We're new to SOAP processing and are trying to be a 'client' of a SOAP
transaction that requires a digital signature.  We are confused by
some of the content of the resulting SOAP envelope we're sending.  I'm
providing a small subset (two snippets) of the XML below:

<ds:Reference URI="#wsse-c6c4c000-fbe0-11da-a69f-8368d93ad33d">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>fVzb8SLK36T+PajYqlOCHzOPi4I=</ds:DigestValue>
</ds:Reference>

<wsu:Timestamp xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created wsu:Id="wsse-c6c4c000-fbe0-11da-a69f-8368d93ad33d">2006-06-14T20:02:58Z
</wsu:Created>
</wsu:Timestamp>

Again, we're clueless, but we're betting that the URI mentioned in the
first snippet and the 'wsu:Id' mentioned in the second indicate that
these two pieces of XML 'relate' to each other.

If so, how does the DigestValue value in the first snippet get
created?  Is it somehow a hash (SHA1, base64, ?) of the timestamp
value mentioned in the second snippet?  Are there other 'components'
of the SOAP request (not shown here) that influence the DigestValues
that get created?

In case you're wondering, we're trying to process this request via
PHP5, and PHP5 has built-in SOAP capabilities, but no capabilities to
work with digital signatures (WSS).  We're hoping we can somehow
hand-build the 'signature' portion of the SOAP request, but can't
figure out how a valid request gets built in the first place.

We're hoping if we can start to decipher some of the pieces (like the
DigestValue mentioned above), we'll get a handle on things.

An answer to this question is not simple 'you can't do that in PHP --
use Java'.  An answer to this question sheds some like on the XML
mentioned above.

Thanks.