The thought was that the PolicyKit widget may be a structured way of asking a user to run normally-privileged operations such as 'stap-authorize-*-cert', should his stap-client talk to a remote server for the first time. Basically a graphical sudo.