The practical applications for such a structure are aimed mainly at organizations robust enough to employ Active Directory that require this sort of tailored access by law or by their own culture.  Some laws in place that would necessitate such control and auditing capability include healthcare companies complying with HIPAA or any of your big corporations unfortunate enough to be governed under Sarbanes-Oxley. 

The extensibility of the solution means that it offers much more than your 'run of the mill' page level, role based permissions governance.  It is conceivable that any resource that can be ID'd and whose access to can be intercepted and checked for compliance could fall under the purview of such a system.  To place it in technical terms I see the types of resources being governed by this object including:

• Any type of Data Source be it a DB down to stored procedures by wiring into the DAL or BLL, even defining the slice of data allowed.  A 'Data Source Owner' could delegate slices of data access to their resource by choosing Users allowed to access it and something akin to a WHERE clause injected into the data request. This could divvy up pieces of Key Performance Indicators for instance allowing a general KPI to be extended and personalized.
• Web Pages of course, but also the smaller components that make up the modern RIA such as User Controls, Web Parts and the like.  As long as you checked for permissions any point prior to PreRender, server output could be refined or stopped completely, and that could be for different parts of one page.  To use the KPI example, numerous graphs and tools could appear on a page, owned by a department or branch head, and be accessible to their underlings, but when they accessed his dashboard, they would have access only to the tools/reports the Owner granted them access to.
• In line with data sources would be access to accounts, patients, or any other client entity or specific data associated with an entity.  The ability to assign these entities to an individual is not what is uniquely useful to this structure but the self directed, self managed nature of delegating access that can be changed on the fly and by the user is.  For Healthcare professionals, a physician could be considered the Owner of a patient's data.  He could then delegate certain pieces of patient data or the ability to change patient data to individual users or groups, possibly granting write access for Demographics to the CheckIn Nurse Group.

Finally, if you've gotten this far, I would appreciate any comments you might have.  
You can download the source files for this series on my downloads page.