77 files changed, 6104 insertions, 2314 deletions

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..4fdd91f60
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,102 @@
+FROM ubuntu:18.04
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install tools and dependencies
+RUN apt-get update && \
+    apt-get -y install --no-install-recommends \
+      ca-certificates \
+      libsasl2-modules \
+      git \
+      automake \
+      autopoint \
+      autoconf \
+      texinfo \
+      libtool \
+      libltdl-dev \
+      libgpg-error-dev \
+      libidn11-dev \
+      libunistring-dev \
+      libglpk-dev \
+      libbluetooth-dev \
+      libextractor-dev \
+      libmicrohttpd-dev \
+      libgnutls28-dev \
+      libgcrypt20-dev \
+      libpq-dev \
+      libsqlite3-dev && \
+    apt-get clean all && \
+    apt-get -y autoremove && \
+    rm -rf \
+      /var/lib/apt/lists/* \
+      /tmp/*
+
+# Install GNUrl
+ENV GNURL_GIT_URL https://git.taler.net/gnurl.git
+ENV GNURL_GIT_BRANCH gnurl-7.57.0
+
+RUN git clone $GNURL_GIT_URL \
+      --branch $GNURL_GIT_BRANCH \
+      --depth=1 \
+      --quiet && \
+    cd /gnurl && \
+      autoreconf -i && \
+      ./configure \
+        --enable-ipv6 \
+        --with-gnutls \
+        --without-libssh2 \
+        --without-libmetalink \
+        --without-winidn \
+        --without-librtmp \
+        --without-nghttp2 \
+        --without-nss \
+        --without-cyassl \
+        --without-polarssl \
+        --without-ssl \
+        --without-winssl \
+        --without-darwinssl \
+        --disable-sspi \
+        --disable-ntlm-wb \
+        --disable-ldap \
+        --disable-rtsp \
+        --disable-dict \
+        --disable-telnet \
+        --disable-tftp \
+        --disable-pop3 \
+        --disable-imap \
+        --disable-smtp \
+        --disable-gopher \
+        --disable-file \
+        --disable-ftp \
+        --disable-smb && \
+      make install && \
+    cd - && \
+    rm -fr /gnurl
+
+# Install GNUnet
+ENV GNUNET_PREFIX /usr/local/gnunet
+ENV CFLAGS '-g -Wall -O0'
+
+COPY . /gnunet
+
+RUN cd /gnunet && \
+      ./bootstrap && \
+      ./configure \
+        --with-nssdir=/lib \
+        --prefix="$GNUNET_PREFIX" \
+        --enable-logging=verbose && \
+      make -j3 && \
+      make install && \
+      ldconfig && \
+    cd - && \
+    rm -fr /gnunet
+
+# Configure GNUnet
+COPY docker/gnunet.conf /etc/gnunet.conf
+COPY docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+RUN chmod 755 /usr/local/bin/docker-entrypoint
+
+ENV LOCAL_PORT_RANGE='40001 40200'
+ENV PATH "$GNUNET_PREFIX/bin:/usr/local/bin:$PATH"
+
+ENTRYPOINT ["docker-entrypoint"]
diff --git a/README b/README
index a00c5a0a9..256a6c69c 100644
--- a/README
+++ b/README
@@ -453,12 +453,12 @@ Further Reading
 
 * Documentation
 
-  A preliminary rendering of the new GNUnet manual is deployed at
+  A HTML version of the new GNUnet manual is deployed at
 
-    https://d.n0.is/pub/doc/gnunet/manual/
+    https://docs.gnunet.org
 
-  we plan to have a complete new gnunet.org up and running in 2019.
-  This website output exists as a convenience solution until then.
+  which currently displays just GNUnet documentation. Until 2019
+  we will add more reading material.
 
 * Academia / papers
 
diff --git a/README.md b/README.md
new file mode 100644
index 000000000..3f40b3d87
--- /dev/null
+++ b/README.md
@@ -0,0 +1,268 @@
+<p align="center">
+  <a href="https://gnunet.org"><img src="contrib/branding/logo/gnunet-logo-dark-text.svg" alt="GNUnet" width="300px"/></a>
+</p>
+
+> GNUnet is a *new* network protocol stack for building secure, distributed, and privacy-preserving applications. 
+
+* [Install](#how-to-install-gnunet)
+  * [From Source](#from-source)
+  * [Using Docker](#docker)
+* [Using GNUnet](#using-gnunet)
+* [License](#license)
+
+How to Install GNUnet
+---------------------
+
+### 1. From Source
+
+**Dependencies**
+
+Install these packages. Some of them may need to be installed from source depending on your OS.
+
+```
+- libmicrohttpd      >= 0.9.42      (available from https://www.gnu.org/software/libmicrohttpd/)
+- libgcrypt          >= 1.6
+- libgnurl           >= 7.35.0      (recommended, available from https://gnunet.org/gnurl)
+- libcurl            >= 7.35.0      (alternative to libgnurl)
+- libunistring       >= 0.9.2
+- gnutls             >= 3.2.12      (highly recommended: a gnutls linked against libunbound)
+- libidn             >= 1.0
+- libextractor       >= 0.6.1       (highly recommended)
+- openssl            >= 1.0         (binary, used to generate X.509 certificate)
+- libltdl            >= 2.2         (part of GNU libtool)
+- sqlite             >= 3.8         (default database, required)
+- mysql              >= 5.1         (alternative to sqlite)
+- postgres           >= 9.5         (alternative to sqlite)
+- Texinfo            >= 5.2         [*1]
+- which                             (for the bootstrap script)
+- gettext
+- zlib
+- pkg-config
+```
+
+
+You can also install the dependencies with the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/) by using the provided environment file: 
+
+```shell
+guix package -l guix-env.scm
+```
+
+
+**Using GNU Make**
+
+```shell
+./bootstrap # Run this to generate the configure files.
