I believe that the correct way to detect support for Web Authentication is to check for support of Credential Management, but then as not all implementations of Credential Management will support publicKey then check for that also.

I think the test for support for the final specification should be:
'credentials' in navigator && 'PublicKeyCredential' in window

Also this test will fail if the page isn't loaded via https. The HTML5Test site allows itself to be loaded over http. It would help if a Content-Security-Policy header were added to request the browser to load the page over https if they originally request it over http.

e.g.

Content-Security-Policy: upgrade-insecure-requests;
Strict-Transport-Security: max-age=31536000; includeSubDomains