Good point. Needs a bit of ironing, but a standard for this might be part of a Nostr/Passkey solution.

What if … a client web app were to “send” an unsigned event to a standardized API at a (user selected) “nostr passkey” domain (in the in the background?) and this remote service would request the passkey UI (from OS) using its native domain and respond to the client web app with a signed event? Of course this would all be standardized in a “nostr passkey” NIP. And there are other issues to solve before “nostr passkey” could even be a practical solution. But for the problem of “multiple apps using the same passkey” this could still work for web apps as well as native?