Would be good to document the differences between the various key types

[iustin]

Hi,

I’m trying to implement an iOS workflow, but I’m not sure I understand the differences between SE, WebAuthn/device and WebAuthn/Security key types. From my limited understanding:

• SE keys are device-bound, non-exportable, but cannot require confirmation
• WebAuthn/device are iCloud-account bound (so exportable between devices, I think), require biometrics authentication, and can implement a two-factor auth via “save on another device”
• WebAuthn/security key are bound to the security key, non-exportable, and require presence check (but not biometrics)

Is this roughly correct? I’m happy to improve docs if I have the right understanding.