It depends how you match your pages in the pipeline. Authentication fw
(both action and flow based) allows you to protect for example a
single match element:
map:match pattern=protectedresource
map:act type=auth-protect
map:parameter name=handler value=portalhandler/
map:generate
Our site is very data driven. Because we didn't think it mattered, and it
was simple, we designed it so the same pipeline is used for all pages (with
a few exceptions). So the sitemap currenlty doesn't know and doesn't care
whats public and private. The database contriols what pages are public