limiting updates

I'm pushing the config and custom roles (was 2.0.10) back to 2.0.11, as I think I've finally figured out a simple way of limiting write access. The (new) 2.0.10 spec simply defines a restrict header in DescriptorUnits which names the role required to update Topics which use that DescriptorUnit.

Now why did it take me so long to come up with this?

http://www.compstrm.org/wiki/uuid/TTsWzQipFgyV9bJv92bgwenX