13.6. The X509Data Element

Like all other children of KeyInfo, an X509Data element contains information to help the recipient figure out which key to use, including information to link that key to an authenticating entity. It has the richest structure, in terms of alternate and parallel allowed element content, of any KeyInfo child element specified in the XML Security standards. For its identifier, see Table 13-1.

The X509Data element consists of one or more X509 key identifiers, X509 certificates, certificate identifiers, or revocation lists. (See [ISO 9594] and Chapter 2 for a discussion of X509 certificates and related identifiers.) Implementation of X509Data is optional.

The content of X509Data must include at least one element, from the ...

Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.