Any framing which helps one to reduce systematic risk is fine by me and fully agreed that authentication is discrete from authorization. My framing is set by the open source project I work on (https://openziti.github.io/) which allows anyone to embed zero trust networking into anything including an application with an SDK, this allows us to have zero trust in the network, be it internet/WAN, local or even the host OS network. This reduces a lot of the attack surface but you do have the trust the overlay control plane.