A new PAG ("Prescriptive Architecture Guidance for .NET Passport Integration with Existing Authentication Mechanisms") on which I worked was recently released.  Even if you're not currently planning on implementing .NET Passport in your environments, it's a good read and I suggest you take a peek.  And if you are planning on implementing .NET Passport (which I, of course, highly recommend :), it'll definitely be worth your time to read the PAG as well as to peruse the sample code.

Summary: "This PAG is designed to be an independent, fully functioning, and reusable solution. It focuses on the complex requirements of sites interested in offering dual authentication and provides valuable cross-product technical guidance for designing, building, deploying, and operating an integrated solution. Its documentation and sample site can be used to help you define your project objectives and its sample code and tools can be used to aid your development and testing."