I used Chuck Mortimore's Firefox extension to present a self-asserted card to Ping's IDP, which, after doing the Cardspace dance, displayed the following on the IDP portal page.
It's the 'PASSWORD' as authentication context that confuses me.
I didn't authenticate to the IDP with a password, I did so with Cardspace. More precisely, I authenticated to the IDP (acting as a Cardspace RP) by proving I had a key through an XML-Signature. So, strictly speaking, the appropriate SAML Authentication Context class should be 'XML Signature'.
A Cardspace user will sometimes be required to authenticate with a pin or similar to a local key store (and so it could be conceivable that there would be a password in the mix). In such cases, just saying 'XML Signature' wouldn't adequately describe the authentication context. The options would appear to be to use combinations of existing AC class URIs or define new SAML AC class defined specific to Cardspace.
Update: Patrick Harding reminded me that Cardspace uses SAML 1.1 so doesn't have the full expressiveness of SAML 2.0's Authentication Context available. The conjecture is that Ping's Ashish Jain, because of this lack of expressiveness, had to fall back on 'password'.