Why do we need it?
The eRoaming Platform is accessed by roaming partners. Besides the users who access the user interface of the platform, there are backend systems which communicate with the platform in automated ways via Web Service calls.
The eRoaming Platform, called Hubject Brokering System (HBS), is operated by Hubject. Roaming partners are operating their systems separately. Communication between the HBS and roaming partners use standard internet. Connections need to be secure to achieve the following information security:
- Confidentiality - messages can only be read by intended recipients.
- Integrity - altering of messages during transmission (deliberately or by technical errors) must be detected.
- Authenticity - messages must be attributable to a unique sender. The sender must not be able to retract the transmission of the message.
IT security mechanisms
IP whitelisting
Incoming connections of roaming partner backends are sent via the internet to the HBS. Access is only possible if your IP address is whitelisted. Outgoing HBS connections are sent directly to the partner backend systems passing your firewall in case you have one. Please note that your IP address must be static.
Please add your IPs that need to be whitelisted to the Tech Onboarding Questionnaire sent to you via Contractbook.
HTTPS & certificates
Web Services transmission uses HTTPS, the SSL/TLS secured HTTP variant. The SSL tunnel guarantees information security, including: confidentiality via encryption, integrity via signed checksums and authenticity via authentication using digital signatures and certificates.
Hubject will include the Hubject certificate in all outgoing calls from Hubject to the partner - please add it to your system's truststore. You will receive the Hubject certificate in the QA phase of your onboarding.
Alternatively, you may add a user certificate signed by e.g. Digicert to your system's truststore - please upload this one to the Certificate Management section of your HBS account.
Next, read more about how to create a Certificate Signing Request (CSR).