Keystone Tokens make use of PKI and the Crytpo Messaging Syntax to sign tokens. If the same mechanism were available in Osl Messaging, writers to a topic could be unmistakably identified, defending against several forms of attacks. The most pressing would be a Hypervisor compromise where malicious data could then be posted to the Schedulers.
In order to use PKI efficiently, each signed message needs to identify which certificate was used to sign it. While the certificate could be embedded in the message itself, that will greatly increase message traffic. Instead, the Messaging infrastructure needs a central registry for Certificate publication. Fetching a certificate from a registry provides no lessening of cryptographic certainty over the message signer's identity, and provides a huge scalability benefit.
