Digital Signature Certificate Part

If present, the Digital Signature Certificate part contains an X.509 certificate for validating the signature. Alternatively, the producer might store the certificate as a separate part in the package, might embed it within the Digital Signature XML Signature part itself, or might not include it in the package if certificate data is known or can be obtained from a local or remote certificate store. [O6.5]

The package digital signature infrastructure supports X.509 certificate technology for signer authentication.

If the certificate is represented as a separate part within the package, the producer shall target that certificate from the appropriate Digital Signature XML Signature part by a Digital Signature Certificate relationship as specified in Annex F, “Standard Namespaces and Content Types” and the consumer shall use that relationship to locate the certificate. [M6.4] The producer might sign the part holding the certificate. [O6.6] The content types of the Digital Signature Certificate part and the relationship targeting it from the Digital Signature XML Signature part are defined in Annex F, “Standard Namespaces and Content Types”, Producers might share Digital Signature Certificate parts by using the same certificate to create more than one signature. [O6.7] Producers generating digital signatures should not create Digital Signature Certificate parts that are not the target of at least one Digital Signature Certificate relationship from a Digital Signature XML Signature part. In addition, producers should remove a Digital Signature Certificate part if removing the last Digital Signature XML Signature part that has a Digital Signature Certificate relationship to it. [S6.2]