Wonderful Episode! Thank you for sharing.
In the last minutes of the show, you identified a complex application having their own STS federated with the main Identity Provider STS. Is the "private" STS a private instance of ADFS2.0 or is it a custom implementation?
This question is coming from an ISV perspective. We want to embrace the claims model and “outsource” identity to an STS. But 1) the client may need us to provide the STS because they don’t have one, 2) they may want us to use an existing STS (political struggle ensues to get our required claims from their IT), 3) they may want us to federate our STS with their IP-STS. Can ADFS2.0 be used as a private STS for an ISV application simliar to the scenerio you described? It seems SharePoint 2010 took this approach with their own SharePoint STS.
Can you provide some insight into how an ISV installing software into the clients environment should approach this problem? (or suggest another place to post this question.) Thanks for your consideration.