Token Based Authentication and Authorization

Tokens can convey more information than caller id

Additional details can be used for authorization

A token may be valid, but not "powerful" enought to provide access

OAuth uses scopes, OpenID Connect adds claims