Lily,
I still think (b) is important for that is how OPES engine reinforce the
"authorization" principle that OPES would not modify the content unless the
content is either owned or reqested by the rule owner.
I believe this kind of reinforcement is not done on the rules, but
rather on the associated actions. We do not have to authorize whether
a certain RULE may be considered for certain messages, we rather have
to verify whether specific ACTIONS have been authorized for being
applied to certain messages. The question is whether this should be
handled by the rule language as well, or whether it would better be
kept separately.
Now, for performance reasons, we might still want to pre-select and
skip all rules that would result in non-authorized actions - and this
could be done, but my preference would be to keep this separate from
the "id" element.
-Markus