diff --git a/securing_apps/topics/token-exchange/token-exchange.adoc b/securing_apps/topics/token-exchange/token-exchange.adoc
index 6cf9adc7c2..2f8da8d021 100644
--- a/securing_apps/topics/token-exchange/token-exchange.adoc
+++ b/securing_apps/topics/token-exchange/token-exchange.adoc
@@ -14,7 +14,7 @@ to impersonate a user.  Here's a short summary of the current capabilities of {p
 * A client can exchange an external token for a {project_name} token.
 * A client can impersonate a user
 
-Token exchange in {project_name} is a very loose implementation of the link:http://www.ietf.org/id/draft-ietf-oauth-token-exchange-09.txt[OAuth Token Exchange] specification at the IETF.
+Token exchange in {project_name} is a very loose implementation of the link:http://www.ietf.org/id/draft-ietf-oauth-token-exchange-10.txt[OAuth Token Exchange] specification at the IETF.
 We have extended it a little, ignored some of it, and loosely interpreted other parts of the specification.  It is
 a simple grant type invocation on a realm's OpenID Connect token endpoint.
 
@@ -69,7 +69,7 @@ NOTE:   We currently only support OpenID Connect and OAuth exchanges.  Support f
 
 A successful response from an exchange invocation will return the HTTP 200 response code with a content type that
 depends on the `requested-token-type` and `requested_issuer` the client asks for.  OAuth requested token types will return
-a JSON document as described in the link:http://www.ietf.org/id/draft-ietf-oauth-token-exchange-09.txt[OAuth Token Exchange] specification.
+a JSON document as described in the link:http://www.ietf.org/id/draft-ietf-oauth-token-exchange-10.txt[OAuth Token Exchange] specification.
 
 ----
 {