RFC 6896
SCS: KoanLogic's Secure Cookie Sessions for HTTP, March 2013
- File formats:
- Status:
- INFORMATIONAL
- Authors:
- S. Barbato
S. Dorigotti
T. Fossati, Ed. - Stream:
- INDEPENDENT
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC6896
Discuss this RFC: Send questions or comments to the mailing list rfc-ise@rfc-editor.org
Other actions: View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 6896
Abstract
This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies.
Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.