In z/OS 2.4 RACF introduced a “new” assertion mechanism, the JSON Web Token also known as an Identity Token. Identity Tokens can be used to generate and validate distributed users who have a valid RACF user ID.
Reference
“Activating and using the IDTA parameter” in RACROUTE REQUEST=VERIFY in the IBM z/OS Security Server RACROUTE Macro Reference manual.