Sebastian who has been working with Zermatt for a couple of weeks already, is posting a useful “straight to the point” how to implement active and passive STS’s using Zermatt. The abstractions in Zermatt are making this a joy. I like the separation of the STS from the underlying host (i.e. ASP.NET, WCF, “put-the-name-of-the-next-foundation”) because allows you to reuse the same STS for both the service layer and the presentation layer and have a consistent access control mechanism on both layers using claims.
Also, while we are on the subject, I recommend you to read the latest Architecture Journal on Identity. I just read Vittorio’s article and it has all the things you need to know about the underlying concepts.