I'm using Windows Azure Access Control Services to Federate Live ID, Google, Yahoo! and my Companies Office365 account. The problem is that Live ID, Google and Yahoo! provide thehttp://schemas.xmlsoap.org/ws/2005.05/identity/claims/nameidentifier claim but after configuring the Service Principle in Windows Azure Active Directory I only get the upn claim. This is a problem since we sometime have to change email account names and the upn could change for the user. I'd like to use the PUID but that claim doesn't appear as a possibility. Can one configure additional claims be provided in the tokens generated by Windows Azure Active Directory?
*Note* I saw a early example application that was using the WAAD Developer Preview earlier and it had both the nameidentifier claim as well as the puid claim and others. Why did this change?