[Concordia] CardSpace support for Authn Mechanism Policy

[Scott Cantor]

> Otherwise, when constructing the <IssuedToken> element the hybrid
> provider SHOULD NOT specify an <Issuer> element, but rather create a
> corresponding required claim type, taking the value of the
> RequestedAuthnContext and inserting it into the URI attribute of the
> <ClaimType> element within the <RequestSecurityTokenTemplate>

Is it necessary to dictate no Issuer? I would think that would be
contextual. If I had a single IdP handling both the Cardspace and pure SAML
IdP functions, I ought to be able to use the same issuer identity, which
simplifies metadata and trust mgmt.

-- Scott