cen/ws xbrl: improving transparency in financial and business reporting
DESCRIPTION
CEN/WS XBRL: Improving transparency in financial and business reporting. CWA2 final deliveries. Emile Bartolé. CWA2. Objectives of CWA2. CWA2. Dual objective of CWA2: standardize The way of submitting instances, a container with standardized Encryption Digital signature Compression - PowerPoint PPT PresentationTRANSCRIPT
Emile Bartolé
CEN/WS XBRL: Improving transparency in financial and business reporting
CWA2 final deliveries
1 CWA2
Objectives of CWA2Dual objective of CWA2: standardize
The way of submitting instances, a container with standardizedEncryptionDigital signatureCompression…
The way of transmitting the usual metadata that determine the context of an xbrl reporting instance
the sender of the documentcontact detailsdate and time of submission…
Page 2 CWA2
Exchange model
Subnission container
Receiver
encrypted(optional)
signed(optional)
Response container
Sender
Containerfeedback file
Rest of the Feedback container
encrypted(optional)
signed(optional)
Submission container examples
Standards used: Compression & Hash
Zip as defined in
http://www.pkware.com/documents/casestudies/APPNOTE.TXT
SHA256 as defined in
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
Standards used: Digital signatureThe file structure generated by the signature SHALL be XAdES-BES/EPES
http://uri.etsi.org/01903/v1.4.1/
using RSA with SHA512
http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
implemented in accordance with
COMMISSION DECISION of 25 February 2011, establishing minimum requirements for the cross-border processing
of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament
and of the Council on services in the internal market
Standards used: Encryption
W3C Encryption
http://www.w3.org/TR/xmlenc-core/
using key transport RSA-OAEP
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
and encrypting data with AES256.
http://www.w3.org/2009/xmlenc11#aes256-gcm
Reserved names & suffixes
NAME: header.xmlexclusively reserved for headers in accordance with the present CWA
SUFFIX: .signed.xmlexclusively reserved for signed files
SUFFIX: .encrypted.xmlexclusively reserved for encrypted files
SUFFIX: .containerfeedback.xmlexclusively reserved for files complying with the ContainerFeedback schema
SUFFIX: .instancefeedback.xmlexclusively reserved for files complying with the InstanceFeedback schema.
File name change upon signature(equivalent for encryption)
File to sign Name of the signed file Filename inside the XML signature file
Lol Lol.signed.xml Same as « File to sign »
Lol.pdf Lol.signed.xml Same as « File to sign »
Lol.zip Lol.signed.xml Same as « File to sign »
Lol.signed.xml Lol.signed.xml Same as « File to sign »
Lol.encrypted.xml Lol.signed.xml Same as « File to sign »
Container.signed.xml
Container.zip
Sign with a first signature and replace extension
header.xmlfile1.xbrlfile2.xbrlfile3.xbrl
Compress
Container.encrypted.xml
Encrypt and replace extension
Container.signed.xml
Sign with a second signature and replace extension
Filename in XML: Container.zip
Filename in XML: Container.signed.xml
Filename in XML: Container.signed.xml
Container creation example
Container.encrypted.xml
Container.signed.xml
Decrypt and extract file
Container.signed.xml
Validate first signature and extract file
Container.zip
Validate second signature and extract file
header.xmlfile1.encrypted.xmlfile2.signed.xmlfile3.xbrlcontainer.zip
Uncompress
Filename in XML: Container.zip
Filename in XML: Container.signed.xml
Filename in XML: Container.signed.xml
header.xmlfile1.xbrlfile2.xbrlfile3.xbrlcontainer.zip
header.xmlfile1.signed.xmlfile2.xbrlfile3.xbrlcontainer.zip
Container reception example
Extensible Header BasicHeader
RegisteredOrganizationVocabulary
ExtendedHeader
OtherModule(s)
CORE
VOCABULARY
PUBLICSERVICE
CORE
VOCABULARY
PUBLICSERVICE
See also Core Business Vocabulary as an XBRL taxonomy athttp://wikixbrl.info/index.php?title=European_Metadata_Header#Core_Business_Vocabulary_XBRL_taxonomy
BasicHeader
Standard vs customized HeadersUse-case Characteristics
StandardHeaderBasicHeaderOnly
