Keystone provides identity and access policy services for all components in the OpenStack family. It implements it's own REST based API (Identity API). It provides authentication and authorization for all components of OpenStack including (but not limited to) Swift, Glance, Nova. Authentication verifies that a request actually comes from who it says it does. Authorization is verifying whether the authenticated user has access to the services he/she is requesting for.
Keystone provides two ways of authentication. One is username/password based and the other is token based. Apart from that, keystone provides the following services:
Token Service (that carries authorization information about an authenticated user)
Catalog Service (that contains a list of available services at the users' disposal)
Policy Service (that let's keystone manage access to specific services by specific users or groups).
