If I understood what I read. 

This is an authentication layer for the websocket subscription filter?

So for example, instead of giving everyone access to pull DMs, you only serve the DMs to their owners after they prove they are the owners.

That’s nice. Any downsides to this?