Security in Xml-Based Financial Reporting Services on the Internet
Posted: 3 May 2005 Last revised: 15 Nov 2014
Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. Extensible Assurance Reporting Language (XARL) was designed to enable assurance providers to report on the integrity of information distributed over the Internet and help users and companies place warranted reliance on such information.
The XBRL and XARL services are Internet-based message exchange methods. The Internet is insecure in nature. Without good security, XBRL and XARL services will not reach their full potential. Today's security approaches consist of a combination of user IDs and passwords and point-to-point, transport-level security for data transmissions over the Internet such as SSL/TLS, S-HTTP, and VPN. Access control techniques based on user IDs and passwords can protect files or data from unauthorized access but cannot guarantee the integrity of the information. Transport-level, point-to-point security is not sufficient for securing information that travels between several intermediaries or for encrypting only selected portions of an information set. Thus, alternative security approaches are needed to compensate for these limitations.
This paper addresses security in financial reporting services. First, it describes Web services and conceptualizes financial reporting services such as XBRL and XARL as Web Services. Next, it discusses security threats and limitations of current security technologies. Then, it identifies security requirements that should be considered to ensure reliable, trustworthy XBRL and XARL services. Finally, the paper explains several proposed security standards and proposes Web Services Security Architecture as a suitable security mechanism for financial reporting services.
Keywords: XBRL, XARL, Security, Information Integrity, Web Services
JEL Classification: M41, M45, M49
Suggested Citation: Suggested Citation