%% You should probably cite draft-ietf-oauth-token-binding-08 instead of this revision.
@techreport{ietf-oauth-token-binding-02,
    number =    {draft-ietf-oauth-token-binding-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-oauth-token-binding/02/},
    author =    {Michael B. Jones and John Bradley and Brian Campbell and William Denniss},
    title =     {{OAuth 2.0 Token Binding}},
    pagetotal = 26,
    year =      ,
    month =     ,
    day =       ,
    abstract =  {This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens, Authorization Codes, and Refresh Tokens. This cryptographically binds these tokens to a client's Token Binding key pair, possession of which is proven on the TLS connections over which the tokens are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.},
}