SCS: KoanLogic's Secure Cookie Sessions for HTTP
RFC 6896, “SCS: KoanLogic's Secure Cookie Sessions for HTTP”, is an Informational document published in March 2013 by S. Barbato, S. Dorigotti, T. Fossati. The canonical text is published by the RFC Editor.
Abstract
This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies.
Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 6896 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6895 Domain Name System IANA Considerations
- RFC 6897 Multipath TCP Application Interface Considerations
- RFC 6894 Methodology for Benchmarking MPLS Traffic Engineered Fast Reroute Protection
- RFC 6898 Link Management Protocol Behavior Negotiation and Configuration Modifications
- RFC 6893 A Uniform Resource Name Namespace for the Open IPTV Forum
- RFC 6892 The 'describes' Link Relation Type
- RFC 6891 Extension Mechanisms for DNS (EDNS )
- RFC 6901 JavaScript Object Notation Pointer