%% You should probably cite draft-sakimura-oauth-jpop-05 instead of this revision.
@techreport{sakimura-oauth-jpop-00,
    number =    {draft-sakimura-oauth-jpop-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-sakimura-oauth-jpop/00/},
    author =    {Nat Sakimura and Kepeng Li and John Bradley},
    title =     {{The OAuth 2.0 Authorization Framework: JWT Pop Token Usage}},
    pagetotal = 10,
    year =      2017,
    month =     mar,
    day =       10,
    abstract =  {This specification describes how to use JWT POP (Jpop) tokens that were obtained through {[}POPKD{]} in HTTP requests to access OAuth 2.0 protected resources. Only the party in possession of a corresponding cryptographic key with the Jpop token can use it to get access to the associated resources unlike in the case of the bearer token described in {[}RFC6750{]} where any party in posession of the access token can access the resource.},
}