This sounds like playing with fire.
Why does the ISP need rules. They can insert rules
for the client customer (at the customer's request)
I do not think an IMRL mechanism is needed for that, its
ISP only inserts rules as a delegate!
That's exactly the point and I hope my previous email helped
clarifying this. Clients or content providers can delegate authority
to ISPs (e.g. through administrative/policy), so that ISPs can
author/insert rules ON BEHALF of them. The "class" attribute indicates
from whom the authorization came - either content provider or client.
The "name" and "id" element indicate who authored or inserted the