while JackrabbitAccessControlManager supports editing policies by principals since quite some time, available set of access control policies didn't provide a variant that was naturally bound to a given principal. the attached patch would introduce an extension of AccessControlList that was actually bound to a principal.
Alex Deparvu, i would appreciate if you had time to take a look at the proposed extension. anything missing in terms of contract? does it make sense?