In pervasive computing, devices or peers may implement or compose services using services from other devices or peers, and may use components from various sources. A composition trust binding is a prescriptive set of rules which defines the combination of allowable components for a particular service or application. Composition trust bindings can be used to protect both the service invocation path as well as the content handling path. The subsidiary relationships addressed by a composition trust binding are typically transparent today, but represent potential security exposure in pervasive computing systems because the subsidiary services or components may have security vulnerabilities. We define the composition trust binding and illustrate its use in the context of rights management and distributed search in personal content publishing. We compare this approach to existing authentication and authorization methods in service composition.