Welcome to OpenSBR
Inline XBRL electronic signature

Introduction

Inline XBRL is an important open standard for the exchange of (financial) reporting information. With an increasing number of regulators mandating Inline XBRL, being able to proof the integrity is important.

Together with GLEIF and XBRL International, OpenSBR drafted a specification for a digital signature on Inline XBRL, based on existing open standards and specifications.

Documents can be signed with X.509 certificates, including GLEIF certificates (tying a signed document to the Legal Entity Identifier of an organization). The specification relies on open standards such as X.509, XML-DSig and XAdES.

OpenSBR also created draft reference implementations for signing and verification of electronic signatures.

Documentation

A first draft of the approach, specification and manual is available on request.

Open source software

Signing & verification (Windows)

A desktop tool (Windows application .NET C#) for signing and verification of signed documents is available.

The desktop tool can be downloaded here (version 20200530).

The source code, including a platform-independent library (.NET Core C#), is available on our GitHub iXBRLSignatureTool page.

Signing & verification (cross-platform)

A command-line tool (dotnet) for signing and verification of signed documents is available. The tool was designed to work on Windows and macOS, and should also work on Linux.

This tool can be downloaded here (version 20200530).

Instructions for installation and operation of the tool: here (version 20200505).

The source code will be published on our GitHub page.

Browser verification

A browser extensions for the verification and inspection of the signature and authenticity of the content.

The plug-in is available in the Chrome Store (works on Chrome and the new Edge browsers).

The plug-in is also available for Firefox.

The source code (JavaScript) is available on our GitHub ChromeSignatureViewer page.

Support

E-mail us at info@opensbr.org or contact the organizations below in case you need support with the implementation of SBR (connectors, assurance, etc.).

About OpenSBR

OpenSBR was set up by enthousiasts. The open source projects are made publicly available by a variety of organisations willing to contribute to the adoption of SBR. OpenSBR is a private non-profit initiative.

More information: info@opensbr.org

Follow us on Twitter

OpenSBR is supported by the following organisations:

Privacy policy

Secure Handling Requirements - User data privacy

Handling of sensitive or personal user data

The browser extensions offered on this website are designed to work with publicly available online data (signed HTML reports can be validated). To be able to validate signatures, the browser extensions (for Chrome, Edge, Firefox) require access to the web page you visit.

Any user data is discarded as soon as the software is finished detecting an electronic signature in a web page. The data is not stored, transmitted, shared or disclosed, neither locally nor online.

The browser extension:

  • Does not have a log-in functionality. Use of the extension is anaonymous; users are not identified by us, and no user information is submitted to any external server.
  • Does not use forms to collect information
  • Does not take screenshots or scrapes information
  • Does not handle the following personal or sensitive user data: personally-identifiable information, financial and payment information, health information, authentication information, form data, user-provided content and personal communications.
  • Does not ask, nor searches for, any credentials and does not access cloud services
  • Does not store or transmit personal data. Data is not shared with other parties.

What information do we collect

The browser extension:

  • Does have access to web browsing activity, but this information is only temporarily stored in-memory at the start of the signature validation process and is not transmitted or shared. The information is directly discarded.
  • Does scan a visited web page for the occurrence of an Electronic Signature by scanning for a <Signature> node. When s Signature is found, the signature validity is calculated, based on the byte-wise content of the web page. All read information is discarded immediately after this process, and no information is stored, transmitted or shared.
  • Discards any user data immediately after finishing the signature detection and validation process.
  • Does not store or transmit personal data. Data is not shared with other parties.

Secure transmission & encryption

Publicly accessible website content and resources are retrieved through available encrypted channels (https); no non-public information is retrieved or exchanged. The browser extensions does not submit information to an external server (neither operated by OpenSBR nor by any third parties).

Locally stored user data is encrypted using AES-256. There is NO storage or transmission of any user data.

Cookies policy

OpenSBR uses analytical cookies to measure page visits. We comply with internet rules and guidelines by the Dutch Autoriteit Consument & Markt and Autoriteit Persoonsgegevens.

Do we disclose any information to third parties?

No information is shared with third parties.

A separate version of the policy can be found here.

Colophon

the site layout is based on a Start Bootstrap template, covered by an MIT license.

Images were copied from Pixabay under a CC0 Creative Commons license.