Ethereum Account Abstraction

The biggest problem I have with passkeys in crypto is that it fails the walkaway test because it’s tied to a domain

Is this solvable?

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

Hm that’s very actually interesting. Unbundling the wallet and the signer

Might use this for my open browser wallet project :)

There are some initiatives to make this more malleable.

See the new related origins request feature on Chrome:

engineering at /privy. prev built pixelpool.xyz, the first Farcaster video client. nyc. 👨‍💻🍎🏳️‍🌈  nf.td/payton

Yeah, this would be more contradictory to the Passkey ethos I think. Passkeys are ultimately meant to be resistant to phishing, so opening up a Passkey to all domains would remove a lot of the benefits. If you remove the domain constraint, I think you would need to replace it with something else that's consistent across browser security models.

This is a step in the right direction, but one thing that i think could solve the walkaway issue is a ‘universal’ passkey that can be invoked from any website. Not sure if this contradicts passkeys on a philosophical level though because it seems like they believe quite strongly that passkeys shouldn’t be transferable across domains

There are some initiatives to make this more malleable.

See the new related origins request feature on Chrome: https://developer.chrome.com/blog/passkeys-updates-chrome-129?hl=en#related-origin-requests

see Farcaster split custody address / signing keys design with signer request flow :)

BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

im sure @cassie has a good answer to this

never considered passkeys as the 1st class citizen authorisation

can you try to integrate passkeys with hardware wallets or key management systems that aren't domain dependent?