Finalise comparison of trust evaluation approaches and recommendation

[NicolasLiampotis]

The informational document on Establishing trust between OAuth2 proxies [AARC-I058] includes a comparison of different trust evaluation approaches.

We need to finalise the set of metrics for comparing the different trust evaluation approaches. We currently have:

• Client authentication methods (Client authN): The client authentication methods supported.
• Performance: lookup time, overhead?
• Federation policies
• Standards: The standards supported (e.g. OID-Fed, OIDC-Discovery etc)
• Scalability (scales with number of): How well it handles a growing number of entities such trust authorities, federation hierarchy levels

We should also provide clear reasoning for any recommendations regarding preferred trust evaluation approaches by explaining how the chosen metrics and their weighting factors influence the recommendations.

Additional Notes: Use appropriate table format to present the comparison of different approaches across the defined metrics.

[dianagudu]

Scalability as a metric has been removed, since it was hard to define concisely. A discussion of scalability considerations should be added to the "Recommendations" section, e.g. whether the approaches are able to handle complex hierarchical federations.