Biztalk Identity Services…

In trying to get my head around Biztalk identity services I’ve been going through the examples for the identity services provided by BizTalk and from the Biztalk Labs, the concept of identity services makes perfect sense. However, and it might very well be my ignorance (read disclaimer ), I’m not sure how the current incarnation of the services provides value other than security claims evaluation for authorization.

From The “BizTalk Services Identity Provider” page

How can an application take advantage of Identity Services in the BizTalk Services offering?
If you run a Web site or Web service, you can enable it to accept identity tokens provided by the Security Token Service. To do this, you must create a digital identity at this site on behalf of your site or service, and then you must configure your site or service to accept the appropriate identity tokens.

While it can make sense in a web service interaction scenario (I havent dug deep enough yet) using Saml tokens with claims assertions issued by the Biztalk Services STS(?). How does it translate to a web applications attempting to use Biztalk Services as an identity service provider.

In the authentication/authorization of a web application scenario, when a user logs in there is no way to get at the claimset associated with a user. Ideally, I would think this would come from the information card (issued by a trusted managed card provider) or in the token generated by identity services after a successful login. In essence how does one go about using BTS as an identity provider? Is it meant to be used that way in the first place?

The examples that come with the SDK seem to suggest it possible!