-refactored

18 files changed, 830 insertions, 431 deletions

diff --git a/configure.ac b/configure.ac
index 206a407fa..e0d92fb8c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1654,6 +1654,7 @@ src/vpn/vpn.conf
 src/zonemaster/Makefile
 src/zonemaster/zonemaster.conf
 src/rest/Makefile
+src/identity-attribute/Makefile
 src/identity-provider/Makefile
 pkgconfig/Makefile
 pkgconfig/gnunetarm.pc
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 3444e321b..b06eb3a9f 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -196,9 +196,10 @@ src/hello/hello.c
 src/hostlist/gnunet-daemon-hostlist.c
 src/hostlist/gnunet-daemon-hostlist_client.c
 src/hostlist/gnunet-daemon-hostlist_server.c
+src/identity-attribute/identity_attribute.c
+src/identity-attribute/plugin_identity_attribute_type_gnuid.c
 src/identity-provider/gnunet-idp.c
 src/identity-provider/gnunet-service-identity-provider.c
-src/identity-provider/identity_attribute.c
 src/identity-provider/identity_provider_api.c
 src/identity-provider/jwt.c
 src/identity-provider/plugin_gnsrecord_identity_provider.c
diff --git a/src/Makefile.am b/src/Makefile.am
index e4d7d8924..68878b5a0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -17,6 +17,7 @@ endif
 
 if HAVE_JSON
 if HAVE_MHD
+  ATTRIBUTE_DIR = identity-attribute
   PROVIDER_DIR = identity-provider
 endif
 endif
@@ -131,6 +132,7 @@ SUBDIRS = \
   social \
   $(AUCTION_DIR) \
   $(EXP_DIR) \
+        $(ATTRIBUTE_DIR) \
   $(PROVIDER_DIR)
 
 endif
diff --git a/src/identity-attribute/Makefile.am b/src/identity-attribute/Makefile.am
new file mode 100644
index 000000000..770bc2ead
--- /dev/null
+++ b/src/identity-attribute/Makefile.am
@@ -0,0 +1,44 @@
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+plugindir = $(libdir)/gnunet
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+if MINGW
+  WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
+endif
+
+if USE_COVERAGE
+  AM_CFLAGS = --coverage -O0
+  XLIBS = -lgcov
+endif
+
+lib_LTLIBRARIES = \
+  libgnunetidentityattribute.la
+
+libgnunetidentityattribute_la_SOURCES = \
+  identity_attribute.c 
+libgnunetidentityattribute_la_LIBADD = \
+  $(top_builddir)/src/util/libgnunetutil.la \
+  $(GN_LIBINTL)
+libgnunetidentityattribute_la_LDFLAGS = \
+  $(GN_LIB_LDFLAGS) $(WINFLAGS) \
+  -version-info 0:0:0
+
+
+plugin_LTLIBRARIES = \
+  libgnunet_plugin_identity_attribute_gnuid.la
+
+
+libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \
+  plugin_identity_attribute_gnuid.c
+libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \
+  $(top_builddir)/src/util/libgnunetutil.la \
+  $(LTLIBINTL)
+libgnunet_plugin_gnsrecord_dns_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
diff --git a/src/identity-provider/identity_attribute.c b/src/identity-attribute/identity_attribute.c
index c7e833326..377eb3211 100644
--- a/src/identity-provider/identity_attribute.c
+++ b/src/identity-attribute/identity_attribute.c
@@ -36,20 +36,21 @@
  * @param data_size the attribute value size
  * @return the new attribute
  */
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-attribute_new (const char* attr_name,
+struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
                uint32_t attr_type,
                const void* data,
                size_t data_size)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
   char *write_ptr;
 
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) +
+  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) +
                         strlen (attr_name) + 1 +
                         data_size);
-  attr->attribute_type = attr_type;
+  attr->type = attr_type;
   attr->data_size = data_size;
+  attr->version = 0;
   write_ptr = (char*)&attr[1];
   GNUNET_memcpy (write_ptr,
                  attr_name,
@@ -64,20 +65,20 @@ attribute_new (const char* attr_name,
 }
 
 size_t
-attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   size_t len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
-    len += attribute_serialize_get_size (le->attribute);
+    len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
   return len; 
 }
 
 size_t
-attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
+GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
                           char *result)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   size_t len;
   size_t total_len;
   char* write_ptr;
@@ -86,7 +87,7 @@ attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *a
   total_len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    len = attribute_serialize (le->attribute,
+    len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim,
                                write_ptr);
     total_len += len;
     write_ptr += len;
@@ -94,55 +95,55 @@ attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *a
   return total_len;
 }
 
-struct GNUNET_IDENTITY_PROVIDER_AttributeList *
-attribute_list_deserialize (const char* data,
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
+GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   size_t attr_len;
   const char* read_ptr;
 
   if (data_size < sizeof (struct Attribute))
     return NULL;
   
-  attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
+  attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
   read_ptr = data;
   while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
   {
 
-    le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-    le->attribute = attribute_deserialize (read_ptr,
+    le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+    le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr,
                                            data_size - (read_ptr - data));
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Deserialized attribute %s\n", le->attribute->name);
+                "Deserialized attribute %s\n", le->claim->name);
     GNUNET_CONTAINER_DLL_insert (attrs->list_head,
                                  attrs->list_tail,
                                  le);
-    attr_len = attribute_serialize_get_size (le->attribute);
+    attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
     read_ptr += attr_len;
   }
   return attrs;
 }
 
-struct GNUNET_IDENTITY_PROVIDER_AttributeList*
-attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
+GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *result_le;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *result;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result;
   size_t len;
 
