Oracle API Gateway is a standards-b

Oracle API Gateway is a standards-based, policy-driven, standalone software security solution that
provides first line of defense in Service-Oriented Architecture (SOA) environments. It enables
organizations to securely and rapidly adopt Cloud, Mobile and SOA Services by bridging the gaps and
managing the interactions between all relevant systems.
Web services can be implemented using different approaches which need to be secured at the different
stages of the request / response cycle between clients (relying parties such as users or applications) and
service providers (companies exposing web services). Several security layers are defined between clients
and web services providers. The first security layer, also known as “perimeter security” or “first line of
defense,” is referred to as the demilitarized zone or DMZ. The second security layer, or “green zone” to
continue with the military analogy, is located behind the inner firewall of the DMZ. In some cases, the
green zone may include several security sub-layers designed to further filter access to web services.
Finally, agents co-located with the web services or applications to be protected provide the last security
layer, or “last-mile security.”
Oracle’s SOA security solution is built around a common, standards-based security model (WS-Policy).
Oracle API Gateway first intercepts a request for a web service in the DMZ. If the request is accepted by
Oracle API Gateway, it is passed on to Oracle Service Bus (OSB), which provides additional security (if
necessary), web service endpoint virtualization, communication protocol mediation, and data format
transformation. Finally, OSB redirects the request to the appropriate web service endpoint that is secured
by an Oracle Web Services Manager (OWSM) agent (last-mile security).