diff --git a/opal/mca/sec/keystone/configure.m4 b/opal/mca/sec/keystone/configure.m4
index 51ef7a635e..51b8ad4e2d 100644
--- a/opal/mca/sec/keystone/configure.m4
+++ b/opal/mca/sec/keystone/configure.m4
@@ -19,22 +19,25 @@ AC_DEFUN([MCA_opal_sec_keystone_CONFIG], [
 	                        [], with_keystone=no)
 
     # do not build if support not requested
+    AC_MSG_CHECKING([want keystone security])
     AS_IF([test "$with_keystone" != "no"],
-          [AS_IF([test ! -z "$with_keystone" -a "$with_keystone" != "yes"],
+          [AC_MSG_RESULT([yes])
+           AS_IF([test ! -z "$with_keystone" -a "$with_keystone" != "yes"],
                  [opal_check_keystone_dir="$with_keystone"])
            OMPI_CHECK_PACKAGE([sec_keystone],
-                              [libkeystone.h],
-                              [keystone],
-                              [keystoneFN],
+                              [curl/curl.h],
+                              [curl],
+                              [curl_easy_init],
+                              [],
                               [],
-                              [$opal_check_keystone_dir],
                               [],
                               [$1],
                               [AC_MSG_WARN([KEYSTONE SUPPORT REQUESTED])
-                               AC_MSG_WARN([BUT REQUIRED LIBRARY OR HEADER NOT FOUND])
+                               AC_MSG_WARN([BUT REQUIRED CURL LIBRARY OR HEADER NOT FOUND])
                                AC_MSG_ERROR([CANNOT CONTINUE])
                                $2])],
-          [$2])
+          [AC_MSG_RESULT([no])
+           $2])
 
     AC_SUBST(sec_keystone_CPPFLAGS)
     AC_SUBST(sec_keystone_LDFLAGS)
diff --git a/opal/mca/sec/keystone/sec_keystone.c b/opal/mca/sec/keystone/sec_keystone.c
index e9f3be3210..2308258942 100644
--- a/opal/mca/sec/keystone/sec_keystone.c
+++ b/opal/mca/sec/keystone/sec_keystone.c
@@ -11,6 +11,16 @@
 #include "opal_config.h"
 #include "opal/constants.h"
 
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif  /* HAVE_UNISTD_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif  /* HAVE_STRING_H */
+#include <stdio.h>
+#include <curl/curl.h>
+
 #include "opal_stdint.h"
 #include "opal/dss/dss_types.h"
 #include "opal/util/error.h"
@@ -35,16 +45,54 @@ opal_sec_base_module_t opal_sec_keystone_module = {
 
 static int init(void)
 {
+    /* init libcurl */
+    curl_global_init(CURL_GLOBAL_ALL);
+
     return OPAL_SUCCESS;
 }
 
 static void finalize(void)
 {
+    /* cleanup libcurl */
+    curl_global_cleanup();
+}
+
+static size_t op_cbfunc(void *ptr, size_t size, size_t count, void *stream)
+{
+    opal_output(0, "CURL RETURNED: %s", (char*)stream);
+    return size;
 }
 
 static int get_my_cred(opal_identifier_t *my_id,
                        opal_sec_cred_t **cred)
 {
+    char *cmd;
+    CURL *curl;
+    CURLcode rc;
+
+    opal_output_verbose(5, opal_sec_base_framework.framework_output,
+                        "keystone:get_my_cred");
+
+    /* ensure we return at least a NULL */
+    *cred = NULL;
+
+    /* query the keystone server */
+    asprintf(&cmd, "%sget_cred", mca_sec_keystone_component.url);
+    curl = curl_easy_init();
+    curl_easy_setopt(curl, CURLOPT_URL, cmd);
+    /* send the data to this function */
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, op_cbfunc);
+    /* execute it */
+    if (CURLE_OK != (rc = curl_easy_perform(curl))) {
+        opal_output(0, "Error while fetching '%s' : %s",
+                    cmd, curl_easy_strerror(rc));
+    }
+    /* the data will have been returned in the callback
+     * function when easy_perform completes
+     */
+    curl_easy_cleanup(curl);
+    free(cmd);
+
     return OPAL_ERR_NOT_IMPLEMENTED;
 }
 
diff --git a/opal/mca/sec/keystone/sec_keystone.h b/opal/mca/sec/keystone/sec_keystone.h
index 01488a49ba..2319dd32b4 100644
--- a/opal/mca/sec/keystone/sec_keystone.h
+++ b/opal/mca/sec/keystone/sec_keystone.h
@@ -14,8 +14,12 @@
 
