Application gateway architecture with multi-level security policy and rule promulgations

What is claimed is: 1. A system, comprising: an application gateway server computer communicatively connected to backend systems and client devices, the application gateway server computer comprising application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices; and a client device comprising a managed container embodied on a non-transitory computer readable medium, wherein the managed container is native to the client device and downloaded from a source on the Internet, the managed container having a managed cache and configured for: providing a secure shell for applications received from the application gateway server computer, wherein the applications received from the application gateway server computer are written in a markup language for structuring and presenting content on the Internet; storing the applications and data associated with the applications in the managed cache; and controlling the managed cache in accordance with a set of rules propagated from at least one of the backend systems to the managed container via the application gateway server computer, wherein the managed container controls access to the managed cache independently of an operating system running on the client device such that the operating system and any application outside the managed cache are unable to open any of the applications received from the application gateway server computer or view the data associated with the applications stored in the managed cache, wherein the managed container controls the applications in the managed cache and the data associated with the applications in the managed cache in accordance with the set of rules regardless of whether the client device is or is not connected to the application gateway server computer. 2. The system of claim 1 , wherein each of the applications received from the application gateway server computer has a client-server relationship with one of the backend systems and contains a code file for communicating with the operating system running on the client device. 3. The system of claim 1 , wherein the managed container is further configured for obtaining, via the secure shell and through the application gateway server computer, a document that an application of the applications in the managed cache needs from a backend system having a client-server relationship with the application. 4. The system of claim 3 , wherein the managed container controls how the document is stored in the managed cached, accessed or updated by a user of the client device, or removed from the managed cache in accordance with the set of rules regardless of whether the client device is or is not connected to the application gateway server computer. 5. The system of claim 1 , wherein the managed container controls how a document is stored in the managed cached, accessed or updated by a user of the client device, or removed from the managed cache in accordance with the set of rules without needing any help from the applications received from the application gateway server computer. 6. A method, comprising: receiving, from an application gateway server computer by a managed container on a user device, an application and a rule of a backend system running on a server machine operating in an enterprise computing environment, wherein the application received from the application gateway server computer is written in a markup language for structuring and presenting content on the Internet, the application having a client-server relationship with the backend system and the application containing a code file for communicating with an operating system running on the user device, wherein the managed container is native to the user device and downloaded from a source on the Internet, the managed container having a managed cache; storing, by the managed container on the user device, the application received from the application gateway server computer, the data associated with the application, and the rule of the backend system in the managed cache of the managed container on the user device; providing, by the managed container on the user device, a secure shell for the application received from the application gateway server computer; and controlling, by the managed container on the user device, the application received from the application gateway server computer and the data associated with the application in accordance with the rule of the backend system, wherein the managed container controls access to the managed cache independently of the operating system running on the user device such that the operating system and any application outside the managed cache are unable to open the application received from the application gateway server computer or view the data associated with the application stored in the managed cache, wherein the controlling comprises controlling the application in the managed cache and the data associated with the application in the managed cache in accordance with the rule of the backend system regardless of whether the user device is or is not connected to the application gateway server computer. 7. The method according to claim 6 , wherein the managed container is one of a plurality of managed containers on a plurality of user devices, each of the plurality of managed containers receiving, from the application gateway server computer, applications and rules of a plurality of backend systems operating in the enterprise computing environment, each of the applications having a client-server relationship with one of the plurality of backend systems operating in the enterprise computing environment. 8. The method according to claim 6 , further comprising: obtaining, via the secure shell and through the application gateway server computer, a document that the application needs from the backend system. 9. The method according to claim 8 , further comprising: controlling how the document is stored in the managed cached, accessed or updated by a user of the client device, or removed from the managed cache in accordance with the rule of the backend system regardless of whether the user device is or is not connected to the application gateway server computer. 10. The method according to claim 6 , further comprising: controlling how a document is stored in the managed cached, accessed or updated by a user of the user device, or removed from the managed cache in accordance with the rule of the backend system without needing any help from the application received from the application gateway server computer. 11. A computer program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor of a user device, the instructions when translated by the processor implements a managed container on the user device for: receiving, from an application gateway server computer, an application and a rule of a backend system running on a server machine operating in an enterprise computing environment, wherein the application received from the application gateway server computer is written in a markup language for structuring and presenting content on the Internet, the application having a client-server relationship with the backend system and the application containing a code file for communicating with an operating system running on the user device, wherein the managed container is native to the user device and downloaded from a source on the Internet, the managed container having a managed cache; storing the application, the data associated with the application received from the application gateway server computer, and the rule of the backend system in the