Apple Passkey

[jrockway]

Reading the linked page, it certainly looks very similar. I've also implemented WebAuthn from scratch and the term "relying party" is burned into my brain, and this document also uses that term. It's a reasonable term to use in any authentication context, though, so not a smoking gun I guess.

WebAuthn continues to work great on iOS and Mac OS, so I'm not sure there's a good reason to add some other new standard. (Though I do have the controversial opinion of wanting Apple to share my credentials between all devices. I have my iPad, iPhone, Macbook, and portable security key all enrolled in SSO. I don't mind this but I feel like it probably hinders adoption over an easily-hackable pasword that you just remember.)

[tialaramex]

Relying Party is the jargon for the entity that gets to rely on the fancy cryptographic technology to determine something that would otherwise be difficult / expensive / unreliable. They're relying on the maths working, and on certain other parties doing their jobs correctly.

Everybody here is a Relying Party when they use HTTPS. The Web PKI promises that this is really news.ycombinator.com to you, the HN reader, so long as the math works (RSA, Elliptic Curve Cryptography and likely AES) and so long as your browser vendor did their job, and the Issuing CA (DigiCert) did their job.

Relying Parties should ideally know why their trust is well-founded. For example, in the Web PKI examining this cryptography is the job of the Internet Research Task Force (related to the IETF), the browser vendors are responsible to you directly, and the Root CAs are overseen by m.d.s.policy, run by Mozilla on behalf of their users and everybody else's users.