earticle

영어

Extensible Business Reporting Language (XBRL) is developed to provide an efficient and effective means of preparing and exchanging financial information over the Internet to employees, investors, and financial analysts. XBRL financial reporting services are vulnerable in security because there are no regulations of security in XBRL Standard Specification even though the Internet is unsecure in its nature. XBRL financial reporting services need end-to-end, message-level security because XBRL financial documents are transported to an ultimate receiver via multi intermediaries. However, the current security technologies which are transport-level security and point-to-point security such as SSL/TLS, S-HTTP, and VPN, are not sufficient for securing financial information or encrypting only selected portions of an information set. This paper proposes FRWS2 security model which uses WS-Security. XBRL instance documents are first encoded by SOAP and use UsernameToken, timestamp, and nonce to authenticate. FRWS2 is sufficient and effective for Authorization, Integrity, Confidentiality, and non-Repudiation of financial reporting services.