Roaming hub for secure interconnect in roaming scenarios

What is claimed is: 1. A method of message forwarding, the method comprising: receiving, at a roaming hub, a message from a sending entity across an N32 interface; and determining, at the roaming hub, whether the message includes a first Hypertext Transfer Protocol (HTTP) custom header that indicates a Public Land Mobile Network (PLMN) that is validated; when the message as received does not include the first HTTP custom header, the method further comprises: adding the first HTTP custom header to the message that indicates the PLMN of the sending entity; integrity protecting the first HTTP custom header; and forwarding the message from the roaming hub toward a receiving entity. 2. The method of claim 1 wherein: when the message as received includes the first HTTP custom header, the method further comprises: performing integrity verification on the first HTTP custom header to validate content of the first HTTP custom header; integrity protecting the first HTTP custom header; and forwarding the message from the roaming hub toward the receiving entity. 3. The method of claim 2 wherein: the first HTTP custom header is defined to indicate a PLMN identifier of a service consumer of the message that is validated. 4. The method of claim 2 further comprising: receiving the message from the roaming hub at a Security Edge Protection Proxy (SEPP) across the N32 interface; and determining whether the message includes the first HTTP custom header; when the message received at the SEPP includes the first HTTP custom header, the method further comprises: validating a PLMN of a service consumer based at least on a token contained in an HTTP standard header of the message and a PLMN identifier contained in the first HTTP custom header. 5. The method of claim 1 further comprising: determining, at the roaming hub, whether the message includes a second HTTP custom header that indicates one or more roaming hubs that relayed the message; when the message as received does not include the second HTTP custom header, the method further comprises: adding the second HTTP custom header to the message that indicates a roaming hub identifier of the roaming hub; and integrity protecting the second HTTP custom header. 6. The method of claim 5 wherein: when the message as received includes the second HTTP custom header, the method further comprises: performing integrity verification on the second HTTP custom header to validate content of the second HTTP custom header; adding the roaming hub identifier to an instance of the second HTTP custom header; and integrity protecting the second HTTP custom header or second HTTP custom headers. 7. The method of claim 6 wherein: the second HTTP custom header is defined to indicate a list of roaming hub identifiers; and adding the roaming hub identifier to an instance of the second HTTP custom header comprises: modifying a present instance of the second HTTP custom header as received in the message to indicate the roaming hub identifier in the list. 8. The method of claim 6 wherein: the second HTTP custom header is defined to indicate an identifier of a single roaming hub; and adding the roaming hub identifier to an instance of the second HTTP custom header comprises: adding another instance of the second HTTP custom header to the message that indicates the roaming hub identifier. 9. The method of claim 6 further comprising: receiving the message from the roaming hub at a Security Edge Protection Proxy (SEPP) across the N32 interface; and determining whether the message includes one or more instances of the second HTTP custom header; when the message received at the SEPP includes the second HTTP custom header, the method further comprises: forwarding one or more roaming hub identifiers contained in the second HTTP custom header or the second HTTP custom headers to another entity. 10. The method of claim 9 wherein forwarding one or more roaming hub identifiers contained in the second HTTP custom header or the second HTTP custom headers comprises at least one of: forwarding the one or more roaming hub identifiers to a charging function; and forwarding the one or more roaming hub identifiers to a tracing function. 11. The method of claim 6 wherein integrity protecting the first HTTP custom header and integrity protecting the second HTTP custom header comprises: signing the first HTTP custom header and the second HTTP custom header with an indication of the roaming hub. 12. The method of claim 6 wherein: the second HTTP custom header indicates at least one of: a PLMN identifier for the roaming hub; a Fully Qualified Domain Name (FQDN) identifier for the roaming hub; an Internet Protocol (IP) address for the roaming hub; and an instance identifier for the roaming hub. 13. An apparatus comprising: at least one processor; and at least one memory including computer program code; the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to: receive a message from a sending entity across an N32 interface; and determine whether the message includes a first Hypertext Transfer Protocol (HTTP) custom header that indicates a Public Land Mobile Network (PLMN) that is validated; when the message as received does not include the first HTTP custom header, the computer program code is configured to, with the at least one processor, cause the apparatus to further: add the first HTTP custom header to the message that indicates the PLMN of the sending entity; integrity protect the first HTTP custom header; and forward the message toward a receiving entity. 14. The apparatus of claim 13 wherein: when the message as received includes the first HTTP custom header, the computer program code is configured to, with the at least one processor, cause the apparatus at least to: perform integrity verification on the first HTTP custom header to validate content of the first HTTP custom header; integrity protect the first HTTP custom header; and forward the message toward the receiving entity. 15. The apparatus of claim 13 wherein: the computer program code is configured to, with the at least one processor, cause the apparatus at least to: determine whether the message includes a second HTTP custom header that indicates one or more roaming hubs that relayed the message; when the message as received does not include the second HTTP custom header, the computer program code is configured to, with the at least one processor, cause the apparatus at least to: add the second HTTP custom header to the message that indicates a roaming hub identifier of the apparatus; and integrity protect the second HTTP custom header. 16. The apparatus of claim 15 wherein: when the message as received includes the second HTTP custom header, the computer program code is configured to, with the at least one processor, cause the apparatus at least to: perform integrity verification on the second HTTP custom header to validate content of the second HTTP custom header; add the roaming hub identifier to an instance of the second HTTP custom header; and integrity protect the second HTTP custom header or second HTTP custom headers. 17. The apparatus of claim 16 wherein: the second HTTP custom header is defined to indicate a list of roaming hub identifiers; and to add the roaming hub identifier to an instance of the second HTTP custom header, the computer program code is configured to, with the at least one processor, cause the