-  result = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
+  result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    result_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-    len = sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + le->attribute->data_size;
-    result_le->attribute = GNUNET_malloc (len);
-    GNUNET_memcpy (result_le->attribute,
-                   le->attribute,
+    result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+    len = sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) + le->claim->data_size;
+    result_le->claim = GNUNET_malloc (len);
+    GNUNET_memcpy (result_le->claim,
+                   le->claim,
                    len);
-    result_le->attribute->name = (const char*)&result_le->attribute[1];
+    result_le->claim->name = (const char*)&result_le->claim[1];
     GNUNET_CONTAINER_DLL_insert (result->list_head,
                                  result->list_tail,
                                  result_le);
@@ -152,14 +153,14 @@ attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
 
 
 void
-attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *tmp_le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le;
 
   for (le = attrs->list_head; NULL != le;)
   {
-    GNUNET_free (le->attribute);
+    GNUNET_free (le->claim);
     tmp_le = le;
     le = le->next;
     GNUNET_free (tmp_le);
@@ -169,15 +170,15 @@ attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
 }
 
 size_t
-attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr)
+GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
   return sizeof (struct Attribute) 
     + strlen (attr->name)
-    + attr->data_size; //TODO get data_size from plugin
+    + attr->data_size;
 }
 
 size_t
-attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
+GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
                      char *result)
 {
   size_t data_len_ser;
@@ -186,8 +187,8 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
   char* write_ptr;
 
   attr_ser = (struct Attribute*)result;
-  attr_ser->attribute_type = htons (attr->attribute_type);
-  attr_ser->attribute_version = htonl (attr->attribute_version);
+  attr_ser->attribute_type = htons (attr->type);
+  attr_ser->attribute_version = htonl (attr->version);
   name_len = strlen (attr->name);
   attr_ser->name_len = htons (name_len);
   write_ptr = (char*)&attr_ser[1];
@@ -203,11 +204,11 @@ attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
   return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
 }
 
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-attribute_deserialize (const char* data,
+struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
   struct Attribute *attr_ser;
   size_t data_len;
   size_t name_len;
@@ -217,13 +218,12 @@ attribute_deserialize (const char* data,
     return NULL;
 
   attr_ser = (struct Attribute*)data;
-  //TODO use plugin. 
   data_len = ntohs (attr_ser->data_size);
   name_len = ntohs (attr_ser->name_len);
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute)
+  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim)
                         + data_len + name_len + 1);
-  attr->attribute_type = ntohs (attr_ser->attribute_type);
-  attr->attribute_version = ntohl (attr_ser->attribute_version);
+  attr->type = ntohs (attr_ser->attribute_type);
+  attr->version = ntohl (attr_ser->attribute_version);
   attr->data_size = ntohs (attr_ser->data_size);
 
   write_ptr =  (char*)&attr[1];
diff --git a/src/identity-attribute/identity_attribute.h b/src/identity-attribute/identity_attribute.h
new file mode 100644
index 000000000..046321807
--- /dev/null
+++ b/src/identity-attribute/identity_attribute.h
@@ -0,0 +1,56 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2015 GNUnet e.V.
+
+   GNUnet is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published
+   by the Free Software Foundation; either version 3, or (at your
+   option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with GNUnet; see the file COPYING.  If not, write to the
+   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA 02110-1301, USA.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file identity-provider/identity_attribute.h
+ * @brief GNUnet Identity Provider library
+ *
+ */
+#ifndef IDENTITY_ATTRIBUTE_H
+#define IDENTITY_ATTRIBUTE_H
+
+#include "gnunet_identity_provider_service.h"
+
+struct Attribute
+{
+  /**
+   * Attribute type
+   */
+  uint32_t attribute_type;
+
+  /**
+   * Attribute version
+   */
+  uint32_t attribute_version;
+  
+  /**
+   * Name length
+   */
+  uint32_t name_len;
+  
+  /**
+   * Data size
+   */
+  uint32_t data_size;
+
+  //followed by data_size Attribute value data
+};
+
+#endif
diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/identity-attribute/plugin_identity_attribute_gnuid.c
new file mode 100644
index 000000000..ba460d0a5
--- /dev/null
+++ b/src/identity-attribute/plugin_identity_attribute_gnuid.c
@@ -0,0 +1,184 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @file identity-provider/plugin_identity_attribute_gnuid.c
+ * @brief identity attribute plugin to provide the API for fundamental 
+ *                 attribute types.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_identity_attribute_plugin.h"
+#include <inttypes.h>
+
+
+/**
+ * Convert the 'value' of an attribute to a string.
+ *
+ * @param cls closure, unused
+ * @param type type of the attribute
+ * @param data value in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the value
+ */
+static char *
+gnuid_value_to_string (void *cls,
+                     uint32_t type,
+                     const void *data,
+                     size_t data_size)
+{
+
+  switch (type)
+  {
+  case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+    return GNUNET_strndup (data, data_size);
+  default:
+    return NULL;
+  }
+}
+
+
+/**
+ * Convert human-readable version of a 'value' of an attribute to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the attribute
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+gnuid_string_to_value (void *cls,
+                     uint32_t type,
+                     const char *s,
+                     void **data,
+                     size_t *data_size)
+{
+  if (NULL == s)
+    return GNUNET_SYSERR;
+  switch (type)
+  {
+
+    case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+      *data = GNUNET_strdup (s);
+      *data_size = strlen (s);
+      return GNUNET_OK;
+    default:
+      return GNUNET_SYSERR;
+  }
+}
+
+
+/**
+ * Mapping of attribute type numbers to human-readable
+ * attribute type names.
+ */
+static struct {
+  const char *name;
+  uint32_t number;
+} gnuid_name_map[] = {
+  { "STRING",  GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING },
+  { NULL, UINT32_MAX }
+};
+
+
+/**
+ * Convert a type name to the corresponding number.
+ *
+ * @param cls closure, unused
+ * @param gnuid_typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+static uint32_t
+gnuid_typename_to_number (void *cls,
+                        const char *gnuid_typename)
+{
+  unsigned int i;
+
+  i=0;
+  while ( (NULL != gnuid_name_map[i].name) &&
+          (0 != strcasecmp (gnuid_typename,
+                            gnuid_name_map[i].name)) )
+    i++;
+  return gnuid_name_map[i].number;
+}
+
+
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+gnuid_number_to_typename (void *cls,
+                        uint32_t type)
+{
+  unsigned int i;
+
+  i=0;
+  while ( (NULL != gnuid_name_map[i].name) &&
+          (type != gnuid_name_map[i].number) )
+    i++;
+  return gnuid_name_map[i].name;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_attribute_type_gnuid_init (void *cls)
+{
+  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+
+  api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions);
+  api->value_to_string = &gnuid_value_to_string;
+  api->string_to_value = &gnuid_string_to_value;
+  api->typename_to_number = &gnuid_typename_to_number;
+  api->number_to_typename = &gnuid_number_to_typename;
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_attribute_type_gnuid_done (void *cls)
+{
+  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls;
+
+  GNUNET_free (api);
+  return NULL;
+}
+
+/* end of plugin_identity_attribute_type_gnuid.c */
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am
index f64f1aa68..3b072e59d 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/identity-provider/Makefile.am
@@ -63,8 +63,7 @@ libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
 
