Smart cities accumulate and process large amount of data streams which raise security and privacy concerns at individual and community levels. Sizeable attempts have made to ensure security and privacy of inhabitants’ data. However, security and privacy issues of smart cities are not confined to inhabitants only; service provider and local government have their own reservations – service provider trust, reliability of the sensed data, and data ownership, to name a few. In this research work we identified a comprehensive list of stakeholders and model their involvement in smart cities by using Onion Model approach. Based on the stakeholder model we presented a security and privacy framework for secure and privacy-aware service provisioning in smart cities. Our framework provides end-to-end secure and privacy features for trustable data acquisition, transmission, processing and legitimate service provisioning. As a proof of concept we tested core functionalities of authentication protocol for data acquisition and service provisioning using Scyther automated verification tool that demonstrated that the proposed framework mitigates security and privacy concerns of different stakeholders identified in the stakeholder model.