Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. Extensible Assurance Reporting Language (XARL) was designed to enable assurance providers to report on the integrity of information distributed over the Internet and help users and companies place warranted reliance on such information. The XBRL and XARL services are Internet-based message exchange methods. The Internet is insecure in nature. Without good security, XBRL and XARL services will not reach their full potential. Today's security approaches consist of a combination of user IDs and passwords and point-to-point, transport-level security for data transmissions over the Internet such as SSL/TLS, S-HTTP, and VPN. Access control techniques based on user IDs and passwords can protect files or data from unauthorized access but cannot guarantee the integrity of the information. Transport level, point-to-point security is not sufficient for securing information that travels between several intermediaries or for encrypting only selected portions of an information set. Thus, alternative security approaches are needed to compensate for these limitations. This paper addresses security in financial reporting servi ces. First, it describes Web services and conceptualizes financial reporting services such as XBRL and XARL as Web Services. Next, it discusses security threats and limitations of current security technologies. Then, it identifies security requirements that should be considered to ensure reliable, trustworthy XBRL and XARL services. Finally, the paper explains several proposed security standards and suggests Web Services Security Architecture as a suitable security mechanism for financial reporting services.
All Science Journal Classification (ASJC) codes
- Sociology and Political Science
- Information integrity
- Web services