%% You should probably cite draft-ietf-oauth-pop-key-distribution-07 instead of this revision. @techreport{ietf-oauth-pop-key-distribution-06, number = {draft-ietf-oauth-pop-key-distribution-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/06/}, author = {John Bradley and Phil Hunt and Michael B. Jones and Hannes Tschofenig and Mihaly Meszaros}, title = {{OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution}}, pagetotal = 17, year = 2019, month = mar, day = 11, abstract = {RFC 6750 specified the bearer token concept for securing access to protected resources. Bearer tokens need to be protected in transit as well as at rest. When a client requests access to a protected resource it hands-over the bearer token to the resource server. The OAuth 2.0 Proof-of-Possession security concept extends bearer token security and requires the client to demonstrate possession of a key when accessing a protected resource.}, }