 
 gnunet_service_identity_provider_SOURCES = \
- gnunet-service-identity-provider.c \
- identity_attribute.h
+ gnunet-service-identity-provider.c
 gnunet_service_identity_provider_LDADD = \
  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
  $(top_builddir)/src/util/libgnunetutil.la \
@@ -72,14 +71,14 @@ gnunet_service_identity_provider_LDADD = \
  $(top_builddir)/src/identity/libgnunetidentity.la \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
  $(top_builddir)/src/credential/libgnunetcredential.la \
+ $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
  libgnunetidentityprovider.la \
  $(top_builddir)/src/gns/libgnunetgns.la \
  $(GN_LIBINTL)
 
 libgnunetidentityprovider_la_SOURCES = \
  identity_provider_api.c \
- identity_provider.h \
- identity_attribute.c
+ identity_provider.h
 libgnunetidentityprovider_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
         $(GN_LIBINTL) $(XLIB)
@@ -88,13 +87,13 @@ libgnunetidentityprovider_la_LDFLAGS = \
         -version-info 0:0:0
 
 libgnunet_plugin_rest_identity_provider_la_SOURCES = \
-  plugin_rest_identity_provider.c \
-        jwt.c
+  plugin_rest_identity_provider.c
 libgnunet_plugin_rest_identity_provider_la_LIBADD = \
         $(top_builddir)/src/identity/libgnunetidentity.la \
         libgnunetidentityprovider.la \
         $(top_builddir)/src/rest/libgnunetrest.la \
         $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
+        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson -lmicrohttpd
@@ -108,6 +107,7 @@ gnunet_idp_LDADD = \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
         libgnunetidentityprovider.la \
         $(top_builddir)/src/identity/libgnunetidentity.la \
+        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
   $(GN_LIBINTL)
 
 check_SCRIPTS = \
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c
index 88136c124..18a5676c0 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -119,7 +119,7 @@ static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
 /**
  * Attribute list
  */
-static struct GNUNET_IDENTITY_PROVIDER_AttributeList *attr_list;
+static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
 
 static void
 do_cleanup(void *cls)
@@ -166,7 +166,7 @@ store_attr_cont (void *cls,
 static void
 process_attrs (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr)
+         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
   if (NULL == identity)
   {
@@ -207,7 +207,7 @@ process_rvk (void *cls, int success, const char* msg)
 static void
 iter_finished (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
 
   attr_iterator = NULL;
   if (list)
@@ -244,8 +244,8 @@ iter_finished (void *cls)
                                                      NULL);
     return;
   }
-  attr = GNUNET_IDENTITY_PROVIDER_attribute_new (attr_name,
-                                                 GNUNET_IDENTITY_PROVIDER_AT_STRING,
+  attr = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+                                                 GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
                                                  attr_value,
                                                  strlen (attr_value) + 1);
   idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
@@ -260,9 +260,9 @@ iter_finished (void *cls)
 static void
 iter_cb (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr)
+         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   char *attrs_tmp;
   char *attr_str;
 
@@ -275,11 +275,11 @@ iter_cb (void *cls,
         attr_str = strtok (NULL, ",");
         continue;
       }
-      le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-      le->attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (attr->name,
-                                                              attr->attribute_type,
-                                                              attr->data,
-                                                              attr->data_size);
+      le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+      le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
+                                                       attr->type,
+                                                       attr->data,
+                                                       attr->data_size);
       GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
                                    attr_list->list_tail,
                                    le);
@@ -321,7 +321,7 @@ ego_cb (void *cls,
                                    sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
 
 
-  attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
+  attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
 
   attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
                                                                  pkey,
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 58dea88a7..a5c178aa5 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -34,9 +34,9 @@
 #include "gnunet_statistics_service.h"
 #include "gnunet_gns_service.h"
 #include "gnunet_identity_provider_plugin.h"
+#include "gnunet_identity_attribute_lib.h"
 #include "gnunet_signatures.h"
 #include "identity_provider.h"
-#include "identity_attribute.h"
 
 /**
  * First pass state
@@ -365,7 +365,7 @@ struct AttributeStoreHandle
   /**
    * The attribute to store
    */
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute;
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
 
   /**
    * request id
@@ -428,7 +428,7 @@ struct ConsumeTicketHandle
   /**
    * Attributes
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
   
   /**
    * Lookup time
@@ -490,12 +490,12 @@ struct TicketRevocationHandle
   /**
    * Attributes to reissue
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Attributes to revoke
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *rvk_attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs;
 
