You'd of course sign into apps using a public key, but any actions would require a signing device. I mean to have this as an option, not a requirement. This would be cumbersome for most people, but higher profile and more security conscious people should have the option. Especially if we ever want to have presidents, etc using this stuff. (We should). 

 Purpose signing apps (like bitwarden) that get child keys and to sign. Different apps then just ask Signing app to sign..
Parent key held offline, or even just another separate app. To kill child key if need he..