OpenSAML user discussion

This a question regarding the KeyInfo element of signed objects:

I see that OpenSAML allows a choice as to whether verifiying keying material 
is explicitly provided by the caller or is taken from within the object 
itself:

org.opensaml.SAMLObject.verify()
"Verifies the signature using only the keying material included within it"

org.opensaml.SAMLObject.verify(java.security.cert.Certificate cert)

What is the purpose of being able to verify the signature using only the 
keying material included within it?  You can't trust the message to tell you 
which keying material to use to trust itself.  Is this only meant for signed 
objects that are themselves contained within an encompassing signed content 
(i.e., not meant for a single, enveloped signature across the entire 
message)?   

I've skimmed through "Guidelines for using XML Signatures with the OASIS 
Security Assertion Markup Language (SAML)"  
(http://www.oasis-open.org/committees/security/docs/draft-sstc-xmlsig-guidelines-03.pdf),
 which defers to the XMLDSig spec for validation:

The core validation section of XMLDSig states:

(http://www.w3.org/TR/xmldsig-core/#sec-CoreValidation)

 3.2.2 Signature Validation

   1. Obtain the keying information from KeyInfo or from an external source.

Yet there doesn't appear to be any warning about not trusting the KeyInfo 
element if there's no additional mechanism to prevent abitrary keying.  
Clearly the goal is not just "this content hasn't changed since key A signed 
it," but, rather, "this content hasn't changed since the key that you expect 
to have signed it has signed it"

Thoughts and comments appreciated.

David