Comment 5 for bug 920386

Some keystone cert related comments.

A glance client who accesses a https keystone server to get a token
should be able to specify a "CA" file argument to confirm the CS/keystone
server's id. This would be change #4.
(Is this also the case for swift/nova?)

A glance server (when acting as a keystone client) should similarly be able
to specify a keystone "CA" file config option to verify the keystone server's
id. change #5.

In addition a glance server should be able to specify a keystone
client-side cert and key, these would be used when generating the SSL
connection to verify an existing token, and allow the keystone server
to validate the glance server/keystone client. change #6.