[Cryptography] Service-to-Service Object Integrity

[Jomama]

I have an object that is passed along in a header to a number of downstream services.  I am trying to ensure the object can be verified along the way as to who signed it and that it has not been tampered with.  There is a requirement that upon certain authorization checks a one time re-sign might be needed.  Verification must be fast. Services are not trusted to have signing keys and must delegate signing to a security component. This is internal data center only traffic.

Thoughts so far are: 

-HMAC while fast is limited as all the signs/verifies must be done out-of-process or off box. Performance is dictated by the latency of these calls.
-RSA 2048 is slow for signing, verification is fast and we are ok giving services public key for verification. 
-RSA 1024 meets all the performance needs and is better than no integrity.

Ideas are welcomed,

Jomama