%% You should probably cite draft-ietf-ace-oauth-authz instead of this I-D.
@techreport{tschofenig-ace-oauth-bt-01,
    number =    {draft-tschofenig-ace-oauth-bt-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-tschofenig-ace-oauth-bt/01/},
    author =    {Hannes Tschofenig},
    title =     {{The OAuth 2.0 Bearer Token Usage over the Constrained Application Protocol (CoAP)}},
    pagetotal = 7,
    year =      2015,
    month =     mar,
    day =       8,
    abstract =  {This specification describes how to use OAuth 2.0 bearer tokens to access protected resources using the Constrained Application Protocol (CoAP). Any party in possession of a bearer token (a "bearer") can use it to get access to the associated resources (without demonstrating possession of a cryptographic key). To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.},
}