A new PAG ("Prescriptive Architecture Guidance for .NET Passport Integration with
Existing Authentication Mechanisms") on which I worked was recently released.
Even if you're not currently planning on implementing .NET Passport in your environments,
it's a good read and
I suggest you take a peek. And if you are planning on implementing .NET Passport
(which I, of course, highly recommend :), it'll definitely be worth your time to read
the PAG as well as to peruse the sample code.
Summary: "This PAG is designed to be an independent, fully functioning,
and reusable solution. It focuses on the complex requirements of sites interested
in offering dual authentication and provides valuable cross-product technical guidance
for designing, building, deploying, and operating an integrated solution. Its documentation
and sample site can be used to help you define your project objectives and its sample
code and tools can be used to aid your development and testing."