Dynamic response signing capability in a distributed system

What is claimed is: 1. A computer-implemented method, comprising: obtaining a cryptographic key at a first computer system in response to an indication that a first digital signature matches an application programming interface request, the cryptographic key cryptographically derived from cryptographic material and derived by performing a plurality of cryptographic operations where, for a subset of the cryptographic operations, output of each cryptographic operation of the subset is based at least in part on output of a previous cryptographic operation of the plurality of cryptographic operations and a key derivation parameter using an ordered plurality of key derivation parameters in accordance with the ordering, the indication that the first digital signature matches the application programming interface request obtained from an authentication server having access to the cryptographic material, with the cryptographic material being inaccessible to the first computer system; generating a response digital signature based at least in part on the cryptographic key; and providing the response digital signature to a requestor. 2. The computer-implemented method of claim 1 , wherein: obtaining the cryptographic key includes obtaining a second cryptographic key, the cryptographic key and the second cryptographic key being different from and derived from the cryptographic material; and the method further comprises using the second cryptographic key to verify the first digital signature of the application programming interface request obtained from the requestor. 3. The computer-implemented method of claim 1 , wherein: obtaining the cryptographic key includes obtaining information usable to cryptographically prove; to a second computer system, authority to cause the second computer system to fulfill a request submitted on behalf of the requestor; and the method further comprises using the information to submit at least one request to the second computer system. 4. The computer-implemented method of claim 1 , further comprising: obtaining the indication that the first digital signature matches the application programming interface request generated by the requestor; and obtaining the cryptographic key as a result of the first digital signature matching the application programming interface request generated by the requestor. 5. The computer-implemented method of claim 4 , further comprising: generating a response to the application programming interface request based at least in part on the indication that the first digital signature matches the application programming interface request; generating the response digital signature of the response based at least in part on the cryptographic key; and providing the response and the response digital signature of the response to the requestor. 6. The computer-implemented method of claim 4 , further comprising: obtaining the application programming interface request from the requestor, the application programming interface request including the first digital signature and a request to perform one or more operations. 7. The computer-implemented method of claim 6 , further comprising: forwarding the application programming interface request and the first digital signature to the authentication server, the authentication server including access to the cryptographic material, with the cryptographic material being shared with the requestor but inaccessible to the first computer system. 8. The computer-implemented method of claim 7 , wherein the cryptographic key is cryptographically derived by the authentication server. 9. A system, comprising: at least one computing device that at least: obtains from a computer system having access to cryptographic material used to derive a cryptographic key, an indication that a matching first digital signature matches a request, the cryptographic material being inaccessible to the at least one computing device; and generates information usable to generate one or more response signatures for a response to the request associated with the matching first digital signature, the one or more response signatures verifiable using information available to a requestor, the information usable to generate the one or more response signatures comprising the cryptographic key derived by: obtaining an ordered plurality of key derivation parameters, and performing a plurality of cryptographic operations where, for a subset of the cryptographic operations; output of each cryptographic operation of the subset is based at least in part on output of a previous cryptographic operation of the plurality of cryptographic operations and a key derivation parameter from the ordered plurality of key derivation parameters in accordance with the ordering. 10. The system of claim 9 , wherein the at least one computing device further: obtains the request and the first digital signature via a separate computing system separate from the at least one computing device, the request generated by the requestor; and determines whether the first digital signature matches the request. 11. The system of claim 10 , wherein the at least one computing device further provides the information usable to generate the one or more response signatures to the separate computing system as a result of the first digital signature matching the request. 12. The system of claim 9 , wherein the information usable to generate the one or more response signatures comprises the cryptographic key that is derived based at least in part on cryptographic material used by the requestor to generate the first digital signature associated with the request. 13. The system of claim 9 , wherein the at least one computing device further: obtains the information usable to generate the one or more response signatures; generates the response to the request; determines a response signing key based at least in part on the information usable to generate the one or more response signatures; uses the response signing key to generate the one or more response signatures of the response; and provides the response and the response digital signature to the requestor. 14. The system of claim 13 , wherein the at least one computing device is further configured to: determine a request verification key based at least in part on the request and provide the request verification key with the response signing key; and cache the request verification key and use the request verification key to verify a second digital signature on at least one future request obtained from the requestor. 15. A non-transitory computer-readable storage medium comprising executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least: obtain an indication that a request digital signature matches a request, the indication obtained from a system having access to cryptographic material that is inaccessible to the computer system and used to derive a cryptographic key obtained in response to the indication; and generate a digital signature for a response to the request and the request digital signature that matches the request based at least in part on an ordered plurality of derivation parameters and by performing a plurality of cryptographic operations where, for a subset of the cryptographic operations, output of each cryptographic operation of the subset is based at least in part on output of a previous cryptographic operation of the plurality of cryptographic operations and a key derivation parameter including a portion of a set of information including an ordered plural