Security in XML-based financial reporting services on the Internet

Security in XML-based financial reporting services on the Internet

Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of accounting and public policy 2005, Vol.24 (1), p.11-35
Hauptverfasser: Efrim Boritz, J., No, Won G.
Format: Artikel
Sprache:eng
Schlagworte:
Accounting
Business accounting
Data integrity
Extensible Business Reporting Language
Extensible Markup Language
Financial reporting
Information integrity
Internet
Network security
Policy studies
Public policy
Security
Security management
Web services
XARL
XBRL
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. Extensible Assurance Reporting Language (XARL) was designed to enable assurance providers to report on the integrity of information distributed over the Internet and help users and companies place warranted reliance on such information. The XBRL and XARL services are Internet-based message exchange methods. The Internet is insecure in nature. Without good security, XBRL and XARL services will not reach their full potential. Today’s security approaches consist of a combination of user IDs and passwords and point-to-point, transport-level security for data transmissions over the Internet such as SSL/TLS, S-HTTP, and VPN. Access control techniques based on user IDs and passwords can protect files or data from unauthorized access but cannot guarantee the integrity of the information. Transport-level, point-to-point security is not sufficient for securing information that travels between several intermediaries or for encrypting only selected portions of an information set. Thus, alternative security approaches are needed to compensate for these limitations. This paper addresses security in financial reporting services. First, it describes Web services and conceptualizes financial reporting services such as XBRL and XARL as Web Services. Next, it discusses security threats and limitations of current security technologies. Then, it identifies security requirements that should be considered to ensure reliable, trustworthy XBRL and XARL services. Finally, the paper explains several proposed security standards and suggests Web Services Security Architecture as a suitable security mechanism for financial reporting services.
ISSN:0278-4254
1873-2070
DOI:10.1016/j.jaccpubpol.2004.12.002