In the Endpoint node of the Geneva Server MMC, there is a matrix of endpoints that are exposed by the service. This grid includes three columns whose meanings were not clear to me until Colin Brace from the Geneva Server team explained. Specifically, the MMC has three columns, Enabled, Proxy Enabled, and CardSpace which confused me. You can see them in the following screenshots:
An endpoint that is enabled means Geneva Server is listening, essentially, at that address. If it is disabled, then requests sent to that URL will result in an HTTP 500 error. The endpoints that have the Proxy Enabled option set to Yes will be the ones that are exposed by the a Geneva Server instance that is running in proxy mode. I assume, but don't know for sure, that a Geneva Server that is running in this mode will figure out which endpoints to expose based on the configuration of its "master" not its own configuration. The endpoints that have CardSpace set to Yes are the ones that will be included in any Information Cards that Geneva Server provisions. These endpoints are the ones that the selector will communicate with when requesting claims of the STS.
Another thing to note about endpoints that you might overlook is the security mode. If you enabled, for example, WS-Trust 2005 (as above), you'll see a message in the event log that Geneva Server is listening on http://localhost/Trust/2005/Windows not HTTPS like the others in the log message. This is because the endpoint is using message-level security.
All of this is actually pretty obvious after someone points it out or you stop to observe and ponder the UI. There are a lot of endpoints listed there though, and you can easily overlook these details and their meanings. I did at least.