%% You should probably cite rfc6819 instead of this I-D. @techreport{ietf-oauth-v2-threatmodel-04, number = {draft-ietf-oauth-v2-threatmodel-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel/04/}, author = {Torsten Lodderstedt and Mark McGloin and Phil Hunt}, title = {{OAuth 2.0 Threat Model and Security Considerations}}, pagetotal = 66, year = 2012, month = may, day = 25, abstract = {This document gives additional security considerations for OAuth, beyond those in the OAuth specification, based on a comprehensive threat model for the OAuth 2.0 Protocol.}, }