ds:Signature
element contains a valid
signature. Certificate is bound to the certificate that appears
in the element if the signature is valid. It is up to the caller
to determine if the certificate is trusted or not.
Note: The DOM and SignatureDOM must have been obtained using
the load_structure/3 option keep_prefix(true)
otherwise it is
impossible to generate an identical document for checking the
signature. See also xml_write_canonical/3.