   /**
    * Issuer Key
@@ -549,7 +549,7 @@ struct TicketIssueHandle
   /**
    * Attributes to issue
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Issuer Key
@@ -809,7 +809,7 @@ static void
 cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 {
   if (NULL != handle->attrs)
-    attribute_list_destroy (handle->attrs);
+    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
   if (NULL != handle->ns_qe)
     GNUNET_NAMESTORE_cancel (handle->ns_qe);
   GNUNET_free (handle);
@@ -820,7 +820,7 @@ static void
 send_ticket_result (struct IdpClient *client,
                     uint32_t r_id,
                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                    const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+                    const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketResultMessage *irm;
   struct GNUNET_MQ_Envelope *env;
@@ -873,13 +873,13 @@ store_ticket_issue_cont (void *cls,
 
 int
 serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                        const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
+                        const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
                         const struct GNUNET_CRYPTO_AbeKey *rp_key,
                         struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
                         char **result)
 {
   struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   char *enc_keyinfo;
   char *serialized_key;
   char *buf;
@@ -896,7 +896,7 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
                                             (void**)&serialized_key);
   attrs_str_len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next) {
-    attrs_str_len += strlen (le->attribute->name) + 1;
+    attrs_str_len += strlen (le->claim->name) + 1;
   }
   buf = GNUNET_malloc (attrs_str_len + size);
   write_ptr = buf;
@@ -904,14 +904,14 @@ serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
               "Writing attributes\n");
   for (le = attrs->list_head; NULL != le; le = le->next) {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "%s\n", le->attribute->name);
+                "%s\n", le->claim->name);
 
 
     GNUNET_memcpy (write_ptr,
-                   le->attribute->name,
-                   strlen (le->attribute->name));
-    write_ptr[strlen (le->attribute->name)] = ',';
-    write_ptr += strlen (le->attribute->name) + 1;
+                   le->claim->name,
+                   strlen (le->claim->name));
+    write_ptr[strlen (le->claim->name)] = ',';
+    write_ptr += strlen (le->claim->name) + 1;
   }
   write_ptr--;
   write_ptr[0] = '\0'; //replace last , with a 0-terminator
@@ -954,7 +954,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                   struct GNUNET_CRYPTO_AbeMasterKey *abe_key)
 {
   struct TicketIssueHandle *ih = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_CRYPTO_AbeKey *rp_key;
@@ -974,8 +974,8 @@ issue_ticket_after_abe_bootstrap (void *cls,
   i = 0;
   for (le = ih->attrs->list_head; NULL != le; le = le->next) {
     GNUNET_asprintf (&policy, "%s_%lu",
-                     le->attribute->name,
-                     le->attribute->attribute_version);
+                     le->claim->name,
+                     le->claim->version);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Adding attribute to key: %s\n",
                 policy);
@@ -1061,7 +1061,7 @@ handle_issue_ticket_message (void *cls,
 
   ih = GNUNET_new (struct TicketIssueHandle);
   attrs_len = ntohs (im->attr_len);
-  ih->attrs = attribute_list_deserialize ((char*)&im[1], attrs_len);
+  ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
   ih->r_id = ntohl (im->id);
   ih->client = idp;
   ih->identity = im->identity;
@@ -1087,9 +1087,9 @@ static void
 cleanup_revoke_ticket_handle (struct TicketRevocationHandle *handle)
 {
   if (NULL != handle->attrs)
-    attribute_list_destroy (handle->attrs);
+    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
   if (NULL != handle->rvk_attrs)
-    attribute_list_destroy (handle->rvk_attrs);
+    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->rvk_attrs);
   if (NULL != handle->abe_key)
     GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
   if (NULL != handle->ns_qe)
@@ -1132,7 +1132,7 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
 static void
 ticket_reissue_proc (void *cls,
                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
 
 static void
 revocation_reissue_tickets (struct TicketRevocationHandle *rh);
@@ -1176,11 +1176,11 @@ reissue_ticket_cont (void *cls,
 static void
 ticket_reissue_proc (void *cls,
                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le_rollover;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_CRYPTO_AbeKey *rp_key;
@@ -1223,11 +1223,11 @@ ticket_reissue_proc (void *cls,
          NULL != le_rollover;
          le_rollover = le_rollover->next)
     {
-      if (0 == strcmp (le_rollover->attribute->name,
-                       le->attribute->name))
+      if (0 == strcmp (le_rollover->claim->name,
+                       le->claim->name))
       {
         reissue_ticket = GNUNET_YES;
-        le->attribute->attribute_version = le_rollover->attribute->attribute_version;
+        le->claim->version = le_rollover->claim->version;
       }
     }
   }
@@ -1255,8 +1255,8 @@ ticket_reissue_proc (void *cls,
   i = 0;
   for (le = attrs->list_head; NULL != le; le = le->next) {
     GNUNET_asprintf (&policy, "%s_%lu",
-                     le->attribute->name,
-                     le->attribute->attribute_version);
+                     le->claim->name,
+                     le->claim->version);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Recreating key with %s\n", policy);
     attr_arr[i] = policy;
@@ -1349,14 +1349,14 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
     revocation_reissue_tickets (rh);
     return;
   }
-  buf_size = attribute_serialize_get_size (rh->attrs->list_head->attribute);
+  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
   buf = GNUNET_malloc (buf_size);
-  attribute_serialize (rh->attrs->list_head->attribute,
+  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
                        buf);
-  rh->attrs->list_head->attribute->attribute_version++;
+  rh->attrs->list_head->claim->version++;
   GNUNET_asprintf (&policy, "%s_%lu",
-                   rh->attrs->list_head->attribute->name,
-                   rh->attrs->list_head->attribute->attribute_version);
+                   rh->attrs->list_head->claim->name,
+                   rh->attrs->list_head->claim->version);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Encrypting with policy %s\n", policy);
   /**
@@ -1371,7 +1371,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
   GNUNET_free (policy);
   rd[0].data_size = enc_size + sizeof (uint32_t);
   rd_buf = GNUNET_malloc (rd[0].data_size);
-  attr_ver = htonl (rh->attrs->list_head->attribute->attribute_version);
+  attr_ver = htonl (rh->attrs->list_head->claim->version);
   GNUNET_memcpy (rd_buf,
                  &attr_ver,
                  sizeof (uint32_t));
@@ -1384,7 +1384,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
   rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
   rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                               &rh->identity,
-                                              rh->attrs->list_head->attribute->name,
+                                              rh->attrs->list_head->claim->name,
                                               1,
                                               rd,
                                               &attr_reenc_cont,
@@ -1403,7 +1403,7 @@ attr_reenc_cont (void *cls,
                  const char *emsg)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
 