+./configure # See the various flags avalable to you.
+make
+make install
+```
+
+**Using the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/)**
+
+```shell
+# To build, run tests, and install:
+guix package -f guix-env.scm
+
+# To skip the testing phase:
+guix package -f guix-env.scm:notest
+```
+
+
+### 2. Docker
+
+```
+docker build -t gnunet .
+```
+
+
+
+Using GNUnet
+-------------
+
+There are many possible ways to use the subsystems of GNUnet, so we will provide a few examples in this section.
+
+<p align="center">
+  <a href="contrib/gnunet-arch-full.svg"><img src="contrib/gnunet-arch-full.svg" alt="GNUnet Modular Architecture" width="600px" border="1px"/></a>
+</p>
+
+>***GNUnet is composed of over 30 modular subsystems***
+
+
+### Start GNUnet Services
+
+Before we can begin using most of the components we must start them.
+
+```shell
+gnunet-arm --start
+```
+
+Now we can open up another shell and try using some of the modules.
+
+### Cadet
+
+#### Examples
+
+Open a Cadet connection:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret>
+```
+
+Conect to peer:
+
+```shell
+# Node 2
+gnunet-cadet <peer-id of Node 1> <shared secret>
+```
+
+#### Sharing Files
+
+With the cli tool, you can also share files:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret> > filename
+```
+
+On the Node 2 we're going to send the file to Node 1, and to do this we need to make use of [coprocesses](https://www.gnu.org/software/bash/manual/html_node/Coprocesses.html).
+The syntax for using coprocesses varies per shell. In our example we are assuming Bash. More info for different shells can be found [here](https://unix.stackexchange.com/questions/86270/how-do-you-use-the-command-coproc-in-various-shells)
+
+```shell
+# Node 2
+coproc gnunet-cadet <peer-id of Node 1> <shared secret>
+cat <file> >&"${COPROC[1]}"
+```
+
+Now this enables us to do some fun things, such as streaming video by piping to a media player:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret> | vlc -
+```
+
+```shell
+# Node 2
+coproc gnunet-cadet <peer-id of Node 1> <shared secret>
+cat <video-file> >&"${COPROC[1]}"
+```
+
+### Filesharing
+
+You can use GNUnet as a content-addressed storage, much like IPFS: sharing immutable files in a decentralized fashion with added privacy.
+
+For instance, you can get a nice cat picture with
+```sh
+gnunet-download gnunet://fs/loc/CB0ZX5EM1ZNNRT7AX93RVHCN1H49242DWZ4AXBTCJBAG22Z33VHYMR61J71YJXTXHEC22TNE0PRWA6D5X7NFNY2J9BNMG0SFN5DKZ0G.R48JSE2T4Y3W2AMDHZYX2MMDJC4HR0BVTJYNWJT2DGK7EQXR35DT84H9ZRAK3QTCTHDBAE1S6W16P8PCKC4HGEEKNW2T42HXF9RS1J0.1906755.J5Z3BDEG2PW332001GGZ2SSKCCSV8WDM696HNARG49X9TMABC4DG.B6Y7BCJ6B5K40EXCXASX1HQAD8MBJ9WTFWPCE3F15Q3Q4Y2PB8BKVGCS5HA4FG4484858NB74PBEE5V1638MGG7NS40A82K7QKK3G0G.1577833200 --output cat.png
+```
+
+You can also give files to the network, like so:
+
+```sh
+$ echo "I love GNUnet" > ILoveGNUnet.txt
+$ gnunet-publish ILoveGNUnet.txt
+
+Publishing `/tmp/ILoveGNUnet.txt` done.
+URI is `gnunet://fs/chk/SXA4RGZWDHE4PDWD2F4XG778J4SZY3E3SNDZ9AWFRZYYBV52W1T2WQNZCF1NYAT842800SSBQ8F247TG6MX7H4S1RWZZSC8ZXGQ4YPR.AZ3B5WR1XCWCWR6W30S2365KFY7A3R5AMF5SRN3Z11R72SMVQDX3F6GXQSZMWZGM5BSYVDQEJ93CR024QAAE65CKHM52GH8MZK1BM90.14`.
+```
+
+The URI you get is what you can use to retrieve the file with `gnunet-download`.
+
+### GNS
+
+*coming soon*
+
+
+### VPN
+
+#### "Half-hidden" services
+
+You can tunnel IP traffic through GNUnet allowing you to offer web, [rsh](https://linux.die.net/man/1/rsh), messaging or other servers without revealing your IP address.
+
+This is similar to Tor's Hidden (aka Onion) services, but currently does not provide as much privacy as onion routing isn't yet implemented; on the other hand, you can tunnel UDP, unlike Tor.
+
+#### Configuring server
+
+First, set up access from GNUnet to IP with `exit`:
+
+`gnunet.conf`:
+```
+[exit]
+FORCESTART = YES
+EXIT_IPV4 = YES
+EXIT_RANGE_IPV4_POLICY = 169.254.86.1;
+```
+
+Exit, by the way can also be used as a general-purpose IP proxy i.e. exit relay but here we restrict IPs to be accessed to those we'll be serving stuff on only.
+
+Then, start up a server to be shared. For the sake of example,
+
+```sh
+python3 -m http.server 8080
+```
+
+Now to configure the actual "half-hidden service". The config syntax is as follows:
+
+```sh
+[<shared secret>.gnunet.]
+TCP_REDIRECTS = <exposed port>:<local IP>:<local port>
+```
+
+...which for our example would be
+
+```sh
+[myhttptest.gnunet.]
