%% You should probably cite rfc6896 instead of this I-D.
@techreport{secure-cookie-session-protocol-09,
    number =    {draft-secure-cookie-session-protocol-09},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-secure-cookie-session-protocol/09/},
    author =    {Stefano Barbato and Steven Dorigotti and Thomas Fossati},
    title =     {{SCS: KoanLogic's Secure Cookie Sessions for HTTP}},
    pagetotal = 23,
    year =      2012,
    month =     dec,
    day =       2,
    abstract =  {This memo defines a generic URI and HTTP-header-friendly envelope for carrying symmetrically encrypted, authenticated, and origin-timestamped tokens. It also describes one possible usage of such tokens via a simple protocol based on HTTP cookies. Secure Cookie Session (SCS) use cases cover a wide spectrum of applications, ranging from distribution of authorized content via HTTP (e.g., with out-of-band signed URIs) to securing browser sessions with diskless embedded devices (e.g., Small Office, Home Office (SOHO) routers) or web servers with high availability or load- balancing requirements that may want to delegate the handling of the application state to clients instead of using shared storage or forced peering.},
}