   if (GNUNET_SYSERR == success)
   {
@@ -1437,11 +1437,11 @@ attr_reenc_cont (void *cls,
 static void
 process_attributes_to_update (void *cls,
                               const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                              const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+                              const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
 
-  rh->attrs = attribute_list_dup (attrs);
+  rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Revocation Phase I: Collecting attributes\n");
   /* Reencrypt all attributes with new key */
@@ -1514,7 +1514,7 @@ handle_revoke_ticket_message (void *cls,
 
   rh = GNUNET_new (struct TicketRevocationHandle);
   ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
-  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
+  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
   rh->ticket = *ticket;
   rh->r_id = ntohl (rm->id);
   rh->client = idp;
@@ -1537,7 +1537,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
     GNUNET_CRYPTO_cpabe_delete_key (handle->key,
                                     GNUNET_YES);
   if (NULL != handle->attrs)
-    attribute_list_destroy (handle->attrs);
+    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
   GNUNET_free (handle);
 }
 
@@ -1575,7 +1575,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   struct ConsumeTicketHandle *handle = parallel_lookup->handle;
   struct ConsumeTicketResultMessage *crm;
   struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *attr_le;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le;
   struct GNUNET_TIME_Absolute decrypt_duration;
   char *data;
   char *data_tmp;
@@ -1618,10 +1618,10 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                 1,
                                 GNUNET_YES);
 
-      attr_le = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry);
-      attr_le->attribute = attribute_deserialize (data,
+      attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+      attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data,
                                                   attr_len);
-      attr_le->attribute->attribute_version = ntohl(*(uint32_t*)rd->data);
+      attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
       GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
                                    handle->attrs->list_tail,
                                    attr_le);
@@ -1643,7 +1643,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   }
 
   GNUNET_SCHEDULER_cancel (handle->kill_task);
-  attrs_len = attribute_list_serialize_get_size (handle->attrs);
+  attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs);
   env = GNUNET_MQ_msg_extra (crm,
                              attrs_len,
                              GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT);
@@ -1651,7 +1651,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   crm->attrs_len = htons (attrs_len);
   crm->identity = handle->ticket.identity;
   data_tmp = (char *) &crm[1];
-  attribute_list_serialize (handle->attrs,
+  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs,
                             data_tmp);
   GNUNET_MQ_send (handle->client->mq, env);
   cleanup_consume_ticket_handle (handle);
@@ -1802,7 +1802,7 @@ handle_consume_ticket_message (void *cls,
   ch->r_id = ntohl (cm->id);
   ch->client = idp;
   ch->identity = cm->identity;
-  ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
+  ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
   GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
                                       &ch->identity_pub);
   ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
@@ -1830,8 +1830,8 @@ handle_consume_ticket_message (void *cls,
 static void
 cleanup_as_handle (struct AttributeStoreHandle *handle)
 {
-  if (NULL != handle->attribute)
-    GNUNET_free (handle->attribute);
+  if (NULL != handle->claim)
+    GNUNET_free (handle->claim);
   if (NULL != handle->abe_key)
     GNUNET_CRYPTO_cpabe_delete_master_key (handle->abe_key);
   GNUNET_free (handle);
@@ -1882,16 +1882,16 @@ attr_store_task (void *cls)
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Storing attribute\n");
-  buf_size = attribute_serialize_get_size (as_handle->attribute);
+  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim);
   buf = GNUNET_malloc (buf_size);
 
-  attribute_serialize (as_handle->attribute,
+  GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim,
                        buf);
 
   GNUNET_asprintf (&policy,
                    "%s_%lu",
-                   as_handle->attribute->name,
-                   as_handle->attribute->attribute_version);
+                   as_handle->claim->name,
+                   as_handle->claim->version);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Encrypting with policy %s\n", policy);
   /**
@@ -1906,7 +1906,7 @@ attr_store_task (void *cls)
   GNUNET_free (policy);
   rd[0].data_size = enc_size + sizeof (uint32_t);
   rd_buf = GNUNET_malloc (rd[0].data_size);
-  attr_ver = htonl (as_handle->attribute->attribute_version);
+  attr_ver = htonl (as_handle->claim->version);
   GNUNET_memcpy (rd_buf,
                  &attr_ver,
                  sizeof (uint32_t));
@@ -1919,7 +1919,7 @@ attr_store_task (void *cls)
   rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
   as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                                      &as_handle->identity,
-                                                     as_handle->attribute->name,
+                                                     as_handle->claim->name,
                                                      1,
                                                      rd,
                                                      &attr_store_cont,
@@ -1984,7 +1984,7 @@ handle_attribute_store_message (void *cls,
   data_len = ntohs (sam->attr_len);
 
   as_handle = GNUNET_new (struct AttributeStoreHandle);
-  as_handle->attribute = attribute_deserialize ((char*)&sam[1],
+  as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1],
                                                 data_len);
 
   as_handle->r_id = ntohl (sam->id);
@@ -2280,7 +2280,7 @@ cleanup_ticket_iter_handle (struct TicketIteration *ti)
 static void
 ticket_iterate_proc (void *cls,
                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketIterationProcResult *proc = cls;
 
