The RetrievalMethod element appears as a child of KeyInfo. It conveys a reference to KeyInfo information that is stored at another location. For example, several signatures in a document might use a key supported by an X.509v3 certificate chain. With RetrievalMethod, that chain need appear only once in the document or remotely outside the document, and each signature's KeyInfo can then reference it. Use of RetrievalMethod is recommended for XMLDSIG implementations and, for same document retrievals only, required for XML Encryption implementations.
RetrievalMethod uses the same syntax and retrieval behavior as the Reference element described in Chapter 10. It has a URI attribute and uses the Reference element processing model, with two exceptions:
The Type attribute to RetrievalMethod is an optional identifier for the type of data to be retrieved. Dereferencing a RetrievalMethod Reference for all KeyInfo types with a corresponding XML structure results in an XML element or document with that element as the root. The various "raw" key information types, such as rawX509Certificate (for which no XML structure exists), return a binary value and thus normally require a Type attribute. This result occurs because binary types are not unambiguously parseable. If the result of dereferencing and possibly transforming the specified URI is a node-set, it may need to be canonicalized. The RetrievalMethod element DTD follows: <!-- RetrievalMethod DTD --> <!ELEMENT RetrievalMethod (Transforms?) > <!ATTLIST RetrievalMethod URI CDATA #REQUIRED Type CDATA #IMPLIED > In schema notation, it has the following form: <!-- RetrievalMethod schema --> <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> <complexType name="RetrievalMethodType"> <sequence> <element name="Transforms" type="ds:TransformsType" minOccurs="0"/> </sequence> <attribute name="URI" type="anyURI"/> <attribute name="Type" type="anyURI" use="optional"/> </complexType>
The URIs in Table 13-3 can appear as the Type attribute of a RetrievalMethod, in addition to all of the URIs provided in Table 13-1. |