Comment 3 for bug 631619

The client (software-center) would have to request the privilege from PolicyKit (aptdaemon.policykit1.check_authorization_by_name), since the daemon doesn't know if you want to purchase software or only wan to enable a repository. The granted privileges are cached for several minutes. If the daemon sees that the install-from-new-source or install-purchased privillege has been already granted it justs starts the transaction silently. So you (or software-center) can choose which privilege should be used.

A generic install-from-new-source privilege could be a better alternative to our current one-auth patch to cover adding and iinstalling from e.g PPAs using an apturl.

Moreover I would also accept an additional install-purchased-software privilege upstream.