diff --git a/src/identity-provider/identity_attribute.h b/src/identity-provider/identity_attribute.h
deleted file mode 100644
index 3e8fadccf..000000000
--- a/src/identity-provider/identity_attribute.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
-   This file is part of GNUnet.
-   Copyright (C) 2012-2015 GNUnet e.V.
-
-   GNUnet is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published
-   by the Free Software Foundation; either version 3, or (at your
-   option) any later version.
-
-   GNUnet is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNUnet; see the file COPYING.  If not, write to the
-   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.
-   */
-/**
- * @author Martin Schanzenbach
- * @file identity-provider/identity_attribute.h
- * @brief GNUnet Identity Provider library
- *
- */
-#ifndef IDENTITY_ATTRIBUTE_H
-#define IDENTITY_ATTRIBUTE_H
-
-#include "gnunet_identity_provider_service.h"
-
-struct Attribute
-{
-  /**
-   * Attribute type
-   */
-  uint32_t attribute_type;
-
-  /**
-   * Attribute version
-   */
-  uint32_t attribute_version;
-  
-  /**
-   * Name length
-   */
-  uint32_t name_len;
-  
-  /**
-   * Data size
-   */
-  uint32_t data_size;
-
-  //followed by data_size Attribute value data
-};
-
-/**
- * Get required size for serialization buffer
- *
- * @param attrs the attribute list to serialize
- *
- * @return the required buffer size
- */
-size_t
-attribute_list_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
-
-void
-attribute_list_destroy (struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
-
-
-/**
- * Serialize an attribute list
- *
- * @param attrs the attribute list to serialize
- * @param result the serialized attribute
- *
- * @return length of serialized data
- */
-size_t
-attribute_list_serialize (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
-                     char *result);
-
-/**
- * Deserialize an attribute list
- *
- * @param data the serialized attribute list
- * @param data_size the length of the serialized data
- *
- * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
- */
-struct GNUNET_IDENTITY_PROVIDER_AttributeList *
-attribute_list_deserialize (const char* data,
-                            size_t data_size);
-
-
-/**
- * Get required size for serialization buffer
- *
- * @param attr the attribute to serialize
- *
- * @return the required buffer size
- */
-size_t
-attribute_serialize_get_size (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr);
-
-
-
-/**
- * Serialize an attribute
- *
- * @param attr the attribute to serialize
- * @param result the serialized attribute
- *
- * @return length of serialized data
- */
-size_t
-attribute_serialize (const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
-                     char *result);
-
-/**
- * Deserialize an attribute
- *
- * @param data the serialized attribute
- * @param data_size the length of the serialized data
- *
- * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
- */
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-attribute_deserialize (const char* data,
-                       size_t data_size);
-
-/**
- * Create a new attribute.
- *
- * @param name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return the new attribute
- */
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-attribute_new (const char* attr_name,
-               uint32_t attr_type,
-               const void* data,
-               size_t data_size);
-
-struct GNUNET_IDENTITY_PROVIDER_AttributeList*
-attribute_list_dup (const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
-
-#endif
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 6d28709df..6fc8d228a 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -29,13 +29,12 @@
 #include "gnunet_protocols.h"
 #include "gnunet_mq_lib.h"
 #include "gnunet_identity_provider_service.h"
+#include "gnunet_identity_attribute_lib.h"
 #include "identity_provider.h"
-#include "identity_attribute.h"
 
 #define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__)
 
 
-
 /**
  * Handle for an operation with the service.
  */
@@ -495,9 +494,9 @@ handle_consume_ticket_result (void *cls,
     return;
 
   {
-    struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
-    struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *le;
-    attrs = attribute_list_deserialize ((char*)&msg[1],
+    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+    attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1],
                                         attrs_len);
     if (NULL != op->ar_cb)
     {
@@ -512,8 +511,8 @@ handle_consume_ticket_result (void *cls,
         for (le = attrs->list_head; NULL != le; le = le->next)
           op->ar_cb (op->cls,
                      &msg->identity,
-                     le->attribute);
-        attribute_list_destroy (attrs);
+                     le->claim);
+        GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
       }
     }
     op->ar_cb (op->cls,
@@ -619,9 +618,9 @@ handle_attribute_result (void *cls,
   }
 
   {
-    struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
-    attr = attribute_deserialize ((char*)&msg[1],
-                                  attr_len);
+    struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+    attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1],
+                                                  attr_len);
     if (NULL != it)
     {
       if (NULL != it->proc)
@@ -905,7 +904,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 struct GNUNET_IDENTITY_PROVIDER_Operation *
 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
+                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
                                           GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
                                           void *cont_cls)
 {
@@ -921,14 +920,14 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = attribute_serialize_get_size (attr);
+  attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr);
   op->env = GNUNET_MQ_msg_extra (sam,
                                  attr_len,
                                  GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
   sam->identity = *pkey;
   sam->id = htonl (op->r_id);
 
-  attribute_serialize (attr,
+  GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
                        (char*)&sam[1]);
 
   sam->attr_len = htons (attr_len);
@@ -941,24 +940,6 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 
 
 /**
- * Create a new attribute.
- *
- * @param name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return the new attribute
- */
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name,
-                                        uint32_t attr_type,
-                                        const void* data,
-                                        size_t data_size)
-{
-  return attribute_new (attr_name, attr_type, data, data_size);
-}
-
-/**
  * List all attributes for a local identity. 
  * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
  * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
@@ -1089,7 +1070,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
 GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
+                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
                                        GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
                                        void *cb_cls)
 {
@@ -1105,7 +1086,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = attribute_list_serialize_get_size (attrs);
+  attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
   op->env = GNUNET_MQ_msg_extra (tim,
                                  attr_len,
                                  GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET);
@@ -1113,7 +1094,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
   tim->rp = *rp;
   tim->id = htonl (op->r_id);
 