+TCP_REDIRECTS = 80:169.254.86.1:8080
+```
+
+Local IP can be anything (if allowed by other configuration) but a localhost address (in other words, you can't bind a hidden service to the loopback interface and say 127.0.0.1 in `TCP_REDIRECTS`). The packets will appear as coming from the exit TUN interface to whatever address is configured in `TCP_REDIRECTS` (unlike SSH local forwarding, where the packets appear as coming from the loopback interface) and so they will not be forwarded to 127.0.0.1.
+
+You can share access to this service with a peer id, shared secret and IP port numbler: here `gnunet-peerinfo -s`, `myhttptest` and `80` respectively.
+
+#### Connecting
+
+`gnunet-vpn` gives you ephemeral IPs to connect to if you tell it a peer id and a shared secret, like so:
+
+```sh
+$ gnunet-vpn -p N7R25J8ADR553EPW0NFWNCXK9V80RVCP69QJ47XMT82VKAR7Y300 -t -s myhttptest
+10.11.139.20
+
+# And just connect to the given IP
+$ wget 10.11.139.20
+Connecting to 10.11.139.20:80... connected.
+```
+
+(You can try it out with your browser too.)
+
+### Running a Hostlist Server
+
+*coming soon*
+
+GNUnet Configuration
+--------------------------
+### Examples
+
+```yaml
+[transport]
+OPTIONS = -L DEBUG
+PLUGINS = tcp
+#PLUGINS = udp
+
+[transport-tcp]
+OPTIONS = -L DEBUG
+BINDTO = 192.168.0.2
+```
+
+TODO: *explain what this does and add more*
+
+
+Philosophy
+-------------------------
+
+GNUnet is made for an open society: It's a self-organizing network and it's [http://www.gnu.org/philosophy/free-sw.html](free software) as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you're not pressured to accept compromises.
+
+
+Related Projects
+-------------------------
+
+ <a href="https://pep.foundation"><img src="https://pep.foundation/static/media/uploads/peplogo.svg" alt="pep.foundation" width="80px"/></a>  <a href="https://secushare.org"><img src="https://secushare.org/img/secushare-0444.png" alt="Secushare" width="80px"/></a>
diff --git a/configure.ac b/configure.ac
index c7314d765..535ce0ffe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1759,8 +1759,8 @@ src/zonemaster/Makefile
 src/zonemaster/zonemaster.conf
 src/rest/Makefile
 src/abe/Makefile
-src/identity-attribute/Makefile
-src/identity-provider/Makefile
+src/reclaim-attribute/Makefile
+src/reclaim/Makefile
 pkgconfig/Makefile
 pkgconfig/gnunetarm.pc
 pkgconfig/gnunetats.pc
diff --git a/contrib/branding/logo/gnunet-logo-dark-text.svg b/contrib/branding/logo/gnunet-logo-dark-text.svg
new file mode 100644
index 000000000..5644e0ae7
--- /dev/null
+++ b/contrib/branding/logo/gnunet-logo-dark-text.svg
@@ -0,0 +1,1411 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   version="1.1"
+   id="svg2"
+   height="280"
+   width="320">
+  <title
+     id="title3310">logo for GNUnet</title>
+  <defs
+     id="defs4">
+    <linearGradient
+       id="gnunet">
+      <stop
+         style="stop-color:#ff0000;stop-opacity:0.58431375;"
+         offset="0"
+         id="stop9516" />
+      <stop
+         style="stop-color:#ffcc00;stop-opacity:1;"
+         offset="1"
+         id="stop9518" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4094">
+      <stop
+         style="stop-color:#232323;stop-opacity:1;"
+         offset="0"
+         id="stop4096" />
+      <stop
+         style="stop-color:#4d4d4d;stop-opacity:1;"
+         offset="1"
+         id="stop4098" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4014">
+      <stop
+         style="stop-color:#a0a0a0;stop-opacity:1;"
+         offset="0"
+         id="stop4016" />
+      <stop
+         style="stop-color:#ffffff;stop-opacity:1;"
+         offset="1"
+         id="stop4018" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4678">
+      <stop
+         style="stop-color:#e5e5e5;stop-opacity:1;"
+         offset="0"
+         id="stop4680" />
+      <stop
+         style="stop-color:#d3cdcd;stop-opacity:1;"
+         offset="1"
+         id="stop4682" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4341">
+      <stop
+         id="stop4343"
+         offset="0"
+         style="stop-color:#333333;stop-opacity:1;" />
+      <stop
+         id="stop4345"
+         offset="1"
+         style="stop-color:#484848;stop-opacity:1;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4696-5">
+      <stop
+         id="stop4698-6"
+         offset="0"
+         style="stop-color:#ffb638;stop-opacity:1;" />
+      <stop
+         id="stop4700-2"
+         offset="1"
+         style="stop-color:#f0ae26;stop-opacity:1;" />
+    </linearGradient>
+    <linearGradient
+       id="linearGradient4702-3-6">
+      <stop
+         id="stop4704-1"
+         offset="0"
+         style="stop-color:#ff0000;stop-opacity:0.58431375;" />
+      <stop
+         id="stop4706-8"
+         offset="1"
+         style="stop-color:#ffcc00;stop-opacity:1;" />
+    </linearGradient>
+    <color-profile
+       name="Artifex-PS-CMYK-Profile"
+       xlink:href="/usr/share/color/icc/ghostscript/ps_cmyk.icc"
+       id="color-profile27" />
+    <linearGradient
+       y2="69.791016"
+       x2="177.04297"
+       y1="63.65625"
+       x1="142.96875"
+       gradientTransform="matrix(-0.88803314,0,0,0.88803314,595.57001,1106.9291)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3138"
+       xlink:href="#linearGradient4702-3-6" />
+    <linearGradient
+       y2="1043.709"
+       x2="80.655251"
+       y1="1025.709"
+       x1="108.08774"
+       gradientTransform="matrix(-0.49726789,0,0,0.49726789,555.31016,722.70088)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3141"
+       xlink:href="#linearGradient4696-5" />
+    <linearGradient
+       y2="922.07178"
+       x2="78.000107"
+       y1="1004.8033"
+       x1="113.5146"
+       gradientTransform="matrix(0.88803314,0,0,0.88803314,415.18739,350.00262)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3144"
+       xlink:href="#linearGradient4702-3-6" />
+    <linearGradient
+       y2="70.667412"
+       x2="176.60477"
+       y1="63.65625"
+       x1="142.96875"
+       gradientTransform="matrix(0.88803314,0,0,0.88803314,415.2161,1106.9294)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3148"
+       xlink:href="#linearGradient4702-3-6" />
+    <linearGradient
+       y2="70.667412"
+       x2="176.60477"
+       y1="63.65625"
+       x1="142.96875"
+       gradientTransform="matrix(0.88803314,0,0,0.88803314,415.2161,1106.9294)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3780"
