Major Description
This is an enhancement for the feature introduced in DISPATCH-200 (Flexible mapping from x.509 certificates to an identity).
There are cases in which the best identifier for a client certificate is the fingerprint. Since the fingerprint is not very user/operator-friendly, it is useful to provide a facility to map the DISPATCH-200 identifier to a more people-friendly nickname.
The mappings shall be held in a persistent store (a json-file in the config directory would be a good start). The only available management operation on this data set shall be to reload the data file, presumably with updated mappings. It would be a potential security vulnerability to provide direct management access to the content of the mapping.
The identities that come from the mappings (i.e. the nicknames) shall be used to annotate the AMQP connections (for management visibility) and to index into the access/resource policy for each connection.