The correct answer is PKI. In OpenStack Keystone, PKI (Public Key Infrastructure) tokens are cryptographically signed and specifically rely on a public/private key pair. Official OpenStack Keystone documentation states that PKI tokens are signed documents and that the Identity service uses public/private key pairs and certificates to create and validate them. It also explains that PKI and PKIZ tokens can be verified offline using Keystone’s public signing key, which directly matches the wording in the question about signing and verification.
By contrast, UUID tokens are simple persisted identifiers and do not inherently depend on public/private key signing. Fernet tokens are also a Keystone token format, but they are based on symmetric cryptography and shared key repositories rather than a public/private key pair. OpenStack documentation explicitly distinguishes Fernet and UUID from the deprecated PKI token mechanism. Therefore, among the listed options, the authentication method that uses a pair of private and public keys is clearly PKI. This aligns with standard OpenStack identity-service architecture and is consistent with Huawei Cloud Stack training topics that build on Keystone authentication concepts.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit