I was looking for something like "Ticketing takes care of the authentication. You still need authorization on the ticketed document in order for it to open. Authorization can be granted explicitly on the document through the QEMC, or set during publishing. There still needs to be a CAL in order for the user to access the document. CAL and authorization information are contained in an XML file that sits parallel to the document. This can be updated during dynamic CAL assignment, or by modifiying authorization in the XML file through external code."
If you are not sure what the question was, why did you try to answer it?