Security Encyclopedia

Relying Party (RP)

A Relying Party (RP) is a server that processes requests for access into online resources. Web applications are one kind of RP.

RPs are also called “claims-aware” or “claims-based” applications since they support a device or person’s claim to be the legitimate party requesting access. Sometimes the RP can field the claim from a trusted third party such as an identity provider (IdP). In this case the RP fields the request, which takes the form of a token rather than the original request, and uses this chain of trust to grant access. For this reason, the nation of RPs working with IdPs makes possible identity federation and single sign-on (SSO) by paring down the individual assertions and claims the end user makes across supported systems.


“Relying party apps handle requests from users, for example a banking app that processes authentication requests from a person seeking access. Sometimes the app can process the request from a third-party trust provider, and this capability is one of the foundations for federated identity where an IdP helps authenticate users across different services without identity sprawl.”