What is it?
UUM&DS offers authentication (Who I am), authorization (What I am allowed to do) and Digital signature services to European Commission applications federating Member States’ Identity and Access providers.
Some terminology explained
Identity and Access Management (IAM) is a security and business discipline that includes multiple technologies and business processes, to help the right people or machines access the right assets at the right time for the right reasons, while keeping unauthorised access and fraud at bay.
Certificate Management is a process aiming to establish an association between the Identifier of the Actor (EO – economic operator, CR – customs representative, EMPL - employee) and a certificate. Registering a certificate enables the actor to sign or prove its identity.
Delegation Management System is a web-based platform for delegators and delegates to create/accept delegations.
How it works
The UUM&DS system implements identity federation between the Commission and all Member States' identity and access management systems for the purposes of providing secure authorised access to the EU Customs electronic systems for EU Economic operators and persons other than the economic operators.
eIDAS and EU Login
Depending on the MS, the user is redirected to the appropriate environment.
- For eIDAS (Electronic Identification and Signature ) MS Types they are redirected to the authentication portal with the signed request. MS IAM (Identity and Access Management) validates the request and displays the authentication page. The User submits the MS IAM authentication form, provides the authentication method and then the specified credentials, that have been assigned to him by the MS.
- For EU Login MS Types they are redirected to TAXUD CAS (Commission Authentication Service) authentication page where they submit the form providing the necessary information.
On each occasion if the user is authorised, UUM&DS redirects the user to the customs system which performs fine-grained-authorisation and displays the page of the customs system.
Once a user tries to access a customs system, the user will be redirected to UUM&DS (WAYF - Where Are You From - Page) to proceed with the authentication.
Delegations
The UUM&DS system can also be used by Economic Operators for managing the authorisation assignments (delegations) to their delegated users such as:
- First level delegation: customs representatives for the economic operators (CR) or employees of the economic operators (EMPL)
- Second level delegation: employee of a customs representative for an economic operator for the Member States that support it.
The following table summarizes the delegation type and the identity and access management (IAM) type per Member State:
| Member State | Type | Delegation Management | Certificate Management |
|---|---|---|---|
| Austria | A | Local | Local |
| Belgium | A | Central | Central |
| Bulgaria | eIDAS | Local | Local |
| Cyprus | eIDAS | Central | Central |
| Croatia | eIDAS | Local | Local |
| Czech Republic | D | Central | Central |
| Denmark | C | Local | Local |
| Estonia | eIDAS | Local | Central |
| Finland | eIDAS | Local | Mixed |
| France | A | Local | Central |
| Germany | eIDAS | Local | Local |
| Greece | B | Central | Central |
| Hungary | A | Local | Central |
| Ireland | A | Central | Central |
| Italy | A | Local | Local |
| Latvia | A | Local | Central |
| Lithuania | eIDAS | Local | Mixed |
| Luxembourg | D | Central | Central |
| Malta | eIDAS | Central | Central |
| Netherlands | C | Local | Central |
| Poland | eIDAS | Local | Mixed |
| Portugal | D | Central | Central |
| Romania | D | Central | Central |
| Slovakia | A | Local | Mixed |
| Slovenia | eIDAS | Local | Local |
| Spain | eIDAS | Local | Local |
| Sweden | eIDAS | No Delegation | Central |
| N. Ireland | D | Central | Central |
Type A: MS IAM in the Customs Domain is one consolidated system for the authentication and authorisation of users that can be directly interfaced with the UUM&DS system.
Type B: MS IAM in the Customs Domain consists of two systems, one for the authentication and another for the provision of additional attributes. UUM&DS requests and retrieves authentication and authorisation information from one system in the MS which the Single Point Of Contact (SPOC) with UUM&DS.
Type C: MS IAM in the Customs Domain consists of multiple IAMs for the authentication and the authorisation of users. MS shall provide a unified IAM with a common authentication portal in order to interface with the UUM&DS system.
Type D: The MS has no IAM that can be federated with UUM&DS. Consequently, it will provision identities and authorisations into the central UUM&DS system.
Change to eIDAS and EU Login
As from UUM&DS R2.4 it changes radically (two types of MSs):
- eIDAS - Replacement of Type A / B / C Unified authentication verified by Electronic Identification and Signature (eIDAS) which oversees electronic identification and Trusted services for electronic transactions in the European Union's internal market. It regulates electronic signatures, electronic transactions, involved bodies, and their embedding processes to provide a safe way for users to conduct business online like electronic funds transfer or transactions with public services.
- EU Login - Replacement of Type D Countries that haven't implemented their own IAM, must go through the Central European system. In order to do that, these MSs must access the EU login instance. This will allow the usage of one unique account for different EC central services and support two steps or two factors authentication using respectively mobile app and UBI (Ubiquitous) key.
Useful links
- Admin Sec-ext (administrative portal for subdomain administrators)
- Admin ext (administrative portal for UUM&DS users: EO, CR, EMPL)
- Decide Access Rights (to be used for testing system-to-system communications)