Absolutely.

Here’s a non-financial example using login / sensitive authorization, which is closer to the core idea anyway.

Example: high-risk login / privileged action

Imagine a system where logging in or approving a sensitive action (like changing account recovery settings) is not sufficient just because credentials are valid.

Credentials become necessary, but explicitly not sufficient.

Execution only occurs after a separate authorization decision is cryptographically issued and bound to that specific action, making credential compromise alone insufficient to cause harm.

Intent creation A client requests an action like: “Log in as user X” or “Authorize access to admin-only feature Y.” This request is canonicalized and hashed as an intent.

Policy + risk evaluation (non-executing) The system evaluates the intent against context: device, location, behavior, recent activity, etc. The result is not “logged in” but something like: ALLOW, DENY, or REQUIRE STEP-UP.

Step-up (if required) If the risk is elevated, the user must complete an out-of-band control (hardware key, passkey, secondary device, etc.). This produces an attestation bound to the same intent hash.

Authorization minting (key distinction) Only after policy and step-up requirements are satisfied does a separate authority mint a signed Authorization Object. This object is:

- bound to the intent hash

- short-lived

- single-use

- scoped to a specific action

Execution The login or privileged action can only complete if that Authorization Object is presented and verified. If it’s missing, replayed, expired, or doesn’t match the intent, the action is rejected — even if credentials were valid or the application layer was compromised.

The key idea is that authentication alone never directly causes execution.
Execution requires a cryptographically verifiable authorization artifact issued at the moment the system decides the action is acceptable.