@techreport{ietf-oauth-rfc7523bis-11,
    number =    {draft-ietf-oauth-rfc7523bis-11},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-oauth-rfc7523bis/11/},
    author =    {Michael B. Jones and Brian Campbell and Chuck Mortimore and Filip Skokan},
    title =     {{Updates to OAuth 2.0 JSON Web Token (JWT) Client Authentication and Assertion-Based Authorization Grants}},
    pagetotal = 16,
    year =      2026,
    month =     apr,
    day =       28,
    abstract =  {This document updates RFC7521, RFC7522, RFC7523 and RFC9126 with respect to the treatment of audience values in OAuth 2.0 Client Assertion Authentication and Assertion-based Authorization Grants to address a security vulnerability identified in the previous requirements for those audience values in multiple OAuth 2.0 specifications.},
}