Proof of address ownership

This question appears many times on SO, but there’s something in the answers I’m not getting.

I’m designing a system predicated upon API calls made to blockchain.info, but I’m having real trouble getting my head around the relationship between Pubkey, Address and digital signatures for my use-case.

Say user Jane has previously transacted using Bitcoin and we assume the transaction is confirmed on the Bitcoin blockchain. Jane now makes a request from her app-based wallet software for some metadata concerning that specific transaction via the system’s web-service.

The web-service requires Jane to prove that her wallet really instigated that transaction in order to permit her wallet access to the data, but here I get a bit hazy: From all my reading over the last 6 or 7 days, I gather the wallet software would need to sign some pre-determined message containing e.g. the TXID using the wallet’s private key, sign it and send it to the system along with the public key, but once the system receives the data, and can verify the message using the public key, so what? How does that prove the txid (or address or whatever) in that signed message, was signed by the same private key from which the transaction in question is indirectly derived? There’s some part missing for me that “reconciles” remote blockchain data with the data sent from the wallet app.

I understand basic PKI and that addresses are hashed derivations of a public key, but the digital signature part is messing with my head.

Thanks for reading. Any help would be greatly appreciated.