 BEGIN_C_DECLS
 
+typedef struct {
+    opal_sec_base_component_t super;
+    char *url;
+} mca_sec_keystone_component_t;
 
-OPAL_MODULE_DECLSPEC extern opal_sec_base_component_t mca_sec_keystone_component;
+OPAL_MODULE_DECLSPEC extern mca_sec_keystone_component_t mca_sec_keystone_component;
 OPAL_DECLSPEC extern opal_sec_base_module_t opal_sec_keystone_module;
 
 END_C_DECLS
diff --git a/opal/mca/sec/keystone/sec_keystone_component.c b/opal/mca/sec/keystone/sec_keystone_component.c
index 474724cb3b..8a4effc031 100644
--- a/opal/mca/sec/keystone/sec_keystone_component.c
+++ b/opal/mca/sec/keystone/sec_keystone_component.c
@@ -19,30 +19,33 @@
 static int sec_keystone_component_open(void);
 static int sec_keystone_component_query(mca_base_module_t **module, int *priority);
 static int sec_keystone_component_close(void);
+static int sec_keystone_component_register(void);
 
 /*
  * Instantiate the public struct with all of our public information
  * and pointers to our public functions in it
  */
-opal_sec_base_component_t mca_sec_keystone_component = {
+mca_sec_keystone_component_t mca_sec_keystone_component = {
     {
-        OPAL_SEC_BASE_VERSION_1_0_0,
+        {
+            OPAL_SEC_BASE_VERSION_1_0_0,
 
-        /* Component name and version */
-        "keystone",
-        OPAL_MAJOR_VERSION,
-        OPAL_MINOR_VERSION,
-        OPAL_RELEASE_VERSION,
+            /* Component name and version */
+            "keystone",
+            OPAL_MAJOR_VERSION,
+            OPAL_MINOR_VERSION,
+            OPAL_RELEASE_VERSION,
 
-        /* Component open and close functions */
-        sec_keystone_component_open,
-        sec_keystone_component_close,
-        sec_keystone_component_query,
-        NULL
-    },
-    {
-        /* The component is checkpoint ready */
-        MCA_BASE_METADATA_PARAM_CHECKPOINT
+            /* Component open and close functions */
+            sec_keystone_component_open,
+            sec_keystone_component_close,
+            sec_keystone_component_query,
+            sec_keystone_component_register
+        },
+        {
+            /* The component is checkpoint ready */
+            MCA_BASE_METADATA_PARAM_CHECKPOINT
+        }
     }
 };
 
@@ -53,10 +56,16 @@ static int sec_keystone_component_open(void)
 
 static int sec_keystone_component_query(mca_base_module_t **module, int *priority)
 {
-    /* we are the default, so set ourselves low in the priority */
-    *priority = 0;
-    *module = (mca_base_module_t*)&opal_sec_keystone_module;
-    return OPAL_SUCCESS;
+    if (NULL != mca_sec_keystone_component.url) {
+        /* we are the default, so set ourselves low in the priority */
+        *priority = 0;
+        *module = (mca_base_module_t*)&opal_sec_keystone_module;
+        return OPAL_SUCCESS;
+    }
+
+    /* otherwise, we cannot be selected */
+    *module = NULL;
+    return OPAL_ERROR;
 }
 
 
@@ -64,3 +73,21 @@ static int sec_keystone_component_close(void)
 {
     return OPAL_SUCCESS;
 }
+
+static int sec_keystone_component_register(void);
+{
+    mca_base_component_t *c = &mca_sec_keystone_file_component.super.base_version;
+    char *value;
+
+    mca_sec_keystone_component.url = NULL;
+    value = NULL;
+    tmp = mca_base_component_var_register(c, "address",
+                                          "Address of the Keystone server (hostname or IP)",
+                                          MCA_BASE_VAR_TYPE_STRING, NULL, 0, 0,
+                                          OPAL_INFO_LVL_9,
+                                          MCA_BASE_VAR_SCOPE_READONLY, &value);
+    if (NULL != value) {
+        /* we can operate */
+        asprintf(&mca_sec_keystone_component.url, "http://%s/ws/v1/", value);
+    }
+}