update trust story; defs

Signed-off-by: Darrell O'Donnell <[email protected]>

spec/foreword.md

@@ -22,14 +22,20 @@ List significant changes (non-normative):
 
 ### On Trust, Trustworthy, and Trustworthiness
 
-The terms [[ref:trust]], [[ref: trustworthy]], and [[ref: trustworthiness]] are loaded with varied meanings that often conflict. In the context of [[ref:trust registries]] we need to establish the scope of what we are talking about when we apply these terms to trust registires. There are baseline definitions that follow this limiting scope. 
+The terms [[ref:trust]] is loaded with varied meanings that often conflict. In the context of [[ref:trust registries]] we need to establish the scope of what we are talking about when we apply the term "trust" to trust registires. There are baseline definitions that follow this limiting scope. 
 
-A trust registry does not create trust. The decision for one entity to "trust" another is their decision. A trust registry may provide information that helps the consuming party (TODO: ref "consuming party" - find better term) in deciding that an entity is "trustworthy" (ie.. they are worthy of trust). 
+A trust registry does not create trust. The decision for one entity to "trust" another is their decision. A trust registry may provide information that helps the *consuming party*  in deciding that an entity is [[ref: trustworthy]]. 
+
+::: todo 
+  define term "*consuming party*" - OR find better term and capture definition.
+:::
 
 The results on a [[ref: trust decision]] based on input from a trust registry may range from:
-* immedidate decision that the entity meets or cannot meet the full requirement of the [[ref:trust relationship]]; or
+* immediate decision that the entity meets or cannot meet the full requirement of the [[ref:trust relationship]]; or
 * further input is required before trust decision can be made. 
 
+These decisions relate to a determination that a relationship is (or is not) sufficiently [[ref: trustworthy]] to establish a [[ref: trust relationship]]. To reach that determination, each party may have its own way of determining the [[ref: trustworthiness]] of their counterparty for the [[ref: trust relationship]] that they require.
+
 The following terms are presented to help create a general understanding and may be only indirectly related to trust registry efforts:
 
 [[def: trust]]

spec/terms_and_definitions.md

@@ -17,6 +17,14 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
 [[def: assurance levels]]
 ~ TODO: 
 
+[[def: authentication]] (copied from ToIP Glossary)
+~ Verifying the identity of a user, process, or device, often  as a prerequisite to allowing access to resources in an information system. source: [NIST Special Publication 800-39](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf)
+
+[[def: authenticity]] (copied from ToIP Glossary)
+~ The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. source: [NIST Special Publication 800-39](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf)
+
+
+
 [[def: authorization]]
 ~ Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity.
 * source: [NIST](https://csrc.nist.gov/glossary/term/permission) NIST SP 800-57 Part 2 Rev.1 under Authorization
@@ -51,10 +59,13 @@ https://github.com/trustoverip/tswg-trust-registry-protocol/issues/6
 [[def:secondary trust registry, secondary trust registries]]
 ~ TODO: 
 
+[[def: trust decision]]
+~ A decision that a party needs to make about whether to engage in a specific interaction or transaction with another entity that involves real or perceived risks. source: [ToIP Glossary](https://docs.google.com/document/d/1fZByfuSOwszDRkE7ARQLeElSYmVznoOyJK4sxRvJpyM/edit#heading=h.m8c86ccqis9r)
+
 [[def: trust list]]
 ~ A one-dimensional trust graph in which an authoritative source publishes a list of entities that are trusted in a specific trust context. A trust list can be considered a simplified form of a trust registry.
 
-[[def: trust registry]] 
+[[def: trust registry, trust registries]] 
 ~ A registry that serves as an **authoritative source** for **trust graphs** or other **governed information** describing one or more **trust communities**. A trust registry is typically **authorized** by a **governance framework**.  See also: trust list
 
 [[def: trusted party]]