Access control where permissions are cryptographically certified and must be validated before execution, not just during planning.