+       xlink:href="#linearGradient4702-3-6" />
+    <linearGradient
+       y2="922.07178"
+       x2="78.000107"
+       y1="1004.8033"
+       x1="113.5146"
+       gradientTransform="matrix(0.88803314,0,0,0.88803314,415.18739,350.00262)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3782"
+       xlink:href="#linearGradient4702-3-6" />
+    <linearGradient
+       y2="1043.709"
+       x2="80.655251"
+       y1="1025.709"
+       x1="108.08774"
+       gradientTransform="matrix(-0.49726789,0,0,0.49726789,555.31016,722.70088)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3784"
+       xlink:href="#linearGradient4696-5" />
+    <linearGradient
+       y2="69.791016"
+       x2="177.04297"
+       y1="63.65625"
+       x1="142.96875"
+       gradientTransform="matrix(-0.88803314,0,0,0.88803314,595.57001,1106.9291)"
+       gradientUnits="userSpaceOnUse"
+       id="linearGradient3786"
+       xlink:href="#linearGradient4702-3-6" />
+    <filter
+       id="filter9204"
+       style="color-interpolation-filters:sRGB">
+      <feColorMatrix
+         id="feColorMatrix9194"
+         result="colormatrix"
+         values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 -0.2125 -0.7154 -0.0721 1 0 "
+         in="SourceGraphic" />
+      <feComposite
+         k1="0"
+         id="feComposite9196"
+         result="composite"
+         k4="0"
+         k3="0"
+         k2="1"
+         operator="arithmetic"
+         in2="colormatrix"
+         in="SourceGraphic" />
+      <feGaussianBlur
+         id="feGaussianBlur9198"
+         result="blur1"
+         stdDeviation="5 0.01" />
+      <feGaussianBlur
+         id="feGaussianBlur9200"
+         result="blur2"
+         stdDeviation="0.01 5"
+         in="composite" />
+      <feBlend
+         id="feBlend9202"
+         result="blend"
+         mode="darken"
+         in2="blur1"
+         in="blur2" />
+    </filter>
+    <filter
+       id="filter9330"
+       style="color-interpolation-filters:sRGB">
+      <feGaussianBlur
+         id="feGaussianBlur9328"
+         result="blur"
+         stdDeviation="2 2" />
+    </filter>
+  </defs>
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title>logo for GNUnet</dc:title>
+        <dc:creator>
+          <cc:Agent>
+            <dc:title>Luis Felipe López Acevedo, Amirouche Boubekki, carlo von lynX</dc:title>
+          </cc:Agent>
+        </dc:creator>
+        <dc:rights>
+          <cc:Agent>
+            <dc:title>GNUnet e.V.</dc:title>
+          </cc:Agent>
+        </dc:rights>
+        <cc:license
+           rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
+        <dc:description />
+      </cc:Work>
+      <cc:License
+         rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Reproduction" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#Distribution" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Notice" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#Attribution" />
+        <cc:permits
+           rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+        <cc:requires
+           rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+      </cc:License>
+    </rdf:RDF>
+  </metadata>
+  <g
+     id="g5346"
+     style="display:none"
+     transform="translate(-387.41463,-609.81931)">
+    <text
+       xml:space="preserve"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       x="453.95291"
+       y="869.96057"
+       id="text5344"><tspan
+         id="tspan5342"
+         x="453.95291"
+         y="869.96057"
+         style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:49.33333206px;font-family:'Ubuntu Bold';-inkscape-font-specification:'Ubuntu Bold, ';fill:#ffffff;stroke-width:1.03365779px"
+         dx="0 0 0">gnu net</tspan></text>
+  </g>
+  <g
+     transform="translate(-387.41463,-609.81931)"
+     style="display:none"
+     id="g950">
+    <text
+       id="text948"
+       y="869.21057"
+       x="467.77612"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       xml:space="preserve"><tspan
+         dx="0 -2.5 -3 0 -19.25 -2.5 -3"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:1.03365779px"
+         y="869.21057"
+         x="467.77612"
+         id="tspan946">gnu net</tspan></text>
+  </g>
+  <g
+     id="g941"
+     style="display:none"
+     transform="translate(0,-20)">
+    <ellipse
+       ry="17.690269"
+       rx="17.68549"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:1.68696308;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+       id="ellipse937"
+       cx="157.97346"
+       cy="180.65355" />
+    <ellipse
+       ry="17.690269"
+       rx="17.68549"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:1.68696308;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+       id="ellipse939"
+       cx="157.97346"
+       cy="111.16864" />
+  </g>
+  <g
+     transform="translate(-387.41463,-609.81931)"
+     style="display:none"
+     id="g935">
+    <g
+       aria-label="gnu net"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;image-rendering:auto"
+       id="g933">
+      <path
+         d="m 423.90503,684.79003 h 22.14128 v 61.61056 q 0,11.55196 4.3855,16.04443 4.38546,4.49242 12.72857,4.49242 12.19374,0 20.00203,-9.94753 7.80828,-9.94753 7.80828,-27.48942 v -44.71046 h 22.14128 v 99.6893 h -22.14128 v -24.92231 q -3.31586,12.83553 -12.30071,20.10899 -8.98489,7.27346 -22.14132,7.27346 -15.29567,0 -23.95963,-9.94753 -8.664,-10.0545 -8.664,-30.59135 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:4.46906853px"
+         id="path925" />
+      <path
+         d="m 669.48029,784.47933 h -22.14128 v -61.50359 q 0,-11.65892 -4.3855,-16.15139 -4.38546,-4.49243 -12.72857,-4.49243 -12.30071,0 -20.10899,9.94753 -7.70132,9.94754 -7.70132,27.48947 v 44.71041 h -22.14128 v -99.6893 h 22.14128 v 25.02928 q 3.31586,-12.94249 12.30071,-20.10899 8.98489,-7.27346 22.14132,-7.27346 15.29567,0 23.95967,9.94753 8.66396,9.94753 8.66396,30.59135 z"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:4.46906853px"
+         id="path927" />
+    </g>
+  </g>
+  <g
+     id="g1296"
+     style="display:none"
+     transform="translate(0,-67.278107)">
+    <path
+       style="fill:none;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+       id="path1256" />
+    <path
+       style="fill:none;stroke:#dddddd;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+       id="path1258" />
+    <path
