Prerequisites

In order to run the UNICOREpro Client software you will need the following:

Owning a valid user certificate which is actually a public key signed by a certificate authority implies that you also own the corresponding private key.

If you are member of several distinct UNICOREpro grids you will typically have more than one user certificate and signer certificate.

If you use extension software i.e. plugins that are not included in the distribution you need the signer certificate of the certificate which was used to sign the plugin. Often this will be identical to what you have already from the Gateway. Plugins have to be signed for security reasons, the signature will identify the provider of the software.

Java

The UNICOREpro Client has been developed as Java 2 (version 1.4.x) code and is therefore highly portable. The client software has been successfully used on a variety of systems including Solaris, Windows 2000 (using Sun's Java Runtime Environment) and Linux.

Certificates

UNICOREpro uses certificates for the simplified access to computing resources. There is no need for the user to remember all the login names and related passwords (which may follow complicated password policies) of the different sites where jobs will be run. At each UNICOREpro server site the user certificate is mapped to a corresponding login. Therefore it is sufficient for the UNICOREpro user to remember the password of a protected keystore file on the local desktop system where one or more private keys and corresponding certificates are stored.

The user certifcate is also used to establish a secure SSL connection to a UNICOREpro Gateway when submitting or querying jobs. Each request is signed with the user certificate which prevents modifications of the request during the transfer and identifies the consignor. To establish the SSL connection two certificates are needed in the Client: the user certificate is sent to the Gateway which replies with its own certificate. The Client trusts the Gateway certificate if it was signed by a trusted Certificate Authority. To check this the Client has to have the CA certificate of the Gateway's certificate also in its keystore file.

Certificates for the UNICOREpro TestGRID:

When running the UNICOREpro client software for the first time no certificates are issued yet. However the user is prompted whether access to the Pallas TestGRID is wished. The corresponding certifcates are then generated automatically.

Certificates for other UNICOREpro sites:

If you are new to the UNICOREpro software, but if you know of a site which runs a UNICOREpro server, you should contact the site's UNICOREpro administrator to get supported in the certification process. It might be that the site does issue own certificates for different purposes unknown to Pallas.

If you plan to setup the whole system (Client and Servers) by yourself, you also have to install some certification software (e.g. from www.openssl.org) or to access one of the commercial Certificate Authorities (which may be found by a search machine).

NB: The procedure to get a user certificate may be tedious. This is independent from the UNICOREpro software and depends only on the certification policy which the Usites have imposed. Because the certificate identifies the user, the process has at least the same quality as to apply for a user account. In Germany there is even a related law which imposes rules for the certification, i.e. the certification procedure has the quality of applying for an identity card. However, if you finally have received your user certificate the further installation process of the UNICOREpro Client should proceed seamlessly

Libraries

Xerces and Xalan

The Client code uses the Xerces and Xalan libraries for writing and reading data in XML format. These libraries are bundled into the distribution. Please notice the following license information: "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." The full licence is provided in the file LICENSE.xerses of the Client distribution.

Jakarta-Oro

The Client code uses the Jakarta-Oro library to express and resolve regular expressions. This library is bundled into the distribution. Please notice the following license information: "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." The full licence is provided in the file LICENSE.jakarta-oro of the Client distribution.

BC-JCE

The Client code uses the BC-JCE encryption library from the Legion of the Bouncy Castle (http://www.bouncycastle.org) for the generation of Certificate Signing Requests. The corresponding copyright notice and permission notice is provided in file LICENSE_BouncyCastle.html of the Client distribution.