Comment 10 for bug 1566416

Sorry, I should have clarified: there is no nonce; the string that is signed is derived entirely from the client's request and credentials. A timestamp will necessarily be part of that, either as a Date header, x-amz-date header, or Expires query param. No part of the request or string-to-sign is issued by swift (or any of the various middlewares in swift's pipeline that are involved), and only the ec2 credentials (access & secret keys) are issued by keystone.