Authentication proves the user or device identity, while encryption protects the frame from eavesdropping.
Open authentication provides no user authentication and can be used in combination with a stronger system; WEP provides authentication and encryption but is a weak protocol.
A good way to enforce authentication is to use a central server and authenticate each user individually.
WPA and WPA2 create the framework for a stronger authentication and encryption; Cisco Centralized Key Management can be added to increase roaming efficiency.
Most of the available security features can be configured on the controller; most of the EAP types will simply be relayed, and the controller will use the angle of the encryption to categorize the security type.