Obfuscation technique that substitutes sensitive values with tokens and keeps a reversible mapping so authorized users/services can recover the original. Considered but rejected in the talk's case study: nicer than encryption for display but still not realistic enough for BI, staging and UX workflows.