Yes, exactly those functions.
"allow_acces" can only return OK or Forbidden. Unauthorized is not possible with WSGI, as far as I saw from the mod_wsgi source.
I have no idea what the best solution will be.
Maybe we should live with different URLs for anonymous and for authorized access? Because this would work with WSGI.
Or should we use a reverse proxy, which is doing the authentication and permission checks!?
Any more ideas? ;)