http://developers.de/blogs/damir_dobric/archive/2007/06/29/metadataexchange-mex-ednpoint-in-cardspace.aspxBy using or implementing of some Security Token Service (according to WS-Trust) it might sound strange that the MEX endpoint has to be always HTTPS based. However, the fact is that the communication with STS does not have to be necessarily based on HTTPSenCommunityServer 2008 SP1 (Build: 30619.63)