Shouldn't it say "Allow" instead of "OK" ?
No.
If there was a menu "Allow access to address book", then the intended user action would be "Allow", and the buttons should be "Allow" and "Cancel". But that isn't the case here. The intended user action is something completely different, but the application needs access to the address book. Since the intended user action is not "Allow", the button must be just "Ok". And "Cancel" is not appropriate for the other button, because asking to perform an action and then cancelling has _no_ effect, while pressing "Don't Allow" disallows access permanently, so it has much more effect than just cancelling.
So the correct choice is "Don't Allow" and "Ok".
I like the idea, but I think maybe it should be a bit more like this.
(I'm no professional photoshop guru, so please be forgiving)
Image showing "Always Allow", "Deny", "Allow"
No, it shouldn't. It doesn't make any sense to give Adium access to my Address Book on a case-by-case basis, especially since I don't know what the access is used for, so there would be no reason to decide differently at different times. What conceivable reason would there be to give permission in one case and not in another case? So there should only be a button that gives permanent permission, and one that removes permission permanently.
While this is a sensible restriction, it is actually very hard to enforce at the operating system level. Once the app has the contact, how do I tell what it does with it? It can encode it in a different format, compress and encrypt the raw data at will. Anything I do as the OS vendor can be overcome in one way or another. Once the app can read the data, it's game over. So my best option is to make it possible to let the user decide if the app should get the data in the first place.
There is another possibility which would be quite a lot of work. Example: In my program, the user can choose an email address from the address book, and a message is sent to that user. My program therefore has access to that email address. The "workaround" would be that my program prepares an email-message, and Apple provides a function that lets the user add the email address from the address book and send the email, without my program ever knowing the email address. Or the OS encrypts email addresses from my address book before giving them to the application, and has a function to send an email to an encrypted email address.