%% You should probably cite rfc7800 instead of this I-D. @techreport{ietf-oauth-proof-of-possession-07, number = {draft-ietf-oauth-proof-of-possession-07}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/07/}, author = {Michael B. Jones and John Bradley and Hannes Tschofenig}, title = {{Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)}}, pagetotal = 17, year = 2015, month = nov, day = 25, abstract = {This specification defines how to express a declaration in a JSON Web Token (JWT) that the presenter of the JWT possesses a particular key and that the recipient can cryptographically confirm proof-of- possession of the key by the presenter. Being able to prove possession of a key is also sometimes described as the presenter being a holder-of-key.}, }