currently, the only way the protocol acknowledges valid auth, sort of, is by an OK/CLOSED message (EVENT and REQ, respectively) with an errror. the ack should include a human readable part of the response that indicates, eg "authed to read/write; role name X of policy https://relay.url/policy.md%22
