Roaming Platform
Topics in this document:
To access this section in EV Charge, from the Menu, click Roaming.
Roaming Platform
Represents a third-party roaming platform node which is configured to communicate with roaming node configured by roaming profile in Tridens EV Charge central system. Third-party platform node can be a Hub or specific CPO or eMSP. Roaming platform is configured in the scope of roaming profile, making platform dependent on the profile settings.
Required to configure:
- Roaming identifier
- Platform type
- Base API URL of platform
- Country
Roaming Access Configuration
In order to enable the communication between the roaming node of Tridens EV Charge and the third-party roaming node, the selected roaming protocol’s specific access configuration is required.
The configuration is separated on two parts, depending on which communication protocol is selected:
- OCPI Access Configuration
- OICP Access Configuration
OCPI Access Configuration
Applies for protocols: OCPI
Communication between the two OCPI nodes, whether CPO, eMSP, hub or other is initiated by registration and credentials exchange.
As OCPI protocol defines, one of the two integrating nodes provide a registration token to the second node. The second node uses the registration token to initiate the communication between the two nodes, by exchanging and deciding the common protocol version, available operational modules with addresses and to finalize the credentials exchange.
Credentials exchange is done when both nodes determine to each other a new access token and registration token is revoked.
Access Initiation Setup and Guidelines
Step-by-step registration example #1, when roaming node of Tridens EV Charge initiates the registration to the third-party roaming platform node.
Third-party roaming platform generates the registration token.
Registration token is forwarded in a safe way to the roaming client of Tridens EV Charge. How this step is done, depends on the onboarding communication channel between the roaming sides.
Roaming node of Tridens EV Charge uses registration token provided by the third-party roaming platform and assigns it on the roaming platform configuration by using the “Use Registration Token → Assign Registration Token” feature.
Trigger credentials registration by using “Register Credentials” feature.
Step-by-step registration example #2, when third-party roaming platform node initiates the registration to the roaming node of Tridens EV Charge.
Roaming client on Tridens EV Charge provides registration token to the third-party roaming platform by using the feature “Provide Registration Token → Generate and Assign Registration Token”.
Read the generated token for the roaming platform by using the feature “Read Credentials → Read Registration Token”.
Forward the token in a safe way to the third-party roaming platform. How this step is done, depends on the onboarding communication channel between the roaming sides.
Third-party roaming platform initiates the credentials registration.
Operations to manage OCPI credentials on Tridens EV Charge:
- Assigning Registration Token
- Register Credentials
- Update Credentials
- Invalidate Credentials
- Read Credentials
Assigning the Registration Token
Serves for setup of credentials registration for later communication establishment between the Tridens EV Charge and the third-party roaming platform.
To initiate the credentials registration, one of the two integrating OCPI nodes need to provide the registration token to the other node. By the registration token, the other node will initiate the communication and complete the registration process.
There are exclusionary options on how to determine and use the registration token for OCPI nodes registration, as further described in this section. However, token can be provided or used.
Provide Registration Token
A registration token is provided by the Tridens EV Charge OCPI node, so the other OCPI node platform needs to use this registration token to initiate the OCPI credentials registration and connection establishment.
Generate and Assign Registration Token
By this operation, Tridens EV Charge auto-generates a new registration token for a third-party roaming platform. Platform uses the registration token in later steps, to initialize the OCPI credentials registration and connection establishment.
Assign Registration Token
By this operation, a custom registration token for a third-party roaming platform is assigned on the Tridens EV Charge. Platform uses the registration token in later steps, to initialize the OCPI credentials registration and connection establishment.
Use Registration Token
A registration token is provided by the third-party roaming platform node, so the Tridens EV Charge OCPI node platform needs to use this registration token to initiate the OCPI credentials registration and connection establishment.
Assign Registration Token
Assigns the registration token, which is provided by the third-party roaming platform, so it can be used by Tridens EV Charge to initialize the OCPI credentials registration and connection establishment in later steps.
Register Credentials
Serves to trigger credentials exchange based on registration settings and establishes communication between the Tridens EV Charge and the third-party roaming platform.
Executes the credentials registration process with the third-party roaming platform. Operation uses the assigned registration token and invalidates it after, which means that new assigned credentials need to be used in further communication, as of OCPI.
This is an operation which needs to be initiated by the side to whom the registration token is provided.
Update Credentials
Executes the credentials update for the third-party roaming platform. Operation invalidates an existing access token, which means that new assigned credentials need to be used in further communication to Tridens EV Charge, as of OCPI.
Operation notifies other roaming party with new credentials to access Tridens EV Charge.
Invalidate Credentials
Invalidates all roaming platform’s existing access credentials. Includes revocation of access token, remote access token and registration token.
Read Credentials
Serves to read an existing assigned access credentials used in communication between the roaming platforms.
OICP Access Configuration
Applies for protocols: OICP.
