@misc{rfc6896,
    series =    {Request for Comments},
    number =    6896,
    howpublished =  {RFC 6896},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC6896},
    url =       {https://www.rfc-editor.org/info/rfc6896},
    author =    {Stefano Barbato and Steven Dorigotti and Thomas Fossati},
    title =     {{SCS: KoanLogic's Secure Cookie Sessions for HTTP}},
    pagetotal = 23,
    year =      2013,
    month =     mar,
    abstract =  {This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies. Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.},
}