This will allow you to write code under a root node and have it permission checked via the HTTP authorization mechanism, so without the need to actually logging the user in? So you could provide a general mechanism like "/hxo/$object_id", which needs http authentication and will return the object (e.g. as XML) if the user has read permission for it?
I don't see a problem putting this in HEAD maybe along with a simple implementation (it is always nice to be able to grep the ACS source code to see how a procedure is actually used).
