@techreport{tschofenig-oauth-signature-thoughts-00,
    number =    {draft-tschofenig-oauth-signature-thoughts-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-tschofenig-oauth-signature-thoughts/00/},
    author =    {Hannes Tschofenig and Blaine Cook},
    title =     {{Thoughts about Digital Signatures for the Open Web Authentication (OAuth) Protocol}},
    pagetotal = 18,
    year =      2010,
    month =     oct,
    day =       18,
    abstract =  {The initial version of the Open Web Authentication Protocol (OAuth 1.0), often referred to as the community addition, included an mechanism for putting a digital signature (when using asymmetric keys) or a keyed message digest (when using symmetric keys) to a resource request when presenting the OAuth token. This cryptographic mechanism has lead to lots of discussions, particularly about the problems implementers had, the use cases it supports, and the benefit-cost tradeoff. This document tries to describe the use of the so-called 'OAuth Signature' mechamism in an unbiased and less emotional way with the main purpose to conclude the discussions.},
}