I have also been working on Object Ownership and the userfolder app. In the userfolder app there is an added method named 'store'. This method allows you to identify a unique or shared table that is different that the default used for that specific object instance.
In the user table there are two indices one called PID (parent identifier) the other OID (object identifier). PID signifies parent id. One user may be a child of another user made so by the relational pid. The OID signifies the userfolder Object instance that the user belongs inside. The oid is a relational key from the main objects table id integer of that specific userfolder object instance.
In regards to object ownership there can only be one owner per object which is based on the user who edited or created said Object. a Objects capabilites are limited to the users access permissions. Therefore, if a user cannot addFiles to a folder object he created but then another user who does have those writes edits his folder or takes ownership of the folder then that user would be able to then addFiles to that folder object.
The control panels access can never be overwritten. The master of a PHPortal instance is the user id =1 which also cannot be deleted. The control panel methods cannot change ownership either.
The 'take ownership' (of objects) method is only available to those users who acquire that permission based on the master's settings for his local user roles.