%% You should probably cite draft-ietf-oauth-pop-key-distribution-07 instead of this revision. @techreport{ietf-oauth-pop-key-distribution-04, number = {draft-ietf-oauth-pop-key-distribution-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/04/}, author = {John Bradley and Phil Hunt and Michael B. Jones and Hannes Tschofenig and Mészáros Mihály}, title = {{OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution}}, pagetotal = 17, year = 2018, month = oct, day = 23, abstract = {RFC 6750 specified the bearer token concept for securing access to protected resources. Bearer tokens need to be protected in transit as well as at rest. When a client requests access to a protected resource it hands-over the bearer token to the resource server. The OAuth 2.0 Proof-of-Possession security concept extends bearer token security and requires the client to demonstrate possession of a key when accessing a protected resource.}, }