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+       id="path1260" />
+    <path
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 98.868943,129.31358 37.045597,48.02106"
+       id="path1262" />
+    <path
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+       id="path1264" />
+    <path
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+       id="path1266" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#dddddd;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+       id="path1268" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 601.57854,741.42859 -2.26809,-64.28015"
+       id="path1270" />
+    <path
+       style="fill:none;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+       id="path1272" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 475.69911,700.21367 24.57107,51.42411"
+       id="path1274" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 534.29164,751.63778 12.85257,40.08057"
+       id="path1276" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 525.21925,783.02162 0.37803,45.75234"
+       id="path1278" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 601.95657,742.56293 -12.09653,36.6775"
+       id="path1280" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+       id="path1282" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+       id="path1284" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 557.35064,768.27501 31.75336,10.5873"
+       id="path1286" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+       id="path1288" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 524.46323,829.53019 44.98392,-0.37812"
+       id="path1290" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;stroke:#dddddd;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+       id="path1292" />
+    <path
+       transform="translate(-387.41463,-542.5412)"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 409.92428,677.14844 54.05634,6.0499"
+       id="path1294" />
+  </g>
+  <g
+     transform="translate(0,-67.278107)"
+     style="display:none"
+     id="g1254">
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="829.24042"
+       cx="568.98083"
+       id="ellipse1194"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1196"
+       cx="588.85413"
+       cy="778.67493" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="740.67249"
+       cx="601.57867"
+       id="ellipse1198"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1200"
+       cx="525.79852"
+       cy="829.24042" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1202"
+       cx="557.82654"
+       cy="768.71582" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="783.02173"
+       cx="525.21936"
+       id="ellipse1204"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1206"
+       cx="400.09586"
+       cy="647.34271" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1208"
+       cx="450.11285"
+       cy="628.31934" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1210"
+       cx="622.36951"
+       cy="699.45752" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1212"
+       cx="547.21771"
+       cy="792.29773" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1214"
+       cx="566.20697"
+       cy="800.12549" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="751.63794"
+       cx="500.64822"
+       id="ellipse1216"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1218"
+       cx="533.33447"
+       cy="751.72632" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1220"
+       cx="450.75012"
+       cy="699.83545" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="700.59174"
+       cx="476.07718"
+       id="ellipse1222"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1224"
+       cx="521.49146"
+       cy="719.65314" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1226"
+       cx="500.6362"
+       cy="703.87305" />
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="134.28851"
+       cx="211.9584"
+       id="ellipse1228"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1230"
+       cx="576.62964"
+       cy="713.44794" />
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="123.16669"
+       cx="43.166531"
+       id="ellipse1232"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1234"
+       cx="98.865997"
+       cy="129.43542" />
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="130.05022"
+       cx="267.08618"
+       id="ellipse1236"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1238"
+       cx="679.07196"
+       cy="686.22339" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="748.99109"
+       cx="577.00763"
+       id="ellipse1240"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1242"
+       cx="577.00763"
+       cy="748.99109" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="748.99109"
+       cx="577.07013"
+       id="ellipse1244"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(0,-3e-6)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="133.85095"
+       cx="22.887779"
+       id="ellipse1246"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="682.1922"
+       cx="462.47165"
+       id="ellipse1248"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       cy="647.3053"
+       cx="694.58264"
+       id="ellipse1250"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+    <ellipse
+       transform="translate(-387.41463,-542.5412)"
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1252"
+       cx="649.61285"
+       cy="628.31934" />
+  </g>
+  <g
+     transform="translate(0,-67.278107)"
+     style="display:inline"
+     id="g1533">
+    <path
+       id="path1493"
+       d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+       style="fill:none;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1495"
+       d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+       style="fill:none;stroke:#3399cc;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1497"
+       d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1499"
+       d="m 98.868943,129.31358 37.045597,48.02106"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1501"
+       d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1503"
+       d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1505"
+       d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#3399cc;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1507"
+       d="m 601.57854,741.42859 -2.26809,-64.28015"
+       style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1509"
