I finally checked in a working copy of the xmldap Security Token Service. It's a simple STS, which only supports the Transport Binding of CardSpace, but it's enough to see managed cards in action.
If you'd like to try it out, go to https://xmldap.org/relyingparty/ There you'll find a link to where you can create managed cards. You'll then be able to install them into CardSpace and use them to login to the Relying Party. Below is a screencast which demos the basic steps you should follow:
As always, it's open source. The code is pretty messy at the moment, but if you're curious you can take a look at http://xmldap.org. Special thanks to the other contributors, and the folks at Arcot who figured out one of the missing pieces.