IdentityRegistry is a naive registry that maintains a mapping between identities (as strings): id1 -> id2, id3 -> id4, etc. The method call Check(id1, id2) will succeed only if there is a mapping id1 -> id2 stored in this registry.
CA can make authorization decisions based on this registry. By creating a mapping id1 -> id2, CA will approve CSRs sent only by services running as id1 for identity id2.
AddMapping adds a mapping id1 -> id2. If id1 is already mapped to something else, add fails.
Check checks whether id1 is mapped to id2
DeleteMapping attempts to delete mapping id1 -> id2. If id1 is already mapped to a different identity, deletion fails
Registry is the standard interface for identity registry implementation
GetIdentityRegistry returns the identity registry object.