Besides a cool buzzword, what could an authentication token for the cloud possibly be? 
 
Well, since human users mostly interact with cloud services through the "Universal Client", the Internet browser, this probably means that such a token scheme must be integrated with the browser in some way, right? 
 
Because tokens are supposed to be secure, there should be a way to maintain token integrity even in the harsh open Internet environment; otherwise we may better stick to passwords forever! 
 
Finally, we can't ignore that Mobile Phones have become the shortest path to the Internet. 
 
Here follows a short list of what I see as desirable properties for a token scheme that could work for everything from bloggers to the NSA:

• Browser interface for Issuing, Managing, and Using tokens
• Supporting PKI, OTP, Information Cards, etc.
• VSDs (Virtual Security Domains) enabling independent issuers securely Sharing a token container
• Transaction Based Operation and E2ES (End To End Security) making on-line personalization of tokens Technically as secure and robust as traditional smart card production in a "bunker"
• Unified system for enhanced smart cards and mobile phones with embedded security hardware
• PEP (Privacy Enabled Provisioning) option to suite usage with any provider
• Building on Standards including XML Schema, XML Security, NIST SP800-56A, and NSA Suite B