+       d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+       style="fill:none;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    <path
+       id="path1511"
+       d="m 475.69911,700.21367 24.57107,51.42411"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1513"
+       d="m 534.29164,751.63778 12.85257,40.08057"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1515"
+       d="m 525.21925,783.02162 0.37803,45.75234"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1517"
+       d="m 601.95657,742.56293 -12.09653,36.6775"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1519"
+       d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1521"
+       d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1523"
+       d="m 557.35064,768.27501 31.75336,10.5873"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1525"
+       d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1527"
+       d="m 524.46323,829.53019 44.98392,-0.37812"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1529"
+       d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+       style="display:inline;opacity:1;fill:none;stroke:#3399cc;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path1531"
+       d="m 409.92428,677.14844 54.05634,6.0499"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       transform="translate(-387.41463,-542.5412)" />
+  </g>
+  <g
+     id="g1491"
+     style="display:inline"
+     transform="translate(0,-67.278107)">
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1431"
+       cx="568.98083"
+       cy="829.24042"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="778.67493"
+       cx="588.85413"
+       id="ellipse1433"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1435"
+       cx="601.57867"
+       cy="740.67249"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="829.24042"
+       cx="525.79852"
+       id="ellipse1437"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="768.71582"
+       cx="557.82654"
+       id="ellipse1439"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1441"
+       cx="525.21936"
+       cy="783.02173"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="647.34271"
+       cx="400.09586"
+       id="ellipse1443"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="628.31934"
+       cx="450.11285"
+       id="ellipse1445"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="699.45752"
+       cx="622.36951"
+       id="ellipse1447"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="792.29773"
+       cx="547.21771"
+       id="ellipse1449"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="800.12549"
+       cx="566.20697"
+       id="ellipse1451"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1453"
+       cx="500.64822"
+       cy="751.63794"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="751.72632"
+       cx="533.33447"
+       id="ellipse1455"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="699.83545"
+       cx="450.75012"
+       id="ellipse1457"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1459"
+       cx="476.07718"
+       cy="700.59174"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="719.65314"
+       cx="521.49146"
+       id="ellipse1461"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="703.87305"
+       cx="500.6362"
+       id="ellipse1463"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1465"
+       cx="211.9584"
+       cy="134.28851"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="713.44794"
+       cx="576.62964"
+       id="ellipse1467"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1469"
+       cx="43.166531"
+       cy="123.16669"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="129.43542"
+       cx="98.865997"
+       id="ellipse1471"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1473"
+       cx="267.08618"
+       cy="130.05022"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="686.22339"
+       cx="679.07196"
+       id="ellipse1475"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1477"
+       cx="577.00763"
+       cy="748.99109"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="748.99109"
+       cx="577.00763"
+       id="ellipse1479"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1481"
+       cx="577.07013"
+       cy="748.99109"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1483"
+       cx="22.887779"
+       cy="133.85095"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(0,-3e-6)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1485"
+       cx="462.47165"
+       cy="682.1922"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1487"
+       cx="694.58264"
+       cy="647.3053"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="628.31934"
+       cx="649.61285"
+       id="ellipse1489"
+       style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+  </g>
+  <g
+     id="g1539"
+     style="display:inline"
+     transform="translate(0,-20)">
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#3399cc;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1535"
+       cx="159.80099"
+       cy="276.32968" />
+    <ellipse
+       ry="4.1593032"
+       rx="4.1581793"
+       style="display:inline;opacity:1;fill:#3399cc;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse1537"
+       cx="159.80099"
+       cy="259.99252" />
+  </g>
+  <g
+     transform="translate(0,-67.278107)"
+     style="display:none"
+     id="layer3">
+    <path
+       id="path5313"
+       d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+       style="fill:none;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path5311"
+       d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+       style="fill:none;stroke:#cc0000;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path9316"
+       d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path9318"
+       d="m 98.868943,129.31358 37.045597,48.02106"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path12058"
+       d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path12250"
+       d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+       style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path5161"
+       d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+       style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#cc0000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12206"
