%% You should probably cite draft-tschofenig-oauth-security-01 instead of this revision.
@techreport{tschofenig-oauth-security-00,
    number =    {draft-tschofenig-oauth-security-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-tschofenig-oauth-security/00/},
    author =    {Hannes Tschofenig and Phil Hunt},
    title =     {{OAuth 2.0 Security: Going Beyond Bearer Tokens}},
    pagetotal = 22,
    year =      2012,
    month =     sep,
    day =       6,
    abstract =  {The OAuth working group has finished work on the OAuth 2.0 core protocol as well as the Bearer Token specification. The Bearer Token is a TLS-based solution for ensuring that neither the interaction with the Authorization Server (when requesting a token) nor the interaction with the Resource Server (for accessing a protected resource) leads to token leakage. There has, however, always been the desire to develop a security solution that is "better" than Bearer Tokens (or at least different) where the Client needs to show possession of some keying material when accessing a Resource Server. This document tries to capture the discussion and to come up with requirements to process the work on solutions. This document aims to discuss threats, security requirements and desired design properties of an enhanced OAuth security mechanism.},
}