> where you can mix and match your devices as needed to any one account.
I appreciate what you're trying to do and I'm happy for more providers to build implementations, but you can't individually solve the ecosystem problem because you're only one provider. You can't force Apple, 1Password, Google, and Microsoft to all allow import and export from your app. You can't force Amazon not to do attestation or to accept multiple keys, even if you do everything right you don't have the power to force them to go along with you.
This is a problem that has to be solved by the FIDO Alliance; individual providers can't solve it for them. The Alliance itself has to take some responsibility for the direction of the spec they're pushing and for the direction the industry is going. Ecosystem portability is not going to be solved until interoperability is as a mandated condition for certification.
Totally agree FIDO need to sort this out.
Until then, we developers can at least try to show a way forwards where Apple / Google do not own all of your PassKey access
I appreciate what you're trying to do and I'm happy for more providers to build implementations, but you can't individually solve the ecosystem problem because you're only one provider. You can't force Apple, 1Password, Google, and Microsoft to all allow import and export from your app. You can't force Amazon not to do attestation or to accept multiple keys, even if you do everything right you don't have the power to force them to go along with you.
This is a problem that has to be solved by the FIDO Alliance; individual providers can't solve it for them. The Alliance itself has to take some responsibility for the direction of the spec they're pushing and for the direction the industry is going. Ecosystem portability is not going to be solved until interoperability is as a mandated condition for certification.