Page Comparison

...

1. the data encryption key has been transported via an EncryptedKey, encrypted with the recipient's public key
2. the PrivateKey to use for decryption of the EncryptedKey is known in advance via some unspecified mechanism
3. the EncryptedKey is known in advance to have been carried within the EncryptedData/KeyInfo.

...

1. the data encryption key has been transported via an EncryptedKey, encrypted with the recipient's public key
2. the PrivateKey to use for decryption of the EncryptedKey is not known in advance, and must be resolved from a store of local credentials, based on hints possibly provided in the EncryptedKey/KeyInfo
3. Several resolution mechanisms for finding the EncryptedKey must be supported simultaneously, including:
   1. inline within the EncryptedData/KeyInfo
   2. as a peer of the EncryptedData within the SAML 2 EncryptedElementType
   3. via a RetrievalMethod} within child of the EncryptedData/KeyInfo, which points via a same-document fragment reference to an EncryptedKey located elsewhere in the document.

...