-  attribute_list_serialize (attrs,
+  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
                             (char*)&tim[1]);
 
   tim->attr_len = htons (attr_len);
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c
index c87f30e1c..594e4788d 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/identity-provider/plugin_identity_provider_sqlite.c
@@ -27,7 +27,7 @@
 #include "platform.h"
 #include "gnunet_identity_provider_service.h"
 #include "gnunet_identity_provider_plugin.h"
-#include "identity_attribute.h"
+#include "gnunet_identity_attribute_lib.h"
 #include "gnunet_sq_lib.h"
 #include <sqlite3.h>
 
@@ -373,7 +373,7 @@ database_shutdown (struct Plugin *plugin)
 static int
 identity_provider_sqlite_store_ticket (void *cls,
                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                       const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs)
+                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
 {
   struct Plugin *plugin = cls;
   size_t attrs_len;
@@ -402,9 +402,9 @@ identity_provider_sqlite_store_ticket (void *cls,
     GNUNET_SQ_reset (plugin->dbh,
                      plugin->delete_ticket);
     
-    attrs_len = attribute_list_serialize_get_size (attrs);
+    attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
     attrs_ser = GNUNET_malloc (attrs_len);
-    attribute_list_serialize (attrs,
+    GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
                               attrs_ser);
     struct GNUNET_SQ_QueryParam sparams[] = {
       GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
@@ -526,7 +526,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
                               void *iter_cls)
 {
   struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs;
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
   int ret;
   int sret;
   size_t attrs_len;
@@ -553,13 +553,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
     }
     else
     {
-      attrs = attribute_list_deserialize (attrs_ser,
+      attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser,
                                           attrs_len);
       if (NULL != iter)
         iter (iter_cls,
               &ticket,
               attrs);
-      attribute_list_destroy (attrs);
+      GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
       ret = GNUNET_YES;
     }
     GNUNET_SQ_cleanup_result (rs);
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index f6039722f..c27662a0d 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -37,6 +37,7 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
+#include "gnunet_identity_attribute_lib.h"
 #include "gnunet_identity_provider_service.h"
 
 /**
@@ -508,7 +509,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute;
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   char term_data[handle->rest_handle->data_size+1];
@@ -596,8 +597,8 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                   "value");
   value_str = json_string_value (value_json);
-  attribute = GNUNET_IDENTITY_PROVIDER_attribute_new (name_str,
-                                                      GNUNET_IDENTITY_PROVIDER_AT_STRING,
+  attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str,
+                                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
                                                       value_str,
                                                       strlen (value_str) + 1);
   handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
@@ -619,7 +620,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 attr_collect (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr)
+              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
   struct GNUNET_JSONAPI_Resource *json_resource;
   struct RequestHandle *handle = cls;
@@ -833,7 +834,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_cont (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr)
+              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
   struct GNUNET_JSONAPI_Resource *json_resource;
diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_identity_attribute_lib.h
new file mode 100644
index 000000000..039b50351
--- /dev/null
+++ b/src/include/gnunet_identity_attribute_lib.h
@@ -0,0 +1,231 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2017 GNUnet e.V.
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Identity attribute definitions
+ *
+ * @defgroup identity-provider  Identity Provider service
+ * @{
+ */
+#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0                           /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_util_lib.h"
+
+
+/**
+ * No value attribute.
+ */
+#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0
+
+/**
+ * String attribute.
+ */
+#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1
+
+
+
+/**
+ * An attribute.
+ */
+struct GNUNET_IDENTITY_ATTRIBUTE_Claim
+{
+  /**
+   * The name of the attribute. Note "name" must never be individually
+   * free'd
+   */
+  const char* name;
+
+  /**
+   * Type of Claim
+   */
+  uint32_t type;
+
+  /**
+   * Version
+   */
+  uint32_t version;
+
+  /**
+   * Number of bytes in @e data.
+   */
+  size_t data_size;
+
+  /**
+   * Binary value stored as attribute value.  Note: "data" must never
+   * be individually 'malloc'ed, but instead always points into some
+   * existing data area.
+   */
+  const void *data;
+
+};
+
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList
+{
+  /**
+   * List head
+   */
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head;
+
+  /**
+   * List tail
+   */
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail;
+};
+
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
+{
+  /**
+   * DLL
+   */
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev;
+
+  /**
+   * DLL
+   */
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next;
+
+  /**
+   * The attribute claim
+   */
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+};
+
+/**
+ * Create a new attribute claim.
+ *
+ * @param name the attribute name
+ * @param type the attribute type
+ * @param data the attribute value
+ * @param data_size the attribute value size
+ * @return the new attribute
+ */
+struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+                                     uint32_t type,
+                                     const void* data,
+                                     size_t data_size);
+
+
+/**
+ * Get required size for serialization buffer
+ *
+ * @param attrs the attribute list to serialize
+ *
+ * @return the required buffer size
+ */
+size_t
+GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+
+void
+GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+
+
+/**
+ * Serialize an attribute list
+ *
+ * @param attrs the attribute list to serialize
+ * @param result the serialized attribute
+ *
+ * @return length of serialized data
+ */
+size_t
+GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+                     char *result);
+
+/**
+ * Deserialize an attribute list
+ *
+ * @param data the serialized attribute list
+ * @param data_size the length of the serialized data
+ *
+ * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
+ */
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
+GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+                            size_t data_size);
+
+
+/**
+ * Get required size for serialization buffer
+ *
+ * @param attr the attribute to serialize
+ *
+ * @return the required buffer size
+ */
+size_t
+GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+
+
+
+/**
+ * Serialize an attribute
+ *
+ * @param attr the attribute to serialize
+ * @param result the serialized attribute
+ *
+ * @return length of serialized data
+ */
+size_t
+GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                     char *result);
+
+/**
+ * Deserialize an attribute
+ *
+ * @param data the serialized attribute
+ * @param data_size the length of the serialized data
+ *
+ * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
+ */
+struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+                       size_t data_size);
+
+struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
+GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+
+
+
+#if 0                           /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+
+/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */
+#endif
+
+/** @} */ /* end of group identity */
+
+/* end of gnunet_identity_attribute_lib.h */
diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_identity_attribute_plugin.h
new file mode 100644
index 000000000..edeed57fd
--- /dev/null
+++ b/src/include/gnunet_identity_attribute_plugin.h
@@ -0,0 +1,149 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2012, 2013 GNUnet e.V.
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Plugin API for the idp database backend
+ *
+ * @defgroup identity-provider-plugin  IdP service plugin API
+ * Plugin API for the idp database backend
+ * @{
+ */
+#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+
+#include "gnunet_util_lib.h"
+#include "gnunet_identity_attribute_lib.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0                           /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+
+/**
+ * Function called to convert the binary value @a data of an attribute of
+ * type @a type to a human-readable string.
+ *
+ * @param cls closure
+ * @param type type of the attribute
+ * @param data value in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the value
+ */
+typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
+                                                          uint32_t type,
+                                                          const void *data,
+                                                          size_t data_size);
+
+
+/**
+ * Function called to convert human-readable version of the value @a s
+ * of an attribute of type @a type to the respective binary
+ * representation.
+ *
+ * @param cls closure
+ * @param type type of the attribute
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
+                                                       uint32_t type,
+                                                       const char *s,
+                                                       void **data,
+                                                       size_t *data_size);
+
+
+/**
+ * Function called to convert a type name to the
+ * corresponding number.
+ *
+ * @param cls closure
+ * @param typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
+                                                               const char *typename);
+
+
+/**
+ * Function called to convert a type number (i.e. 1) to the
+ * corresponding type string
+ *
+ * @param cls closure
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
+                                                                   uint32_t type);
+
+
+/**
+ * Each plugin is required to return a pointer to a struct of this
+ * type as the return value from its entry point.
+ */
+struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
+{
+
+  /**
+   * Closure for all of the callbacks.
+   */
+  void *cls;
+
+  /**
+   * Conversion to string.
+   */
+  GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string;
+
+  /**
+   * Conversion to binary.
+   */
+  GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value;
+
+  /**
+   * Typename to number.
+   */
+  GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
+
+  /**
+   * Number to typename.
+   */
+  GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
+
+};
+
+
+#if 0                           /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/** @} */  /* end of group */
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h
index c0a258ab6..4b5098d58 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_identity_provider_plugin.h
@@ -51,7 +51,7 @@ extern "C"
  */
 typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
                                                  const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-             const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+             const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
 
