I'm looking for a 30,000 foot view on this quesition.

I want my SQL Server box/IIS server to be able to demand information at will
from a remote server running UNIX. I need the information to be restricted
from the general public (available only by authentication, for instance) and
made secure during transit (e.g. encrypted stream).

I've installed a Thawte cert on my machine.

Is SOAP an appropriate technology to deploy in this case given my security
needs? Is there a better choice of tech that still allows
interoperability/flexibility with varying data stores on the other end? Does
SOAP allow authentication against certificates and/or MAC numbers, or does
it generally autheticate using other means (e.g. passwords.?) What's the
best practice?

The stuff in question isn't exactly banking info, but it would be a Bad
Thing if the information stream were captured.

Thanks for any insights.

-KF