We've got a security solution based on Webauthn where we use "attestation":"direct"
when creating credentials. This attestation is then verified by our servers for extra security. When testing the solution using iOS16, we are asked if we want to back up our key and then we are not getting any attestation info.
As far as I've understood, iOS16 starts using Passkeys, which can be backed up and therefore attestation does not make sense. But our solution is very specifically locked to a single device, so the backing up of the keys is not necessary, but we do need to be certain we're on the correct device.
So: Are there any properties that can be sent to navigator.credentials.create
that will tell Safari to use something else than passkeys, allowing us to get an attestation? Or do you have any other solution that will give us the same level of assurance as the attestation statement?