Describing "Zero Trust" as a misnomer when it's a reference to placing no inherent trust in the client seems misleading. Yes, you have to place trust in whatever makes the trust decision, whether that's you or a third party. And you also have to place trust in whoever is providing device or user identity in the first place. There are certainly techniques you can apply that mean that accessing a service only provides that service with "this user legitimately has access to this resource" rather than any information about the specific user, but someone has still had to make the determination that that user is trustworthy, and they need to have held information about that user to make that determination.