A business process can be developed as a composition of Web services provided by different service providers. These service providers may have their own policies and constraints for service provisioning and collaboration. In this paper, we focus on secure composition of services, specifically from the perspective of service enactment. Service enactment requires finding an execution plan for the service composition that conforms to the requirements and constraints of the service requester and all service providers. However, due to privacy and security concerns, participants may selectively expose their Web service operations and process details. We propose an approach for service enactment that does not require the participants to reveal their internal operations and constraints and that can still result in an execution plan which satisfies the requirements and constraints of all participants. The proposed approach uses Finite State Machines (FSM) to model component Web service operations, their interdependencies, as well security and access control policy constraints. Model checking is used to generate an appropriate Web service execution plan in an incremental manner. Commutative encryption based techniques are used to preserve privacy and security.