Glossary
DSL, domain-specific language
A domain-specific language (DSL) is a computer language that is particularly specialized for a programming domain, such as HTTP is the DSL for web pages.
Helm (Kubernetes)
Helm is a popular package manager for Kubernetes (Greek for helmsman). Helm packages are called charts and contain all of the resource definitions necessary to run an application or service inside of a Kubernetes cluster.
identity provider, IDP
An identity provider is a service that maintains and manages identity information. Airlock IAM is the recommended IDP for other components of the Airlock Secure Access Hub.
JWKS
JWK is a JSON representation of cryptographic keys widely used in the context of JWT. A set of such keys is known as JWKS, a JSON Web Key Set. JWKS is also the format used by the gateway to configure verification of access tokens.
When a JSON Web Key Set provider is configured to be used in a mapping, the keys in the set will be consulted when trying to verify a JWS or when decrypting a JWE.
Since there are potentially multiple JWKS and multiple keys per key set, reducing the number of processed keys by filtering is recommended. By doing so, only a selection of keys is processed for the verification or decryption of the given token instead of all available keys.
  • The gateway uses a 2-stage filtering process to reduce the number of processed keys:
  • Stage 1 – JWKS are filtered by their Issuer information.
  • Stage 2 – The individual keys of the selected JWKS are finally filtered according to their key properties.
JWT
JSON Web Token (JWT) is an open standard. The (IETF) RFC 7519 - JSON Web Token (JWT) standard defines a compact and self-contained way of securely transmitting information between parties as a JSON object.
  • JWT's are typically digitally signed, either using a secret with HMAC algorithm or preferably with public and private key pair (i.e., RSA or ECDSA). Using a public/private key pair ensures that only the party holding the private key is the one that signed it.
  • JWTs can also be encrypted to hide claims from other parties.
Kubernetes, K8s
Kubernetes (K8s) is an open-source platform for managing containerized applications.
OpenShift
OpenShift is the Red Hat containerization software build to manage, build and deploy containers based upon the Kubernetes platform.
Prometheus
Prometheus is a popular open-source system monitoring and alerting toolkit. It features time series-based real-time event and alert monitoring.