Michael Shapiro reminds me that the proposed XCDB API route can return multiple usernames. A user may have multiple username at a site due to account merges and other routine AMIE actions. In the old grid-mapfile format, we'd list multiple comma-separated usernames, like:
"/DC=org/DC=cilogon/C=US/O=LIGO/CN=Jim Basney firstname.lastname@example.org" jbasney,basneyj
I don't think the new Globus Auth map_file allows one to many mappings.
This should be addressed more clearly in the design doc.