ABAC/Capability and very granular policies for both actions and actions on behalf of others with the right sort of resource-based policies as well. And the apps need to be capability constrained and sandboxed.

Gonna be a hard nut to crack to implement this across the supply chain.

Transitive dependencies are a bitch.