Managed identity federation

What is claimed is: 1. A computer-implemented method, comprising: at a first system of a computing resource service provider: collecting cryptographic information from a plurality of identity verification providers, the cryptographic information including a plurality of cryptographic keys, each cryptographic key usable to analyze tokens generated by a different identity verification provider of the plurality of identity verification providers; and providing configuration information to a plurality of systems of the computing resource service provider different from the first system, the configuration information including at least the plurality of cryptographic keys, the configuration information provided to the plurality of systems being specific to each of the plurality of systems; and by one of the plurality of systems of the computing resource service provider different from the first system: receiving, from a requestor that is separate from the plurality of identity verification providers and the first system, a request that includes a submitted token; determining, using the configuration information already provided by the first system, that the submitted token includes a valid attestation by the identity verification provider associated with the one of the plurality of cryptographic keys and that the requestor is allowed to have the request fulfilled, the requestor lacking access to the plurality of cryptographic keys; and when it is determined that the requestor is allowed to have the request fulfilled, fulfilling the request. 2. The computer-implemented method of claim 1 , wherein the identity verification provider associated with the one of the plurality of cryptographic keys is managed by a third-party entity. 3. The computer-implemented method of claim 1 , further comprising: selecting, from the cryptographic information, the one of the plurality of cryptographic keys corresponding to the identity verification provider associated with the one of the plurality of cryptographic keys; and using the one of the plurality of cryptographic keys to decrypt the submitted token. 4. The computer-implemented method of claim 1 , wherein both receiving the request and using the configuration information to analyze the submitted token are performed by a server of the different system. 5. The computer-implemented method of claim 1 , wherein: the different system is one of a plurality of services; the configuration information includes a mapping usable to map identities of the identity verification providers to client identifiers; and each service of the plurality of services is provided a different mapping such that different services map a same client identity verification provider identity to different client identifiers. 6. The computer-implemented method of claim 1 , wherein: the different system provides a computing resource service of a computing resource service provider utilized by a third party to provide a third-party service; and fulfilling the request includes providing the request to the different system for processing. 7. A system, comprising: memory to store instructions that, as a result of execution by one or more processors, cause a collection of computing devices to collectively implement one or more services, each service of the one or more services that locally: obtain, by a first system of a computing resource service provider, cryptographic information corresponding to a plurality of identity verification providers, the cryptographic information including a plurality of cryptographic keys, each cryptographic key usable to verify validity of tokens generated by a different identity verification provider of the plurality of identity verification providers; identify, by the first system, from the plurality of identity verification providers to which a client computing device has access, a second plurality of identity verification providers for which tokens will be accepted; provide, by the first system, configuration information to a plurality of systems of the computing resource service provider different from the first system, the configuration information including at least a second plurality of cryptographic keys associated with the second plurality of identity verification providers, the configuration information provided to the plurality of systems being specific to each of the plurality of systems; receive, by a second system which is one of the plurality of systems of the computing resource service provider different from the first system, from a requestor that is separate from the plurality of identity verification providers and the first system, a request, the request including a token, the requestor lacking access to the plurality of cryptographic keys; identify, by the second system, that the token is associated with an identity verification provider of the second plurality of identity verification providers; verify, by the second system and using the configuration information already provided by the first system, validity of the token based on a cryptographic key specific to the identity verification provider and usable to verify validity of tokens generated by the identity verification provider; and when the validity of the token is verified, fulfill, by the second system, the request. 8. The system of claim 7 , wherein the service includes a server that both accesses the cryptographic information and uses the cryptographic information to verify the validity of the token. 9. The system of claim 8 , wherein the server is from a plurality of servers each operable to: receive the request and the token; access the cryptographic information; and use the cryptographic information to verify the validity of the token. 10. The system of claim 7 , wherein the service further selects, based at least in part on the token, the cryptographic information from multiple instances of cryptographic information each corresponding to a different identity verification provider. 11. The system of claim 7 , wherein the collection of computing devices further implement a managed federation propagator that: tracks updates to a set of identity verification providers that include the identity verification provider; and provides updated configuration information to the one or more services in accordance with the tracked updates, the updated configuration information including information necessary for verifying tokens generated by the identity verification providers. 12. The system of claim 11 , wherein the managed federation propagator further provides the updated configuration information to one or more third-party services thereby enabling the one or more third-party services to verify tokens generated by the identity verification providers. 13. The system of claim 7 , wherein: the one or more services comprise a plurality of services; and the service, for each identity verification provider identity of a plurality of identity verification provider identities, maps the identity verification provider identity to a client identifier unique to the service and different from another client identifier to which another service maps the verification provider identity. 14. The system of claim 13 , wherein: the service tracks usage of the service in association with a first client identifier; and the system further comprises at least one backend service that aggregates usage information from each service of the plurality of services by at least mapping different client identifiers corresponding to a same identity verification provider identity to the same verification provider identity.