Access Control (TBAC) engine. Token serialization supports JWT, SD-JWT, and Biscuit formats, with CWT for agent-to-agent contexts. Privacy properties are achieved through zero-knowledge credential binding, while cross-system interoperability is addressed through a multi-chain deployment model. The framework is developed in conjunction with an IETF Internet-Draft (draft-coetzee-oauth-spt-txn-tokens-00) and is evaluated against the regulatory requirements of MiCA, DORA, VARA, the GENIUS Act, and the FATF Travel Rule. Security considerations address token binding, replay prevention, and key management across deployment tiers.
Rudolf Jacobus Coetzee (Mon,) studied this question.