Oracle released Mobile Application development framework - called Oracle ADF Mobile sometime back. More details about the Oracle ADF Mobile framework can be found here.
In order to secure the REST/SOAP communication b/w the ADF Mobile App and the backend services - OWSM team has developed an OWSM Mobile Agent.
The capabilities right now are fairly limited - especially when you consider what is supported in the Non-Mobile case! The OWSM Mobile Agent only supports Basic Auth and Basic Auth over SSL and WS-Security Username Token and WS-Security Username Token over SSL policies.
More details about the policies supported can be found here. The good news is building a Mobile client to backend REST/SOAP web service is very similar to how you do in the "Big ADF" world i.e. you use Web Service Data Controls!
Here is the revised layered Service security diagram that I discussed initially in this post:
P.S:I didn't see an example of how to build a Mobile App that can make Web Service calls on the Oracle ADF Mobile page; if time permits - I will post some How To's on this front...
Update: Some folks pointed me to this blog post on ADF Mobile Introduction that actually covers how to build and secure web service clients. There is also an official ADF Mobile blog for more details...