{
  "draft": "draft-secure-cookie-session-protocol-09",
  "doc_id": "RFC6896",
  "title": "SCS: KoanLogic's Secure Cookie Sessions for HTTP",
  "authors": [
    "S. Barbato",
    "S. Dorigotti",
    "T. Fossati, Ed."
  ],
  "format": [
    "TEXT",
    "HTML"
  ],
  "page_count": "23",
  "pub_status": "INFORMATIONAL",
  "status": "INFORMATIONAL",
  "source": "INDEPENDENT",
  "abstract": "This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies.\n\n Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.",
  "pub_date": "March 2013",
  "keywords": [
    "HTTP Secure Cookies"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC6896",
  "errata_url": "https://www.rfc-editor.org/errata/rfc6896"
}