Relying party

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A relying party (RP) is a computer term used to refer to a server providing access to a secure software application.

Claims-based applications, where a claim is a statement an entity makes about itself in order to establish access, are also called relying party (RP) applications. RPs can also be called “claims aware applications” and “claims-based applications”, and web applications and services can both be RPs.[1]

With a Security Token Service (STS), the RP is redirected to an STS, which authenticates the RP and issues a security token granting access, instead of the application authenticating the RP directly. The claims are extracted from the tokens and used for identity related tasks.

The OpenID standard defines a situation whereby a cooperating site can act as an RP, allowing the user to log into multiple sites using one set of credentials. The user benefits from not having to share their login credentials with multiple sites, and the operators of the cooperating site avoid having to develop their own login mechanism.[2]

An application demonstrating the concept of relying party is software running on mobile devices, which can be used not only for granting user access to software applications, but also for secure building access, without the user having to enter their credentials each time.[3]


  1. ^ "Relying party". Microsoft Developer Network. Retrieved 2013-05-28.
  2. ^ "Benefits of OpenID". Retrieved 2013-05-28.
  3. ^ "MicroStrategy's office of the future includes mobile identity and cybersecurity". 2014-04-14. Retrieved 2013-05-28.