write first document on both approaches

trust/overview.ty

@@ -0,0 +1,27 @@
+= Approaches for System Condition Evaluation
+
+The physics-based activity detection system select a label for each measurement in the time series.
+From this array of labels, there are multiple approaches to evaluate if the system is performing as expected or not.
+Each approach result in a different intermediate data format (from the detection system to the trust model) and represent a different interpretation of the detection.
+Selecting one approache is a core design choice for the complete system.
+
+Both approaches are simmilar and each could be expressed with the other.
+However they differ in the format of the output.
+This outputformat may influence how the trust model ingest the new results and how the time series are submitted for state detection.
+== Approach 1. Compliance to Security Policies 
+
+#figure(image("images/a1.svg", width:100%),caption: "Data pipeline of the first approache.")
+
+With the security policy approach, each power measurement receives a label corresponding to the compliance of the system to pre-defined security policies.
+The label is ternary with 
+- 1 = Policies Respected 
+- 0 = Not all Policies Respected
+- -1 = Unsure 
+
+== Approach 2. Presence of Specific Patterns
+
+#figure(image("images/a2.svg", width:100%),caption: "Data pipeline of the second approache.")
+
+The second approach generates a single label for a complete time series based on the presence of a specific pattern.
+The selected pattern could be representative of a known anomalous state.
+This approache is similar to the first one as it also look for a state in the time serie (the presence of the pattern could be described as a security policy) but differs by the decision algorithm that could take into account large portions of unknown to decide on an unknown output (-1).