Rampart Question- Use SAML to authenticate

[Peter Rankor <pe...@googlemail.com>]

List,

I am new to rampart. However, I managed to set up an STS and wrote client,
which works fine so far. My question is related to the following scenario:

Trust Relations as follows:
Client<-->STS1
Service<-->STS1

Service requires SAML Token and signature

Client gets a SAML token from STS1 (1) and sends it to the service to
authenticate (2). Since the Service does not know the client and therefore
does not trust the client, it has to deny the request because it cannot
verify signature. However, the SAML token is issued by a trusted STS (STS1)
and includes the X.509 certificate with public key of the client.
My questions:
a) Is Rampart smart enough to extract the client's X.509 token from the
trusted SAMLToken and regards it as trusted and therefore the signature?
b) How does a policy for interaction (2) look like. I managed interaction
(1) but struggling with interaction (2). Use a SAML token as initiator
token?

Thanks for your help.

Regards,
Peter