IETF OAuth2 Bearer Tokens are described in RFC 6750.
Bearer tokens are tokens that grant access to resources (identified by the tokens) without the need for cryptographic keys(Proof of Possession) of the entity(aka Bearer), in possession of the tokens.
Mandatory requirement is that bearer tokens are protected in storage and transport.
TLS/SSL is mandatory.
token_type should be set to "Bearer".
SHOULD issue short lived and scoped bearer tokens.
SHOULD NOT be passed as query parameters.
Resource/Authorization Server MUST use HTTP “WWW-Authenticate” response header field.
Clients MUST use HTTP "Authorization" request header field to pass the bearer token to the server.
JSON Web Token (JWT) (http://tools.ietf.org/id/draft-ietf-oauth-jwt-bearer-03.txt)
SAML2 Assertions (http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-12)
IETF OAuth2 Bearer Tokens: RFC 6750 (http://tools.ietf.org/html/rfc6750)