I have not found any good docs on WDS services yet. From what I have found it seems to be a layer 2 service that runs on the ethernet side of the AP's and the AP's communicate the key information of the various associated clients and reports the information the the WDS server AP that you set up. When I got one of my floors set up with this the reassociation was really fast as I roamed from AP to AP. The clients need to be cisco cards or run cisco compatible extensions. What is also nice about this is when a client associates and gets authenticated it only hits the ACS server one time for authentication and then uses the same credentials as it roams from AP to AP. Like I said in the beginning most of this info is what I devined from working with this so some of the details may be wrong. It would be nice if they get some of this documented.
You have "devined" correctly as to what WDS provides today and there's a lot more to come. This was presented at Networkers and there is an excellent whitepaper working its way through corporate editing.
WDS is a set of features that runs on an IOS AP. Other IOS APs in the same L2 domain register with the WDS. We call these "infrastructure APs". The infrastructure APs are discovered by the WDS via broadcast. As part of the registration process, the infrastructure APs LEAP authenticate to the WDS. Once they are registered, context-based information is communicated to the WDS.
So what should be clear is that you don't have to specify a VLAN for WDS. The process naturally runs on the management VLAN.