As a Product Owner I want that JSON Web Token (JWT) can be transferred via X-Road so that X-Road has default mechanism to do the transfer

[hanhaka]

Affected components: Proxy, messagelog Affected documentation: Message Protocol, PR-MESS Estimated delivery: Q4/2017 External reference: https://jira.csc.fi/browse/PVAYLADEV-947

Problem It must be possible to transfer a JSON Web Token via the X-Road. Based on pre-study made earlier, most convenient way is to use the X-Road protocol extension header for transfer

An X-Road protocol extension is specified as an public XML Schema that defines one or more optional elements that can be included in the header part of the SOAP message. In it's simplest form it is just an XML element without any functional modifications to the security server. Technically, the element(s) could also be used the the message body within the service wrapper element if the provider, but it is not possible to change the structure of the SOAP body part (must have only one direct child element, name of which must match serviceCode) without breaking backwards compatibility

It must be possible to disable the writing of JWT extension header to messagelog database in some cases (for example in some countries there might be a law prohibiting this).

As a summary, this feature is an optional feature and the users who do not use the feature will not be affected.

Acceptance criteria

• New X-Road protocol extension schema is created for JWT
• It has been implemented JWT transfer mechanism to X-Road (with the possibility to disable writing to messagelog)
• Documentation is updated

[hanhaka]

Fixed in 6.17.0, see: https://github.com/ria-ee/X-Road/pull/68