I will try to summarise my experiences in the wiki once I have completed my full round trip of what I am/was trying to achieve:
1) have a JAVA provider (in Germany) host a Derby Network Server for me - done 2) have them run the Derby Server using SSL encryption and peer authentication - done 3) become my own CA to allow me to create and sign SSL *client* certificates myself - done (and buy the server certificate from an official CA) 3) have my applications securely communicate with the database server either direct (my java application - done) or via Tomcat (my java web application - mostly done) 4) use SQL authorisation to protect my data base objects - done (also many thanks to Dag and the team that with release 10.7.1 the possibility to execute procedures with definer rights was introduced which was a concept I was missing in the previous version) 5) migrate off from using the built-in user system to utilizing LDAP - work in progress (and hoping this journey will be al lot shorter than my SSL endevours) Regards