ext-session-lock-v1 question

If I understand the description correctly, the client implementing the above protocol would have full, exclusive control over the device and generally needs to implement authentication.

Is this correct?

I ask because, quite frankly, I'd like to create a modern screensaver framework (there's still people who like that sort of eye candy) but avoid the shortcomings of previous implementations under X11.

Most other operating systems use the display manager as an exclusive lock screen. Something like a screensaver there would message the display manager to lock/unlock the session and then only retain an exclusive grab for as long as the display manager isn't in the foreground.

That would be preferable to having to re-implement the authentication inside the client and also ensures trustworthiness (people will be less confused to see SDDM's or GDM3's lock-screen pop up than they will be seeing their screensaver present them with a custom mask asking for their login information).