Kirk, you are right. The IDP for the SAML Web Browser Profile support has the code to pick up attributes via PicketBox Attribute Mapping mechanism. We have not extended that capabilities to the STS. The other feature we have just started looking at for the STS is the use of XACML Authorization requests/responses via SAML Attribute Statements. (http://community.jboss.org/message/534730#534730)
I welcome you to provide a code submission to picketlink if you would like to bring the attribute mechanism to the STS. We need it for sure. But we may not work on it right away.