https://notes.karlmcguinness.com/tags/rar/Recent content in RAR on Control Plane by Karl McGuinnessHugoen-uspublic@karlmcguinness.com (Karl McGuinness)public@karlmcguinness.com (Karl McGuinness)Tue, 02 Jun 2026 10:00:00 -0700https://notes.karlmcguinness.com/notes/least-privilege-mcp-tool-calls/Tue, 02 Jun 2026 10:00:00 -0700public@karlmcguinness.com (Karl McGuinness)https://notes.karlmcguinness.com/notes/least-privilege-mcp-tool-calls/Least-privilege MCP has two natural authorization paths: token-side FGA with PRM, RAR, and RAR-type metadata, or resource-side FGA with the MCP server as PEP and AuthZEN as PDP. The token-side path gives the client portable authority but forces each AS to understand resource-domain semantics. The resource-side path keeps domain knowledge at the MCP server but fragments approvals and audit across PDPs. Both need a durable task object. A Mission lets the originating AS own the user-approved task while each Resource Server enforces with its own domain knowledge.