With the prevalence of loosely coupled web service composition in the service oriented infrastructure, distributed security management has become important to offer flexible web security. In our project1 affiliated with NatureServe [19], we developed a XACML [11] policy-oriented security system to provide trusted data service to 75 network partners in the Natural Heritage Program [24]. In our model, a security filter based on a data integration schema is generated dynamically and applied to the returned document to satisfy the security constraints defined both by each partner and by the NatureServe service mediator. Challenges of resolving the policy conflicts in the distributed environment are addressed.