You might have noticed that sometimes the security token on xmldap's relyingparty is not valid. The conditions on the token are not met because the time on the server was about 30 minutes off.
Chuck corrected this immediately and I wanted to verify that the relyingparty there now accepts a security token produced by the latest openinfocard id selector. I quickly installed it, but booom; it failed.
Well, it turns out that the office machine had version 1.0.6 of the CardSpace for Firefox extension. After updating it to the current version 1.0.9 everything now works fine. ... Well, the certificate on xmldap.org expired two days ago. Argh, will be fixed soon. Sorry.
That was a nice 5 Minute adrenalin shock.