Many changes, including: * Implementation of a firewall like role definition language for enhancing accROLE (firerole) * Implementation of collect_user_info for collecting every info around a user * Initial deployment to every web interface of Invenio of the enhanced access_control_engine (based on firerole) * new code cached caching generic SQL query (including garbage collector) -> new variable in config.py CFG_MAX_CACHED_QUERIES (maybe to be moved elsewhere?) * addedd 2 new fields in accROLE table for hosting textual and compiled firerole definition * various random cleaning of comments and spaces *** dropping of apache password support in favour of generic firerole(regression tests updated to new system) * restricted collection migrated to acc_authentication (new action 'accrestrcoll' with argument 'collection') * bibformat/websubmit migrated with some tricks to firerole * documentation for firerole * cleaned conflicts between marshal/cPickle everywhere * new abstract object for generic queries (for now used only by the new resticted_collection system, code is ready but not used for the other Invenio caches) * dropped check for producing the links for administration in the upper-right corner, needed to resolv circular import and avoid bad tricks * enhanced webaccessadmin cli to use regular authorization system, and to compile all the firerole definitions if needed * enhanced webaccess role interface to modify role (and to set/update firerole definitions) * cleaned access_control_config to be ready for CERN (with/without SSO) * some fix for SSO plugin (now it import nickname for new user, too)