 
 /**
@@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
    */
   int (*store_ticket) (void *cls,
                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-      const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs);
+      const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
 
   /**
    * Delete a ticket from the database.
@@ -111,7 +111,6 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
                                 void *iter_cls);
 };
 
-
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
 #endif
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h
index d17a1cc9c..6bc05d0f4 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_identity_provider_service.h
@@ -39,7 +39,7 @@ extern "C"
 #endif
 
 #include "gnunet_util_lib.h"
-
+#include "gnunet_identity_attribute_lib.h"
 
 /**
  * Version number of GNUnet Identity Provider API.
@@ -82,92 +82,6 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket
  */
 struct GNUNET_IDENTITY_PROVIDER_Operation;
 
-/**
- * Flags that can be set for an attribute.
- */
-enum GNUNET_IDENTITY_PROVIDER_AttributeType
-{
-
-  /**
-   * No value attribute.
-   */
-  GNUNET_IDENTITY_PROVIDER_AT_NULL = 0,
-
-  /**
-   * String attribute.
-   */
-  GNUNET_IDENTITY_PROVIDER_AT_STRING = 1,
-
-};
-
-
-
-/**
- * An attribute.
- */
-struct GNUNET_IDENTITY_PROVIDER_Attribute
-{
-
-  /**
-   * Type of Attribute.
-   */
-  uint32_t attribute_type;
-
-  /**
-   * Attribute version
-   */
-  uint32_t attribute_version;
-
-  /**
-   * Number of bytes in @e data.
-   */
-  size_t data_size;
-
-  /**
-   * The name of the attribute. Note "name" must never be individually
-   * free'd
-   */
-  const char* name;
-
-  /**
-   * Binary value stored as attribute value.  Note: "data" must never
-   * be individually 'malloc'ed, but instead always points into some
-   * existing data area.
-   */
-  const void *data;
-
-};
-
-struct GNUNET_IDENTITY_PROVIDER_AttributeList
-{
-  /**
-   * List head
-   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_head;
-
-  /**
-   * List tail
-   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_tail;
-};
-
-struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry
-{
-  /**
-   * DLL
-   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *prev;
-
-  /**
-   * DLL
-   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *next;
-
-  /**
-   * The attribute
-   */
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute;
-};
 
 /**
  * Connect to the identity provider service.
@@ -208,27 +122,12 @@ typedef void
 struct GNUNET_IDENTITY_PROVIDER_Operation *
 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
+                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
                                           GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
                                           void *cont_cls);
 
 
 /**
- * Create a new attribute.
- *
- * @param name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return the new attribute
- */
-struct GNUNET_IDENTITY_PROVIDER_Attribute *
-GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name,
-                                        uint32_t attr_type,
-                                        const void* data,
-                                        size_t data_size);
-
-/**
  * Process an attribute that was stored in the idp.
  *
  * @param cls closure
@@ -237,7 +136,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name,
 typedef void
 (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
                                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                                   const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr);
+                                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
 
 
 
@@ -327,7 +226,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
 GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
+                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
                                        GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
                                        void *cb_cls);