A new Request for Comments is now available in online RFC libraries.
RFC 6896
Title: SCS: KoanLogic's Secure Cookie Sessions
for HTTP
Author: S. Barbato, S. Dorigotti,
T. Fossati, Ed.
Status: Informational
Stream: Independent
Date: March 2013
Mailbox: tat@koanlogic.com,
stewy@koanlogic.com,
tho@koanlogic.com
Pages: 23
Characters: 44175
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-secure-cookie-session-protocol-09.txt
URL: http://www.rfc-editor.org/rfc/rfc6896.txt
This memo defines a generic URI and HTTP-header-friendly envelope
for carrying symmetrically encrypted, authenticated, and
origin-timestamped tokens. It also describes one possible usage of
such tokens via a simple protocol based on HTTP cookies.
Secure Cookie Session (SCS) use cases cover a wide spectrum of
applications, ranging from distribution of authorized content via HTTP
(e.g., with out-of-band signed URIs) to securing browser sessions with
diskless embedded devices (e.g., Small Office, Home Office (SOHO)
routers) or web servers with high availability or load- balancing
requirements that may want to delegate the handling of the application
state to clients instead of using shared storage or forced peering.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
http://www.ietf.org/mailman/listinfo/ietf-announce
http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