+       d="m 601.57854,741.42859 -2.26809,-64.28015"
+       style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path5331"
+       d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+       style="fill:none;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+    <path
+       id="path9320"
+       d="m 475.69911,700.21367 24.57107,51.42411"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path9322"
+       d="m 534.29164,751.63778 12.85257,40.08057"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path9324"
+       d="m 525.21925,783.02162 0.37803,45.75234"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path9326"
+       d="m 601.95657,742.56293 -12.09653,36.6775"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12060"
+       d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12208"
+       d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12210"
+       d="m 557.35064,768.27501 31.75336,10.5873"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12212"
+       d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12216"
+       d="m 524.46323,829.53019 44.98392,-0.37812"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path5163"
+       d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+       style="display:inline;opacity:1;fill:none;stroke:#cc0000;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+    <path
+       id="path12214"
+       d="m 409.92428,677.14844 54.05634,6.0499"
+       style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+       transform="translate(-387.41463,-542.5412)" />
+  </g>
+  <g
+     id="g325"
+     style="display:none"
+     transform="translate(0,-67.278107)">
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12254"
+       cx="568.98083"
+       cy="829.24042"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="778.67493"
+       cx="588.85413"
+       id="ellipse12290"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12284"
+       cx="601.57867"
+       cy="740.67249"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="829.24042"
+       cx="525.79852"
+       id="ellipse12256"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="768.71582"
+       cx="557.82654"
+       id="ellipse12306"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12280"
+       cx="525.21936"
+       cy="783.02173"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="647.34271"
+       cx="400.09586"
+       id="ellipse12258"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="628.31934"
+       cx="450.11285"
+       id="ellipse12258-3"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="699.45752"
+       cx="622.36951"
+       id="ellipse12294"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="792.29773"
+       cx="547.21771"
+       id="ellipse12252"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="800.12549"
+       cx="566.20697"
+       id="ellipse12282"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12276"
+       cx="500.64822"
+       cy="751.63794"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="751.72632"
+       cx="533.33447"
+       id="ellipse12278"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="699.83545"
+       cx="450.75012"
+       id="ellipse12262"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12268"
+       cx="476.07718"
+       cy="700.59174"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="719.65314"
+       cx="521.49146"
+       id="ellipse12270"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="703.87305"
+       cx="500.6362"
+       id="ellipse12274"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12292"
+       cx="211.9584"
+       cy="134.28851"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="713.44794"
+       cx="576.62964"
+       id="ellipse12286"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12260"
+       cx="43.166531"
+       cy="123.16669"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="129.43542"
+       cx="98.865997"
+       id="ellipse12266"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12296"
+       cx="267.08618"
+       cy="130.05022"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="686.22339"
+       cx="679.07196"
+       id="ellipse12298"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12288"
+       cx="577.00763"
+       cy="748.99109"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="748.99109"
+       cx="577.00763"
+       id="ellipse12302"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12304"
+       cx="577.07013"
+       cy="748.99109"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12264"
+       cx="22.887779"
+       cy="133.85095"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(0,-3e-6)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12272"
+       cx="462.47165"
+       cy="682.1922"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       id="ellipse12300"
+       cx="694.58264"
+       cy="647.3053"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+    <ellipse
+       cy="628.31934"
+       cx="649.61285"
+       id="ellipse12258-3-0"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+       rx="4.1581793"
+       ry="4.1593032"
+       transform="translate(-387.41463,-542.5412)" />
+  </g>
+  <g
+     transform="translate(0,-20)"
+     style="display:none"
+     id="layer6">
+    <ellipse
+       cy="276.32968"
+       cx="159.80099"
+       id="ellipse12282-8-9-0"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+       rx="4.1581793"
+       ry="4.1593032" />
+    <ellipse
+       cy="259.99252"
+       cx="159.80099"
+       id="ellipse12282-8-9"
+       style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+       rx="4.1581793"
+       ry="4.1593032" />
+  </g>
+  <g
+     id="g975"
+     style="display:inline"
+     transform="translate(-387.41463,-609.81931)">
+    <g
+       id="text973"
+       style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;image-rendering:auto"
+       aria-label="gnu net">
+      <path
