Overview#
Closed-Loop Authentication is when the same party that provided Credential Enrollment provides the Authentication.Today, most web Authentication is Closed-Loop Authentication, including:
- traditional two-party authentication with username and password
- third-party login where a Relying Party redirects the browser to an Identity Provider (IDP) who authenticates the user and redirects the browser back to the Relying Party, asserting the user's identity
In contrast, Open-Loop Authentication user attributes are asserted by a party that is not directly involved in the Authentication process.
In Closed-Loop Authentication the Identity Provider (IDP) is involved in the Authentication process by verifying possession of the credential by the device.[1]
In third-party Closed-Loop Authentication, the credential authority is an Identity Provider (IDP), which asserts the user attributes to a Relying Party only after verifying possession of the credential by the device. In two-party authentication, there is only one party besides the user’s device, so two-party authentication can only be closed-loop authentication.
More Information#
There might be more information for this subject on one of the following:- [#1] - http://pomcor.com/2013/04/03/closed-loop-vs-open-loop-authentication/
- Retrieved 2013-04-10