Since I think the general consensus here is that it would be good to have a general security mechanism for OSGi services I have created a JIRA for that (KARAF-2455) and noted that role-based security for the commands can be built on top of this (KARAF-2442).
Cheers, David
