...
- the data encryption key has been transported via an
EncryptedKey
, encrypted with the recipient's public key - the
PrivateKey
to use for decryption of theEncryptedKey
is known in advance via some unspecified mechanism - the
EncryptedKey
is known in advance to have been carried within theEncryptedData/KeyInfo
.
...
- the data encryption key has been transported via an
EncryptedKey
, encrypted with the recipient's public key - the
PrivateKey
to use for decryption of theEncryptedKey
is not known in advance, and must be resolved from a store of local credentials, based on hints possibly provided in theEncryptedKey/KeyInfo
- Several resolution mechanisms for finding the
EncryptedKey
must be supported simultaneously, including:- inline within the
EncryptedData/KeyInfo
- as a peer of the
EncryptedData
within the SAML 2EncryptedElementType
- via a
RetrievalMethod
} within child of theEncryptedData/KeyInfo
, which points via a same-document fragment reference to anEncryptedKey
located elsewhere in the document.
- inline within the
...