Browser and standards

• WebAuthn: the browser API behind navigator.credentials
• FIDO2: the broader standard that includes WebAuthn
• Authenticator: the device or security module holding the private key

Site identity

• Relying Party (RP): your app or website
• RP ID: the domain name used as the WebAuthn site identifier
• Origin: the full scheme://host:port

Protocol pieces

• Credential: the passkey, backed by a public/private key pair
• Challenge: a random, server-generated nonce
• Attestation: optional metadata about the authenticator at registration
• Assertion: the signed proof returned during login