The Locate and Validate operations are both used to obtain information about a public key from an XKMS Service. Locate and Validate services are both expected to attempt to provide correct information to the requester. They differ in the extent to which the service endeavors to ascertain, and consequently vouch for, the accuracy of the information returned. A Location service will return information that is, to the best of its knowledge, accurate. A Validation service will perform additional processing such as cryptographic validation over statements and policies under some definition of trust/validity.
For example, a Locate service could collect public key information publicly available on the Internet without performing any checks to determine whether specific information is current, nor valid given a definition of trust and a local policy. On the other hand, a Validation service that supports [PGP] could validate a signature on the returned key and vouch for its suitability under [PGP]'s concept of a "trust-worthy introducer" given (1) the definition (and associated processing) of that term and (2) the service's threshold (policy) over the number of permitted transitive introductions. Since information obtained from a Locate service can not be consider reliable it can be forwarded to a Validate service or processed locally to achieve the appropriate level of confidence.