This was one of the question that I had when I added the AUTHZ_* status types. I couldn't decide whether AUTHZ_DECLINED made sense or AUTHZ_DENIED. To me AUTHZ_DENIED means no matter what, that we are done checking and authorization is denied. While AUTH_DECLINED means that the provider checked and it can't authorize the user so continue down the list to see if something else can.
Perhaps 'AUTH_NEGATIVE'? That implies that the authorisation check gave a negative answer, and the reason for it (unable to authorise because this user can't be authorised with this provider, or the provider said 'no, this user isn't authorised', or...) is irrelevant.
Joost
