@techreport{ietf-oauth-attestation-based-client-auth-04, number = {draft-ietf-oauth-attestation-based-client-auth-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/04/}, author = {Tobias Looker and Paul Bastian and Christian Bormann}, title = {{OAuth 2.0 Attestation-Based Client Authentication}}, pagetotal = 20, year = 2024, month = oct, day = 21, abstract = {This specification defines an extension to the OAuth 2 protocol as defined in {[}RFC6749{]} which enables a Client Instance to include a key-bound attestation in interactions with an Authorization Server or a Resource Server. This new method enables Client Instances involved in a client deployment that is traditionally viewed as a public client, to be able to utilize this key-bound attestation to authenticate.}, }