%% You should probably cite draft-ietf-oauth-pop-key-distribution instead of this I-D.
@techreport{bradley-oauth-pop-key-distribution-00,
	number =	{draft-bradley-oauth-pop-key-distribution-00},
	type =		{Internet-Draft},
	institution =	{Internet Engineering Task Force},
	publisher =	{Internet Engineering Task Force},
	note =		{Work in Progress},
	url =		{https://datatracker.ietf.org/doc/html/draft-bradley-oauth-pop-key-distribution-00},
        author =	{John Bradley and Phil Hunt and Michael Jones and Hannes Tschofenig},
	title =		{{OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution}},
	pagetotal =	18,
	year =		,
	month =		,
	day =		,
	abstract =	{RFC 6750 specified the bearer token concept for securing access to protected resources. Bearer tokens need to be protected in transit as well as at rest since the security model is based on proof-of- possession. The OAuth 2.0 Proof-of-Possession security concept extends bearer token security and requires the client to demonstrate possession of a key when accessing a protected resource. This document describes how the client obtains this keying material from the authorization server.},
}