JSON Web Key Set — the public keys an entity publishes so others can verify its signatures and encrypt to it. Each SADAR entity exposes a JWKS endpoint; keys rotate there without republishing any manifest.