Signed Authentication and Authorization

Openstack Keystone currently operates on-line validation for Tokens.  Once a token is issued out,  each of the systems presented with the token has to check the validity of the token with the Keystone server.  This makes Keystone the highest traffic service in an Openstack deployment.  Using Cryptographic Message Syntax (CMS) we can generated a token that can be verified using public key cryptography instead of making a network call.  Here’s a proof-of-concept example using the command line tools.

Continue reading