'relying party' and 'identity consumer'

Martin Atkins mart at degeneration.co.uk
Mon Nov 28 00:33:29 PST 2005

Joaquin Miller wrote:
> Thanks, Josh.
> Yeah, Martin, you are right. 
> 'Relying party' without context is not helpful.
> A longer term, that carries with it the context, will be fine.  Given how the 
> world works, it will be shortened.
> How about, for example:  'identity system relying party' ?

As I noted before, I've only really guessed what is meant by "relying
party" through the usage of others.

Would the term also be suitable to describe the following party?

Imagine that a website supports user-accompanied RPC. This is a term I
came up with to describe the process of granting one website one-time
permission to perform an operation on another website using a user's
browser as a conduit. The canonical example is having a weblog be an RPC
endpoint that accepts a "post this entry" call, which could then be used
from a photo-hosting site to post a photo to the weblog without needing
to disclose the account details.

Imagine also that the website is using YADIS to declare the operations
it supports. In this case, it's the website that has the "identity", not
a person. Our photohosting site asks the user to enter a YADIS identity
for himself and the URL of the site to post to. The photohosting site
then uses YADIS capability discovery to find out what versions of the
"post an entry to a weblog" capability are supported.

Would you say that in this case the photo hosting site is a "relying
party"? I'm not so sure that it's an identity consumer either, but if
we're going to start playing with terminology we might as well get it right.

More information about the yadis mailing list