Terms and definitions

tenant
(Airlock Gateway)

Data owner concept where a user of the Airlock Gateway is limited to tenancy-typical actions and data access. Basically this means that users with tenant rights are isolated from other tenant-users on the Airlock Gateway.

model trainer

The Airlock Anomaly Shield model trainer is a CLI application that allows an administrator to train machine learning models with session metrics from collected ColdDB data. The trained models are then used by the Anomaly Shield service to evaluate future sessions.

The model trainer allows the selected data to be optionally constrained by defining an application or time range.

JWKS

JWK is a JSON representation of cryptographic keys widely used in the context of JWT. A set of such keys is known as JWKS, a JSON Web Key Set. JWKS is also the format used by the gateway to configure verification of access tokens.

When a JSON Web Key Set provider is configured to be used in a mapping, the keys in the set will be consulted when trying to verify a JWS or when decrypting a JWE.

Since there are potentially multiple JWKS and multiple keys per key set, reducing the number of processed keys by filtering is recommended. By doing so, only a selection of keys is processed for the verification or decryption of the given token instead of all available keys.

  • The gateway uses a 2-stage filtering process to reduce the number of processed keys:
  • Stage 1 – JWKS are filtered by their Issuer information.
  • Stage 2 – The individual keys of the selected JWKS are finally filtered according to their key properties.