Clarify Terminology: Trust Anchors vs. Trust Authorities

[NicolasLiampotis]

The information document on Establishing trust between OAuth 2 proxies [AARC-I058] currently uses "Trust Authority" which seems interchangeable with "Trust Anchor" from the OpenID Federation specification [OID-Fed]. However, there's a distinction between these roles in the context of [OID-Fed]:

• Trust Anchor: The root of trust in the federation.
• Intermediate Entity: An entity within the trust chain that issues statements about subordinate entities (other intermediate entities or leaf entities).

There are two options to address this terminology inconsistency in AARC-I058:

1. Align with current OID-Fed Terminology: Revise AARC-I058 to use "Trust Anchor" and "Intermediate Entity" consistently
2. Add "Trust Authority" definition: Extend Section 1.2 with new term. We could also consider proposing the new term upstream. There is a definition of "Trust Authority" in https://www.rfc-editor.org/rfc/rfc5217.txt:

"Trust Authority: An entity that manages a Trust List for use by one or more relying parties."

[baszoetekouw]

Discussed in the Architecture Meeting this afternoon; decoded to add the defintion of "Trust Authority" to the document and make clear that it should not confused with the OIDC "Trust Anchor" (although the implementation of a Trust Authority might be an OIDC Trust Anchor).

[NicolasLiampotis]

Added Trust Authority definition to the terms section

[dianagudu]

Re-opening the issue because it is still unclear what the difference between Trust Anchor and Trust Authority is.