In general, when someone wants to verify/decrypt something encrypted with a private key, the associated public key must be known (which is the whole point of public-key/asymmetric cryptography).
In the XMLSignature
context, someone wanting to verify a document with a XMLSignature will need to know what public key to use; thus the public key can be included in a XMLSignature structure for convenience.
Successful verification of the XMLSignature means one can trust that the data signed has not been modified since the signature was created. If the public key is known to be associated with a particular party, then one can trust that party created the signature.
As noted in the tutorial, you still have to "sign" the signature with:
signature.sign(dsc);