Cloned from launchpad blueprint https://blueprints.launchpad.net/swift/+spec/formpost-middleware-change.

Description:

The existing swift middleware has a formPOST filter that translates a browser form post into a regular Swift object PUT. The signature algorithm used is fixed to HMAC-SHA1 (RFC 2104). In other words, the formPOST filter can handle only HMAC-SHA1 signed URLs. This is limiting if the client wants to use a different signature alogrithm. Also, should swift decide to support multiple algorithms, the formPOST filter code has to change. This calls for a signature algorithm agnostic way to validate the signature

Further, validating the signature in the middleware itself requires storing the user specified secretKey with each Swift account. As the strength of the key depends on what the customer chooses, this increases the chances of compromising the secretKey. Its desirable to de-couple security from storage and delegate validation to keystone, which offers a reliable algorithm using accessKey/secretKey pair. This also provides flexibility in supporting more signature algorithms and efficiency as keystone is stood up by its own servers. Users could have a separate key pair for the formPOST for extra security.

Specification URL (additional information):

None