Least-Privilege MCP Tool Calls

A two-part series on least-privilege MCP tool calls: when to carry narrow authority in a token, when to decide at the resource, how AuthZEN, COAZ, ARAP, and MCP proposals close the per-call gaps, and why the remaining problem is the missing task object.