Communication between the two OICP nodes, usually CPO/eMSP with the hub requires mutual certificate authentication, also referred to as mTLS. Thus, each of the two roaming nodes must present itself to the other one with a signed certificate, which is trusted and acceptable by the other side. The signed certificate also serves for identification purposes.
Table: Terminology of access certificates configuration on Roaming Platform
Term | Description |
---|---|
Access Certificate | Access certificate for the third-party roaming platform, by which it gains access to Tridens EV Charge’s roaming protocol specific API. This is a client certificate, which the third-party roaming platform needs to present. |
Remote Access Certificate | Access certificate which Tridens EV Charge’s roaming node needs to use when accessing the third-party roaming platform node’s protocol specific API. This is a client certificate, which Tridens EV Charge’s roaming node presents when calling the third-party roaming platform API. |
Remote Root Certificate | Public authority certificate of the third-party roaming platform node, so Tridens EV Charge can trust the certificates signed by this authority. |
Access Setup and Guidelines
Let’s say a CPO and roaming hub platform wants to integrate with each other by OICP.
To enable a CPO to communicate with the roaming hub in scope of mutual certificate authentication:
- CPO manager on Tridens EV Charge generates a private/public key pair and certificate signing request (CSR).
- CPO manager handles the public key and CSR to the roaming hub provider manager.
- Roaming hub provider manager signs the CSR by roaming hub’s trusted certificate authority, resulting in a signed trusted certificate of CPO.
- Roaming hub manager handles the signed trusted certificate to the CPO manager.
- Roaming hub trusts and identifies the communication with such signed certificate, as it was signed by its trusted certificate authority.
To enable a roaming hub to communicate with a CPO in scope of mutual certificate authentication:
- Roaming hub manager generates a private/public key pair and CSR.
- Roaming hub manager handles the public key and CSR to the CPO manager on Tridens EV Charge.
- CPO manager signs the CSR by the CPO’s trusted certificate authority, resulting in a signed trusted certificate of a hub.
- CPO manager handles the signed trusted certificate to the roaming hub manager.
- CPO trusts and identifies the communication with such signed certificate, as it was signed by its trusted certificate authority.
Access Setup Operations
Tridens EV Charge provides operations over the Roaming Platform, to provide management of mutual certificate verification access.
Access Certificate
Operations to manage access certificate for the third-party roaming platform, by which it gains access to Tridens EV Charge’s roaming protocol specific API.
Can be done by either by:
a) Directly assigning the access certificate and its private key to the roaming platform configuration.
b) By preparing and signing the certificate signing request (CSR), where resulting certificate is assigned to the roaming platform configuration.
Available Operations:
- Assign Access Certificate
- Generate Private Key and Certificate Signing Request (CSR)
- Sign CSR and Assign Access Certificate
Assign Access Certificate
Accepts PEM or plain Base64 encoded binary data of certificate with its correlated private key and assigns it to the roaming platform.
Used to verify/identify an access certificate of the third-party roaming node.
Generate Keys and Certificate Signing Request (CSR)
Provides a form to issue a certificate. Form accepts required attributes for the certificate signing and generates a private/public key pair. As a result, Base64 encoded binary data of CSR is returned, along with the Base64 encoded representation of private and public key.
Used to generate a certificate signing request with private/public keys, so the Tridens EV Charge or trusted authority can be requested to sign an access certificate.
Sign CSR and Assign Access Certificate
Accepts PEM or plain Base64 encoded binary data of CSR and a reference to the existing system’s trust root certificate which signs this certificate. Certificate is assigned to the roaming platform. Base64 encoded certificate content is returned back. Used to sign certificate signing request and obtain an access certificate.
Remote Access Certificate
Operations to manage access certificate which Tridens EV Charge’s roaming node needs to use when accessing the third-party roaming platform node’s protocol specific API.
Available Operations:
- Generate Keys and Certificate Signing Request (CSR)
- Assign Remote Access Certificate
- Assign Remote Trusted Root/Intermediate Certificate
Generate Keys and Certificate Signing Request (CSR)
Provides a form to issue a certificate. Form accepts required attributes for the certificate signing and generates a private/public key pair. As a result, Base64 encoded binary data of CSR is returned, along with the Base64 encoded representation of private and public key.
Used to help you generate a certificate signing request with private/public keys, so the third-party roaming platform’s authority can be requested to sign an access certificate.
Assign Remote Access Certificate
Accepts PEM or plain Base64 encoded binary data of certificate with its correlated private key and assigns it to the roaming platform.
Required to use for access to the third-party roaming platform.
Assign Remote Trusted Root/Intermediate Certificate
Accepts PEM or plain Base64 encoded binary data of a trusted public root/intermediate authority certificate of the third-party roaming platform node and assigns it to the roaming platform in Tridens EV Charge, so it can trust the certificates signed by this authority.
Required to trust the communication with the third-party roaming platform.
Invalidate
Invalidates all roaming platform’s existing access credentials. Includes revocation of access certificate, remote access certificate and remote root certificate.