This header imports the BasicHeader « as is », makes no extensions of it and does not import the RegisteredOrganizationVocabulary as it uses none of its fields. Namespace: http://www.eurofiling.info/eu/fr/esrs/Header/BasicHeaderOnlyXSD URL: http://www.eurofiling.info/eu/fr/esrs/Header/BasicHeaderOnly.xsd XML sample instance URL: http://www.eurofiling.info/eu/fr/esrs/Header/BasicHeaderOnly.xml
StandardHeaderWithRegOrg
This header structure reflects the survey made within the Eurofiling BestPractices efforts which had given the results documented in http://www.wikixbrl.info/index.php?title=Best_Practices_on_Common_European_Reporting_StructuresAll fields related to « Transport » issues have been removed as these are out of scope of this CWA. Namespace: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithRegOrgXSD URL: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithRegOrg.xsd XML sample instance URL: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithRegOrg.xml
StandardHeaderWithoutRegOrg
This header is (with regards to its function and its content) equivalent to the previous “StandardHeaderWithRegOrg”, but it does not import RegOrg and creates the missing fields as equivalent simple XML fieldsNamespace: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithoutRegOrgXSD URL: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithoutRegOrg.xsd Sample instance URL: http://www.eurofiling.info/eu/fr/esrs/Header/StandardHeaderWithoutRegOrg.xml
Fully customized Extend it according to your own needs !
Response containersResponse container
Response.containerfeedback.xml
Report1_Feedback instance_1.instancefeedback.xml instance_2.instancefeedback.xml … instance_n.instancefeedback.xml
Report1_Feedback_Visual instance_1.xls instance_2.xls … instance_n.xls
Report2_Feedback instance_1.instancefeedback.xml instance_2.instancefeedback.xml … instance_m.instancefeedback.xml
Submission container
header.xml
Report1_XBRL instance_1.xbrl instance_2.xbrl … instance_n.xbrl
Report2_XML instance_1.xml instance_2.xml … instance_m.xml
Feedback files
Container feedback files - confirming (or not) the success of the reception of a submission container
http://www.eurofiling.info/eu/fr/esrs/ContainerFeedback
Instance feedback files - Result of the (XBRL-) validation of every submitted data file
http://www.eurofiling.info/eu/fr/esrs/InstanceFeedback
Selected comments from consultationWhy not to use XBRL for header / containerfeedback / instancefeedback
-integrating RegOrg is technically not possible -container supports multiple formats (e.g. XML, CSV etc.), not only XBRL instances-XML more appropriate to carry that type of information
Why not to restrict the CWA to only « stable, system-relevant » parts (envelope) and leave out unstable, business-related parts (header)
-The CWA’s definition required « metadata » to be covered-The chosen aproach (extensible header) should give enough flexibility to deal with unstable business-related parts
CWA2 specification unnecessarily restricts the algorithms used (to AES-256 in this case). Commonly available implementations support a much wider range of algorithms, and in principle, it should be up to the receiver to specify an acceptable set of algorithms.As the specification currently stands, it will need to be modified whenever AES-256 is no longer considered secure.
The proposition to allow a choice of different algorithms was submitted to the coordination of this project as well as to the NEN. Both confirmed that in order to prevent confusion on how the standard is used, there shall be an exact requirement on how the standard is used; the algorithms shall be determined in a clear, unique way. The algorithms were chosen to respect the state of the art security considerations. Should security issues occur, a follow-up CWA may be required.
The Registered Organization Vocabulary is very large, with no clear alignment with the metadata that receivers wish to collect. While its use is optional, it is doubtful that it's ever an appropriate choice. If this level of detail were required along with the main submission, XBRL would be a much more robust solution.
With the mechanism of extensible headers, no one is forced to use registered organisation vocabulary. As it is an official standard supported by the European Union, we produced a header version enabling its use.
