They are still to officially publish a spec, but already published rate limits for 3rd party apps attested requests on the official docs and since 2021 people are documenting how they are updating their IDs on AAGUID fields on already available attested requests.
this is wrong. you're confusing with app attestation. the other reply to this comment is also wrong.
passkey lack the attestation content because the spec doesn't provide for the case being discussed on another thread... cloud backed up keys.
attestation field, per current spec, must attest the 3rd party own the key and it only lives in a single placed (original intent was harware on client validated by vendor keys there)... now obviously we know apple google backup your keys on their cloud, so they cannot attest anything per current spec.
don't takes that as a instance on privacy. they are rushing changes to the spec.
as soon as they can attest keys that are shared with their clouds they will do.
