Using our knowhow in WIF generated from the passive STS effort, its trivial now (mostly) to make the kind of assertion and response message required by Office 365 (to authenticate outlook or other thick clients).
Assuming one has a raw username token processor class and a token generator from the codeplex best practices samples, make the following changes to get closer to Office 365 compatibility!
To the username token processor we add the authentication statement (and some claims that perhaps arguably ought to be better added later, in the GetOutputClaims method!)
And then, the usual RSA/SHA1 signing method is required:
And to ensure the authentication statement actually gets minted (and the claims associated with authentication of the username token get populated in the authorization statement) we pass through the authenticated status (from red 1, above) via the trick shown as blue.