!!! Overview
[{$pagename}] is when the same party that provided [Credential Enrollment] provides the [Authentication].

Today, most web [Authentication] is [{$pagename}], including:
* traditional two-party [authentication] with username and [password]
* third-party login where a [Relying Party] redirects the browser to an [Identity Provider (IDP)] who [authenticates] the user and redirects the browser back to the [Relying Party], asserting the user's identity

In contrast, [Open-Loop Authentication] user attributes are asserted by a party that is not directly involved in the [Authentication] process. 

In [{$pagename}] the [Identity Provider (IDP)] is involved in the [Authentication] process by verifying possession of the [credential] by the device.[1]

In third-party [{$pagename}], the [credential] authority is an [Identity Provider (IDP)], which asserts the user attributes to a [Relying Party] only after verifying possession of the [credential] by the device. In two-party authentication, there is only one party besides the user’s device, so two-party authentication can only be closed-loop [authentication].


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]

----
* [#1] - [http://pomcor.com/2013/04/03/closed-loop-vs-open-loop-authentication/|http://pomcor.com/2013/04/03/closed-loop-vs-open-loop-authentication/|target='_blank'] - Retrieved 2013-04-10