The described implementations relate to establishing authenticated
communication between a client computing device and a service provider.
In one implementation, once a registration procedure is complete,
multiple authentication servers are used by a client computing device and
a service provider to facilitate the establishment of an authenticated
communication session. However, the authentication servers are not
necessarily trusted authorities. That is, secrets of the various
described devices are not revealed to each other.