HI Murch,
Thanks for taking time to read my idea and respond. To answer your question regarding the authorization chain it works like this. At wallet setup, you build a Lamport chain which is a sequence of hashes rooted in your master secret. Imaginine hashing your secret to get value #1, then hashing the result of that to get value #2, and so on until you hit 50,000. You keep all of the values private except for value number 50,000 which you publish on chain. Now to verify your Winternitz public key upload you reveal value 49,999, the blockchain checks does value 49,999 hash to get 50,000. If it does then your Winternitz public key upload is authenticated. The Winternitz public key is only valid to sign one message, then its retired forever.
Also, yes there is a detailed security essay along with a bitcoin proposal outline that explain exactly how this works and fits into the existing Tapscript framework.
Security essay: block_opuslux.ar.io/#/essay
Bitcoin outline: block_opuslux.ar.io/#/bitcoin-proposal
Please let me know if you have any other questions or want to know more! I am happy to explain this in as much detail as you want. Thanks again for taking the time to read my ideas and respond!