There is JWT — https://jwt.io/, but it’s only top level framework, living a lot of questions unanswered. Amazon has it’s own — http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html. Our idea is to build more generic one for REST services on top of JSON Schema (http://json-schema.org/) and convention representation of HTTP request and context as JSON. Could you formulate the list of requirements and features you want? We will publish our progress.