CENWS XBRL Improving transparency in financial and business
CEN/WS XBRL: Improving transparency in financial and business reporting CWA 2 final deliveries Emile Bartolé 1 CWA 2
Objectives of CWA 2 Dual objective of CWA 2: standardize The way of submitting instances, a container with standardized Encryption Digital signature Compression … The way of transmitting the usual metadata that determine the context of an xbrl reporting instance the sender of the document contact details date and time of submission … Page 2 CWA 2
Exchange model Sender Receiver signed (optional) Subnission container encrypted (optional) Response container Containerfeedback file Rest of the Feedback container encrypted (optional) signed (optional)
Submission container examples
Standards used: Compression & Hash Zip as defined in http: //www. pkware. com/documents/casestudies/APPNOTE. TXT SHA 256 as defined in http: //csrc. nist. gov/publications/fips 180 -4/fips-180 -4. pdf
Standards used: Digital signature The file structure generated by the signature SHALL be XAd. ES-BES/EPES http: //uri. etsi. org/01903/v 1. 4. 1/ using RSA with SHA 512 http: //www. w 3. org/2001/04/xmldsig-more#rsa-sha 512 implemented in accordance with COMMISSION DECISION of 25 February 2011, establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market
Standards used: Encryption W 3 C Encryption http: //www. w 3. org/TR/xmlenc-core/ using key transport RSA-OAEP http: //www. w 3. org/2001/04/xmlenc#rsa-oaep-mgf 1 p and encrypting data with AES 256. http: //www. w 3. org/2009/xmlenc 11#aes 256 -gcm
Reserved names & suffixes NAME: header. xml exclusively reserved for headers in accordance with the present CWA SUFFIX: . signed. xml exclusively reserved for signed files SUFFIX: . encrypted. xml exclusively reserved for encrypted files SUFFIX: . containerfeedback. xml exclusively reserved for files complying with the Container. Feedback schema SUFFIX: . instancefeedback. xml exclusively reserved for files complying with the Instance. Feedback schema.
File name change upon signature (equivalent for encryption) File to sign Name of the signed file Filename inside the XML signature file Lol. signed. xml Same as « File to sign » Lol. pdf Lol. signed. xml Same as « File to sign » Lol. zip Lol. signed. xml Same as « File to sign » Lol. encrypted. xml Lol. signed. xml Same as « File to sign »
header. xml file 1. xbrl file 2. xbrl file 3. xbrl Compress Container creation example Container. zip Sign with a first signature and replace extension Container. signed. xml Filename in XML: Container. zip Sign with a second signature and replace extension Container. signed. xml Filename in XML: Container. signed. xml Encrypt and replace extension Container. encrypted. xml Filename in XML: Container. signed. xml
Container. encrypted. xml reception Container. signed. xml example Filename in XML: Container. signed. xml Decrypt and extract file Filename in XML: Container. signed. xml Validate first signature and extract file Container. signed. xml Filename in XML: Container. zip Validate second signature and extract file Container. zip Uncompress header. xml file 1. encrypted. xml file 2. signed. xml file 3. xbrl header. xml container. zip file 1. signed. xml file 2. xbrl file 3. xbrl container. zip header. xml file 1. xbrl file 2. xbrl file 3. xbrl container. zip
Extensible Header Extended. Header Basic. Header Registered. Organization. Vocabulary Other. Module(s) See also Core Business Vocabulary as an XBRL taxonomy at http: //wikixbrl. info/index. php? title=European_Metadata_Header#Core_Business_Vocabulary_XBRL_taxonomy
Basic. Header
Standard vs customized Headers Use-case Characteristics Standard. Header Basic. Header. Only This header imports the Basic. Header « as is » , makes no extensions of it and does not import the Registered. Organization. Vocabulary as it uses none of its fields. Namespace: http: //www. eurofiling. info/eu/fr/esrs/Header/Basic. Header. Only XSD URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Basic. Header. Only. xsd XML sample instance URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Basic. Header. Only. xml Standard. Header With. Reg. Org This header structure reflects the survey made within the Eurofiling Best. Practices efforts which had given the results documented in http: //www. wikixbrl. info/index. php? title=Best_Practices_on_Common_European_Reporting_Structures All fields related to « Transport » issues have been removed as these are out of scope of this CWA. Namespace: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. With. Reg. Org XSD URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. With. Reg. Org. xsd XML sample instance URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. With. Reg. Org. xml Standard. Header Without. Reg. Org This header is (with regards to its function and its content) equivalent to the previous “Standard. Header. With. Reg. Org”, but it does not import Reg. Org and creates the missing fields as equivalent simple XML fields Namespace: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. Without. Reg. Org XSD URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. Without. Reg. Org. xsd Sample instance URL: http: //www. eurofiling. info/eu/fr/esrs/Header/Standard. Header. Without. Reg. Org. xml Fully customized Extend it according to your own needs !
Response containers Response container Submission container header. xml Report 1_XBRL instance_1. xbrl instance_2. xbrl … instance_n. xbrl Report 2_XML instance_1. xml instance_2. xml … instance_m. xml Response. containerfeedback. xml Report 1_Feedback instance_1. instancefeedback. xml instance_2. instancefeedback. xml … instance_n. instancefeedback. xml Report 1_Feedback_Visual instance_1. xls instance_2. xls … instance_n. xls Report 2_Feedback instance_1. instancefeedback. xml instance_2. instancefeedback. xml … instance_m. instancefeedback. xml
Feedback files Container feedback files - confirming (or not) the success of the reception of a submission container http: //www. eurofiling. info/eu/fr/esrs/Container. Feedback Instance feedback files - Result of the (XBRL-) validation of every submitted data file http: //www. eurofiling. info/eu/fr/esrs/Instance. Feedback
Selected comments from consultation Why not to use XBRL for header / containerfeedback / instancefeedback -integrating Reg. Org is technically not possible -container supports multiple formats (e. g. XML, CSV etc. ), not only XBRL instances -XML more appropriate to carry that type of information Why not to restrict the CWA to only « stable, system-relevant » parts (envelope) and leave out unstable, business-related parts (header) -The CWA’s definition required « metadata » to be covered -The chosen aproach (extensible header) should give enough flexibility to deal with unstable business-related parts CWA 2 specification unnecessarily restricts the algorithms used (to AES-256 in this case). Commonly available implementations support a much wider range of algorithms, and in principle, it should be up to the receiver to specify an acceptable set of algorithms. As the specification currently stands, it will need to be modified whenever AES-256 is no longer considered secure. The proposition to allow a choice of different algorithms was submitted to the coordination of this project as well as to the NEN. Both confirmed that in order to prevent confusion on how the standard is used, there shall be an exact requirement on how the standard is used; the algorithms shall be determined in a clear, unique way. The algorithms were chosen to respect the state of the art security considerations. Should security issues occur, a follow-up CWA may be required. The Registered Organization Vocabulary is very large, with no clear alignment with the metadata that receivers wish to collect. While its use is optional, it is doubtful that it's ever an appropriate choice. If this level of detail were required along with the main submission, XBRL would be a much more robust solution. With the mechanism of extensible headers, no one is forced to use registered organisation vocabulary. As it is an official standard supported by the European Union, we produced a header version enabling its use.
Thanks for your attention emile. bartole@cssf. lu Comments or questions? Page 18 CWA 2
- Slides: 18