Otherwise, you have to be storing a plethora of
different signers' certificates to be able to validate all the
institution's certificates that come in.you need those certs to verify the live data anyway
Yes, the reason why you want to validate the institution's certificates
is so you can verify the data signed with that cert (signed with the private
key associated with the public key in the cert, to be explicit).
--Sandy