SOA have been deployed as a mean to offer a better flexibility, to increase efficiency through reuse of services and also to improve interoperability by providing new opportunities to connect heterogeneous platforms. However, those benefits make security more difficult to control. Fortunately, new standards are proposed to treat this issue, but their current use makes the architecture much more complex and challenges the characteristics of SOA. In this paper, we address this issue by separating security services from business ones and organizing the architecture referring to the principle of separation of concerns. Next, we propose a new model which consists of three components: business services, security meta-services and an orchestration service. Then, we show that the architecture remains secure while enforcing its flexibility and agility.