That's exactly what's happening. Is it really shocking that a collaborative standard is designed to benefit the entrenched big tech companies at the expense of users and would be competitors? Funny how the standards never "accidentally" favor the user.
> This leaves few authenticator types which will work properly in this passkey world. Apples own passkeys, Android passkeys, password managers that support webauthn, Windows with TPM 2.0, and Chromium based browsers on MacOS (because of how they use the touchid as a TPM).
All of those platforms, with the exception of password managers (which will be forbidden by the vendor lists), also have the compute needed to evolve the system into authorized actions that, IMHO, will eventually lead to devices where specific actions within apps are allowed / disallowed and enforced by the systems that are being sold as authentication (for now).
As soon as those tech companies get an encryption / signing key they effectively control (via requests as the relying party), there's going to be a lot of incentive, and ability, for them to seize even more control over our devices.
> This leaves few authenticator types which will work properly in this passkey world. Apples own passkeys, Android passkeys, password managers that support webauthn, Windows with TPM 2.0, and Chromium based browsers on MacOS (because of how they use the touchid as a TPM).
All of those platforms, with the exception of password managers (which will be forbidden by the vendor lists), also have the compute needed to evolve the system into authorized actions that, IMHO, will eventually lead to devices where specific actions within apps are allowed / disallowed and enforced by the systems that are being sold as authentication (for now).
As soon as those tech companies get an encryption / signing key they effectively control (via requests as the relying party), there's going to be a lot of incentive, and ability, for them to seize even more control over our devices.