A formal framework for secure and complying services