Signed to Either Operator or Manufacturer Domain
What Does This Mean?
Signing a Java application is not simply a matter of "signed" or "unsigned". Different signatures give the application access to different security "domains".
Normally, a signed application has access to the "trusted third party domain". This is usually the case for applications signed with Thawte, Verisign or Java Verified certificates (assuming the root certificate is on the phone).
The "operator domain" is available only to applications signed by the network operator (the one who issued the SIM card in the phone). An operator-signature will be accepted only by phones with that operator's SIM card, so a Vodafone signed application will not work in a device with an Orange SIM card.
The "manufacturer domain" is available only to applications signed by the manufacturer of the device. An application signed by Nokia will be rejected by a Motorola device.
How Do I Get My App Manufacturer or Operator Signed?
You might not be able to. Often, this level of access to the device is reserved for pre-installed applications, or applications that are part of some value-added service offered by the network operator. This is the highest level of trust, and give an application the highest level of access to the device, including the ability to bypass some of the normal security measures. At the very least, you will need a close business relationship with the manufacturer or operator. If you're working on a contract for the manufacturer or operator, or you're a well established company with a few million dollars of professional indemnity insurance, then you're off to good start.
If you're a student or an independent developer, you might be wise to consider an alternative solution.
This article goes more in-depth explaining the different types of security domains/permissions and what they stand for : http://developers.sun.com/mobility/midp/articles/permissions/