If you want to implement the standard, you parser must be prepared to download extra data when the file requires (it doesn't actually need to download schema, even though it's the naive way to implement it).
A lot of parsers do not implement the standard, and they are better for it, because this can create huge security issues. But it's something you have to be always aware of, and could change on any minor version update.
Right, if you are willing to validate any and all random documents, you will have to have some sort of way to get the schemas. I can think of very few reasons to validate unknown schemas in an application, though. Would be like allowing your parser to take in external entities. Can be useful and there are valid reasons for trusted sources. But not for random documents from the web.
A lot of parsers do not implement the standard, and they are better for it, because this can create huge security issues. But it's something you have to be always aware of, and could change on any minor version update.