Neither XML Signature nor Encryption specify how to obtain
trustworhty keys.
There's a body of existing (non-XML) standards and infrastucture
to satisfy this requirement.
XKMS provides a Web/XML based interface to existing infrastructure
for XML based applications.