Major Description
When issuing the KnoxToken, the requesting client IP address should be added to the resulting token. This IP address will then need to be validated against the IP address of any incoming request that presents the bearer token as proof of identity.
This will prevent the misappropriation of a token from allowing access from any other machine.
We will also want to make this binding requirement configurable and provide appropriate warning messages when not in use.