Abstract. Composite services foster reuse and efficiency in providing consumers with different functionalities (services). However, security aspects are a major concern, considering that both service consumers and providers are autonomous and heterogeneous-thus, loosely controllable entities. When consumers provide information in order to be furnished some service, what happens to that information? Do service consumers trust service providers? In order to tackle the design of secure and trustworthy composite services, we should consider the security requirements such a composition must satisfy. We propose STS-ml, a security requirements modelling language that allows modelling security requirements over participants' (consumers and providers) interactions. These security requirements are expressed in terms of social contracts the various parties shall comply with while interacting (consuming/furnishing some service). Most importantly, STSml considers social and organisational threats that might affect the said composite services. In this chapter, we give an overview of STS-ml, introducing its modelling and reasoning capabilities while building models from the Aniketos eGovernment case study and verifying that the composite service complies with the specification, as well as checking whether a recomposition is needed.