（2005）Security in XML-based financial reporting services on the Internet.pdfVIP

Journal of Accounting and Public Policy 24 (2005) 11–35 /locate/jaccpubpol Security in XML-based financial reporting services on the Internet J. Efrim Boritz *, Won G. No School of Accountancy, University of Waterloo, Waterloo, ON, Canada N2L 3G1 Abstract Many companies are attempting to leverage the power of financial information by creating corporate websites to provide such information to employees, investors, and financial analysts. Extensible Business Reporting Language (XBRL) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. Extensible Assurance Reporting Language (XARL) was designed to enable assurance providers to report on the integrity of information distrib- uted over the Internet and help users and companies place warranted reliance on such information. The XBRL and XARL services are Internet-based message exchange methods. The Internet is insecure in nature. Without good security, XBRL and XARL services will not reach their full potential. Todays security approaches consist of a combination of user IDs and passwords and point-to-point, transport-level security for data trans- missions over the Internet such as SSL/TLS, S-HTTP, and VPN. Access control techniques based on user IDs and passwords can protect files or data from unautho- rized access but cannot guarantee the integrity of the information. Transport- level, point-to-point security is not sufficient for securing information that travels between several intermediaries or for encrypting only selected portions of an informa- tion set. Thus, alternative security approaches are needed to compensate for these limitations. *