8. 参考文献
8.1. 规范性参考文献
[IANA.JWT]
IANA, "JSON Web Token (JWT)", <https://www.iana.org/assignments/jwt>.
[IANA.OAuth.Parameters]
IANA, "OAuth Parameters", <https://www.iana.org/assignments/oauth-parameters>.
[JWT]
Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, <https://www.rfc-editor.org/info/rfc7519>.
[RFC2119]
Bradner, S., "RFC 中用于表示要求级别的关键词", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC3986]
Berners-Lee, T., Fielding, R., and L. Masinter, "统一资源标识符 (URI): 通用语法", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <https://www.rfc-editor.org/info/rfc3986>.
[RFC6749]
Hardt, D., Ed., "OAuth 2.0 授权框架", RFC 6749, DOI 10.17487/RFC6749, October 2012, <https://www.rfc-editor.org/info/rfc6749>.
[RFC7662]
Richer, J., Ed., "OAuth 2.0 令牌自省", RFC 7662, DOI 10.17487/RFC7662, October 2015, <https://www.rfc-editor.org/info/rfc7662>.
[RFC8174]
Leiba, B., "RFC 2119 关键词中大小写的歧义", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8259]
Bray, T., Ed., "JavaScript Object Notation (JSON) 数据交换格式", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, <https://www.rfc-editor.org/info/rfc8259>.
8.2. 资料性参考文献
[OASIS.saml-core-1.1]
Maler, E., Mishra, P., and R. Philpott, "OASIS Security Assertion Markup Language (SAML) V1.1 的断言和协议", OASIS Standard oasis-sstc-saml-core-1.1, September 2003, <https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf>.
[OASIS.saml-core-2.0-os]
Cantor, S., Kemp, J., Philpott, R., and E. Maler, "OASIS Security Assertion Markup Language (SAML) V2.0 的断言和协议", OASIS Standard saml-core-2.0-os, March 2005, <http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf>.
[OAUTH-RESOURCE]
Campbell, B., Bradley, J., and H. Tschofenig, "OAuth 2.0 的资源指示符", Work in Progress, Internet-Draft, draft-ietf-oauth-resource-indicators-08, 11 September 2019, <https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-08>.
[OAUTH-SECURITY]
Lodderstedt, T., Bradley, J., Labunets, A., and D. Fett, "OAuth 2.0 安全最佳当前实践", Work in Progress, Internet-Draft, draft-ietf-oauth-security-topics-13, 8 July 2019, <https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13>.
[OpenID.Core]
Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and C. Mortimore, "OpenID Connect Core 1.0", November 2014, <https://openid.net/specs/openid-connect-core-1_0.html>.
[RFC6750]
Jones, M. and D. Hardt, "OAuth 2.0 授权框架: Bearer Token 用法", RFC 6750, DOI 10.17487/RFC6750, October 2012, <https://www.rfc-editor.org/info/rfc6750>.
[RFC6755]
Campbell, B. and H. Tschofenig, "用于 OAuth 的 IETF URN 子命名空间", RFC 6755, DOI 10.17487/RFC6755, October 2012, <https://www.rfc-editor.org/info/rfc6755>.
[RFC6819]
Lodderstedt, T., Ed., McGloin, M., and P. Hunt, "OAuth 2.0 威胁模型与安全考量", RFC 6819, DOI 10.17487/RFC6819, January 2013, <https://www.rfc-editor.org/info/rfc6819>.
[RFC7521]
Campbell, B., Mortimore, C., Jones, M., and Y. Goland, "OAuth 2.0 客户端认证和授权许可的断言框架", RFC 7521, DOI 10.17487/RFC7521, May 2015, <https://www.rfc-editor.org/info/rfc7521>.
[RFC7523]
Jones, M., Campbell, B., and C. Mortimore, "用于 OAuth 2.0 客户端认证和授权许可的 JSON Web Token (JWT) Profile", RFC 7523, DOI 10.17487/RFC7523, May 2015, <https://www.rfc-editor.org/info/rfc7523>.
[WS-Trust]
Nadalin, A., Ed., Goodner, M., Ed., Gudgin, M., Ed., Barbir, A., Ed., and H. Granqvist, Ed., "WS-Trust 1.4", February 2012, <https://docs.oasis-open.org/ws-sx/ws-trust/v1.4/ws-trust.html>.