The concept is that on a given "object" (say, a file), you have access permissions which detail who can access the object and under which conditions. The owner is an optimization: usually, among all the users who have permissions for a given object, one of them should have "all the permissions" and be generally considered as responsible for this object.
On Unix systems, traditionally, permissions on file are read, write and execute, and can be granted to three categories of users: the owner (a specific user), the group (each file is marked as being part of a group), and everybody else. This is a system which is not very granular, in that you can single out only a single user; rights for other users will be allocated on a group basis (at least). On modern versions of Unix, there are Access Control Lists which give much more flexibility, in a way similar to what is used in Windows. With ACL, or on Windows, any notion of "owner" is mostly an historical residue. On Windows, the "owner" of a file is any one of the users (or groups) who has "full control" rights on the file, but its purpose is mostly backward compatibility with code which predates ACL.
To sum up, ACL are sufficient for security and ownership is not required, but it often sticks around for interoperability with older code which does not know what an ACL is, but fiddles with "owner identities".