This would allow a service to query whether the application is allowed to use it, for example, Geoclue could ask the user whether the application is allowed to query the computer's location.
The authorisation needs to be per-application, and needs to be removable (eg. remove the remembered authorisations for that specific auth for all the applications).
The auth_ack_keep should also ask the user whether they want to keep the authorisation.
[ ] Don't ask me again
in the dialogue.