I'm doing some WCF (Indigo) training this week, and one of the hands on labs went through an example of a federated trust scenario, with two STS's involved in the process. I've got to say, I'm really impressed with how easy it was. Granted, the configuration is pretty hairy, but it's just that, configuration. You can set up a whole federated trust system using config files. And it worked. Not too shabby. I would never have contemplated attempting something like that in WSE 2, although I think in WSE 3 it's supposed to be a bit easier.
One thing to note, if you want to do federated trust, is that the WCF team is not shipping an STS. Presumably for liability reasons, but that's anyone's guess. They are, however, providing some very complete samples, which could be fairly quickly adapted for use inside one's organization. There's also a good example STS for WSE 3 up on gotdotnet as of a few weeks ago.
Overall, my impression is that security in WCF is very thought out, and WAY easier to bend to your will than ever before. Check it out.