Clarify 401 vs. 403

source.txt

@@ -281,11 +281,11 @@ Table of Contents
        * 414 if the request URI is too long,
        * 416 if Range requests are supported by the server and the Range
              request can not be satisfied,
-       * 401 for all requests that don't have a bearer token with
-             sufficient permissions,
-       * 403 for all requests that either have insufficient scope, e.g. 
-             accessing a <module> for which no scope was obtained, or accessing
-             data outside the user's <storage_root>,
+       * 401 for all requests that require a valid bearer token and
+             where no valid one was sent (see also [BEARER, section 3.1]),
+       * 403 for all requests that have insufficient scope, e.g.
+             accessing a <module> for which no scope was obtained, or
+             accessing data outside the user's <storage_root>,
        * 404 for all DELETE and GET requests to documents that do not
              exist on the storage,
        * 304 for a conditional GET request whose pre-condition