In the context of service-oriented computing, the introduction of the Quality-of-Service (QoS) aspect leads to the need to adapt the execution of programs to the QoS requirements of the particular execution. This is typically achieved by finding alternate services that are functionally equivalent to the ones originally specified in the program and whose QoS characteristics closely match the requirements, and invoking the alternate services instead of the originally specified ones; the same approach can also be employed for tackling exceptions. The techniques proposed insofar, however, cannot be applied in a secure context, where data are encrypted and signed for the originally intended recipient. In this paper, we introduce a framework for facilitating adaptation in the context of secure SOA.