{"draft":"draft-secure-cookie-session-protocol-09","doc_id":"RFC6896","title":"SCS: KoanLogic's Secure Cookie Sessions for HTTP","authors":["S. Barbato","S. Dorigotti","T. Fossati, Ed."],"format":["ASCII","HTML"],"page_count":"23","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"INDEPENDENT","abstract":"This memo defines a generic URI and HTTP-header-friendly envelope\r\nfor carrying symmetrically encrypted, authenticated, and\r\norigin-timestamped tokens.  It also describes one possible usage of\r\nsuch tokens via a simple protocol based on HTTP cookies.\r\n\r\nSecure Cookie Session (SCS) use cases cover a wide spectrum of\r\napplications, ranging from distribution of authorized content via HTTP\r\n(e.g., with out-of-band signed URIs) to securing browser sessions with\r\ndiskless embedded devices (e.g., Small Office, Home Office (SOHO)\r\nrouters) or web servers with high availability or load- balancing\r\nrequirements that may want to delegate the handling of the application\r\nstate to clients instead of using shared storage or forced peering.","pub_date":"March 2013","keywords":["HTTP Secure Cookies"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6896","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6896"}