Proxy Service is SOAP - is secured using an OWSM usernameToken, so the request soap message has a username and password.
(Middle step)
Business Service is REST - Expects a username and password to be base64 encoded string.
So what I need to find out is how to do the Middle step:
Extract the username and password values from the soap header in the request message.
Then pass them in the correct format to the business service as HTTP Header: Authorization Basic username:password (NOTE: the username:password must be base64 encoded and look something like this XNNHKbjjkHJ=)
If you need any more clarification just ask.
Unfortunately there is no way to do this with configuration, but you have to add functionality in the message flow.