%% You should probably cite draft-ietf-oauth-security-topics-26 instead of this revision.
@techreport{ietf-oauth-security-topics-03,
    number =    {draft-ietf-oauth-security-topics-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/03/},
    author =    {Torsten Lodderstedt and John Bradley and Andrey Labunets},
    title =     {{OAuth Security Topics}},
    pagetotal = 27,
    year =      2017,
    month =     sep,
    day =       10,
    abstract =  {This draft gives a comprehensive overview on open OAuth security topics. It is intended to serve as a working document for the OAuth working group to systematically capture and discuss these security topics and respective mitigations and eventually recommend best current practice and also OAuth extensions needed to cope with the respective security threats.},
}