An access token that captures the security information of a client process, allowing a service to "impersonate" the client process in security operations.