The solution

With PolicyKit this problem is solved. The application in question just need to separate the privileged code into another application, often called helper (which will not have a GUI), then maps the desired actions into a .policy file. PolicyKit then loads this file and it can now authenticate applications to use those actions. The use of D-Bus activated applications is the best if not the only, way of putting an helper application to run with root privileges.

With this design the GUI application calls an action of the helper application through D-Bus, which will start the helper with root privileges, and informing it which action was requested and which application has requested it. The helper application now calls the PolicyKit agent to see if that application can do the given task, the helper should report if it could do the requested action. In case the helper saw that the application didn't have enough rights the GUI will then need to ask PolicyKit to obtain an authorization.

When PolicyKit receives the request to obtain an authorization it issues an available Agent, which might happen to be PolicyKit-kde if available. After a successful authentication the GUI application needs to call the helper repeating the same operation again.