Due to the dynamic nature, such as runtime composition and evaluation, it is critical for an SOA system to consider its data provenance, which concerns security, reliability, and integrity of data as it is routed in the system. In a traditional software system, one can focus on the software itself to determine the security, reliability, and integrity; however, in an SOA system, one also needs to consider the origins and routes of data and their impact, i.e., data provenance. This paper first analyzes the unique natures and characteristics of data provenance in an SOA system. Then it proposes a new framework to classify data provenance and collect data in SOA systems. Finally, this paper uses an example to illustrate these concepts and techniques.