In Karaf we use plain jaas to do service authentication. So you can use the following code to access the subject and principals.
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
Set<Principal> principals = subject.getPrincipals();
In karaf 3 there is also built in role based access control for OSGi services. So you can define which roles may access which services.