Security in Xml-Based Financial Reporting Services on the Internet

Posted: 3 May 2005 Last revised: 15 Nov 2014

Won Gyun No

Rutgers, The State University of New Jersey - Accounting & Information Systems

J. Efrim Boritz

University of Waterloo - School of Accounting and Finance

Abstract

Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. Extensible Assurance Reporting Language (XARL) was designed to enable assurance providers to report on the integrity of information distributed over the Internet and help users and companies place warranted reliance on such information.

The XBRL and XARL services are Internet-based message exchange methods. The Internet is insecure in nature. Without good security, XBRL and XARL services will not reach their full potential. Today's security approaches consist of a combination of user IDs and passwords and point-to-point, transport-level security for data transmissions over the Internet such as SSL/TLS, S-HTTP, and VPN. Access control techniques based on user IDs and passwords can protect files or data from unauthorized access but cannot guarantee the integrity of the information. Transport-level, point-to-point security is not sufficient for securing information that travels between several intermediaries or for encrypting only selected portions of an information set. Thus, alternative security approaches are needed to compensate for these limitations.

This paper addresses security in financial reporting services. First, it describes Web services and conceptualizes financial reporting services such as XBRL and XARL as Web Services. Next, it discusses security threats and limitations of current security technologies. Then, it identifies security requirements that should be considered to ensure reliable, trustworthy XBRL and XARL services. Finally, the paper explains several proposed security standards and proposes Web Services Security Architecture as a suitable security mechanism for financial reporting services.

Keywords: XBRL, XARL, Security, Information Integrity, Web Services

JEL Classification: M41, M45, M49

Suggested Citation

No, Won Gyun and Boritz, J. Efrim, Security in Xml-Based Financial Reporting Services on the Internet. Journal of Accounting and Public Policy, Vol. 24, No. 1, 2005, pp.11-36. Available at SSRN: https://ssrn.com/abstract=709481

Won Gyun No

Rutgers, The State University of New Jersey - Accounting & Information Systems

1 Washington Park, Room 993
Newark, NJ 07102-3122
United States

Efrim Boritz (Contact Author)

University of Waterloo - School of Accounting and Finance ( email )

200 University Avenue West
Waterloo, Ontario N2L 3G1 N2L 3G1
Canada
519-888-4567 (Phone)
519-888-7562 (Fax)

Register to save articles to
your library

Register

Paper statistics

Abstract Views
2,064
PlumX