Most legacy systems have security rules hard-coded into the application logic, making the overall governance a nightmare. The WSO2 Security & Identity Gateway Solution addresses this challenge with a solution implemented using policy-based authentication and authorization models together with federated identity models. It acts as an interceptor for all traffic and ensures an authenticated and authorized message flow with centralized policy management. It recognizes that security and governance are not merely about identity and permission, but also about co-coordinating those with the changing business requirements.