+         id="path977"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 489.62118,868.96318 q 0,2.375 -0.81641,4.23046 -0.81641,1.85547 -2.30078,3.14193 -1.45964,1.28646 -3.46354,1.95443 -1.97917,0.69271 -4.42839,0.69271 -6.01172,0 -10.26693,-3.63672 l 2.42448,-3.95834 q 3.53776,3.04297 7.84245,3.04297 2.64714,0 4.25521,-1.31119 1.63281,-1.28646 1.63281,-4.0573 v -2.47395 q -1.58333,1.36067 -3.04297,2.02864 -1.45963,0.64323 -3.38932,0.64323 -2.22656,0 -4.13151,-0.9401 -1.90495,-0.94011 -3.29037,-2.54818 -1.36067,-1.63281 -2.15234,-3.78516 -0.76693,-2.15234 -0.76693,-4.57682 0,-2.42448 0.76693,-4.57682 0.79167,-2.17709 2.15234,-3.76042 1.38542,-1.60807 3.29037,-2.52344 1.90495,-0.9401 4.13151,-0.9401 1.92969,0 3.4388,0.66797 1.50912,0.64323 2.99349,1.95442 v -2.07812 h 5.1211 z m -5.1211,-16.67448 q -0.91536,-1.01433 -2.375,-1.53386 -1.43489,-0.54427 -2.79557,-0.54427 -2.89453,0 -4.70052,2.02865 -1.78125,2.02864 -1.78125,5.17057 0,1.55859 0.47005,2.89453 0.49479,1.3112 1.33594,2.27604 0.86588,0.96485 2.05338,1.53386 1.21224,0.54427 2.6224,0.54427 1.36068,0 2.79557,-0.54427 1.45964,-0.56901 2.375,-1.58334 z" />
+      <path
+         id="path979"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 514.82951,869.21057 h -5.12109 v -14.22526 q 0,-2.69661 -1.01433,-3.73568 -1.01432,-1.03906 -2.94401,-1.03906 -2.84505,0 -4.65104,2.30078 -1.78125,2.30078 -1.78125,6.35808 v 10.34114 h -5.12109 v -23.05729 h 5.12109 v 5.78906 q 0.76693,-2.99349 2.84505,-4.65104 2.07813,-1.68229 5.1211,-1.68229 3.53776,0 5.54166,2.30078 2.00391,2.30078 2.00391,7.07552 z" />
+      <path
+         id="path981"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 518.90503,846.15328 h 5.12109 v 14.25 q 0,2.67187 1.01433,3.71094 1.01432,1.03906 2.94401,1.03906 2.82031,0 4.6263,-2.30078 1.80599,-2.30078 1.80599,-6.35807 v -10.34115 h 5.12109 v 23.05729 h -5.12109 v -5.76432 q -0.76693,2.96875 -2.84505,4.65104 -2.07813,1.68229 -5.1211,1.68229 -3.53776,0 -5.54166,-2.30078 -2.00391,-2.32552 -2.00391,-7.07552 z" />
+      <path
+         id="path983"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 575.70451,869.21057 h -5.12109 v -14.22526 q 0,-2.69661 -1.01433,-3.73568 -1.01432,-1.03906 -2.94401,-1.03906 -2.84505,0 -4.65104,2.30078 -1.78125,2.30078 -1.78125,6.35808 v 10.34114 h -5.12109 v -23.05729 h 5.12109 v 5.78906 q 0.76693,-2.99349 2.84505,-4.65104 2.07813,-1.68229 5.1211,-1.68229 3.53776,0 5.54167,2.30078 2.0039,2.30078 2.0039,7.07552 z" />
+      <path
+         id="path985"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 583.76832,859.63635 q 0.37109,2.375 2.2513,3.95834 1.90495,1.55859 5.09635,1.55859 2.4987,0 4.32943,-0.76693 1.85547,-0.79166 3.19141,-2.07812 l 2.62239,3.61198 q -2.22656,2.22656 -4.72526,3.04297 -2.47396,0.8164 -5.41797,0.8164 -2.67187,0 -4.97265,-0.89062 -2.30079,-0.89063 -3.98308,-2.47396 -1.68229,-1.60807 -2.64713,-3.8099 -0.94011,-2.20182 -0.94011,-4.89844 0,-2.62239 0.86589,-4.82421 0.89062,-2.22657 2.47396,-3.83464 1.60807,-1.63281 3.83463,-2.52344 2.22657,-0.91536 4.92318,-0.91536 2.79557,0 5.07161,0.96484 2.27605,0.94011 3.88412,2.7461 1.63281,1.80599 2.54818,4.42838 0.91536,2.59766 0.91536,5.88802 z m 13.53255,-4.5026 q -0.39584,-2.22656 -2.30078,-3.5625 -1.90495,-1.36068 -4.32943,-1.36068 -2.42448,0 -4.35417,1.36068 -1.92968,1.33594 -2.32552,3.5625 z" />
+      <path
+         id="path987"
+         style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+         d="m 627.08081,861.86291 q -0.39583,3.63672 -2.86979,5.78907 -2.44922,2.1276 -6.13542,2.1276 -2.02864,0 -3.71094,-0.66797 -1.68229,-0.66797 -2.86979,-1.85547 -1.1875,-1.1875 -1.85547,-2.84505 -0.64322,-1.68229 -0.64322,-3.66146 v -9.97005 h -5.22006 v -4.6263 h 5.22006 v -9.22787 h 5.12109 v 9.22787 h 9.67318 v 4.6263 h -9.67318 v 9.97005 q 0,2.22657 1.08854,3.31511 1.08854,1.08854 2.86979,1.08854 2.17709,0 3.24089,-1.26172 1.0638,-1.26172 1.26172,-3.04297 z" />
+    </g>
+  </g>
+</svg>
diff --git a/contrib/gnunet-arch-full.svg b/contrib/gnunet-arch-full.svg
new file mode 100644
index 000000000..766f2b855
--- /dev/null
+++ b/contrib/gnunet-arch-full.svg
@@ -0,0 +1,648 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by graphviz version 2.38.0 (20140413.2041)
+ -->
+<!-- Title: dependencies Pages: 1 -->
+<svg width="1277pt" height="836pt"
+ viewBox="0.00 0.00 1276.81 836.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 832)">
+<title>dependencies</title>
+<polygon fill="white" stroke="none" points="-4,4 -4,-832 1272.81,-832 1272.81,4 -4,4"/>
+<!-- voting -->
+<g id="node1" class="node"><title>voting</title>
+<polygon fill="none" stroke="black" points="120.944,-743.562 80,-756 39.0559,-743.562 39.0942,-723.438 120.906,-723.438 120.944,-743.562"/>
+<text text-anchor="middle" x="80" y="-734.3" font-family="Times,serif" font-size="14.00">voting</text>
+</g>
+<!-- consensus -->
+<g id="node2" class="node"><title>consensus</title>
+<ellipse fill="none" stroke="black" cx="112" cy="-594" rx="46.2923" ry="18"/>
+<text text-anchor="middle" x="112" y="-590.3" font-family="Times,serif" font-size="14.00">consensus</text>
+</g>
+<!-- voting&#45;&gt;consensus -->
+<g id="edge1" class="edge"><title>voting&#45;&gt;consensus</title>
+<path fill="none" stroke="black" d="M121.028,-728.482C145.315,-721.103 174.155,-707.724 189,-684 197.487,-670.436 196.445,-662.162 189,-648 180.933,-632.654 166.19,-620.887 151.748,-612.383"/>
+<polygon fill="black" stroke="black" points="153.308,-609.247 142.857,-607.508 149.942,-615.385 153.308,-609.247"/>
+</g>
+<!-- identity -->
+<g id="node3" class="node"><title>identity</title>
+<ellipse fill="none" stroke="black" cx="282" cy="-450" rx="37.8943" ry="18"/>
+<text text-anchor="middle" x="282" y="-446.3" font-family="Times,serif" font-size="14.00">identity</text>
+</g>
+<!-- voting&#45;&gt;identity -->
+<g id="edge2" class="edge"><title>voting&#45;&gt;identity</title>
+<path fill="none" stroke="black" d="M58.5145,-723.377C45.8789,-714.02 31.0387,-700.353 24,-684 5.02284,-639.911 -2.50901,-616.016 24,-576 46.6577,-541.798 71.8444,-557.396 109,-540 158.351,-516.894 214.207,-487.564 248.77,-469.032"/>
+<polygon fill="black" stroke="black" points="250.781,-471.924 257.931,-464.105 247.466,-465.759 250.781,-471.924"/>
+</g>
+<!-- cadet -->
+<g id="node4" class="node"><title>cadet</title>
+<ellipse fill="none" stroke="black" cx="538" cy="-450" rx="29.4969" ry="18"/>
+<text text-anchor="middle" x="538" y="-446.3" font-family="Times,serif" font-size="14.00">cadet</text>
+</g>
+<!-- voting&#45;&gt;cadet -->
+<g id="edge3" class="edge"><title>voting&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M72.0051,-723.243C55.682,-693.149 22.8306,-620.604 57,-576 70.8829,-557.877 390.653,-484.265 500.977,-459.316"/>
+<polygon fill="black" stroke="black" points="501.999,-462.673 510.983,-457.057 500.458,-455.845 501.999,-462.673"/>
+</g>
+<!-- secretsharing -->
+<g id="node5" class="node"><title>secretsharing</title>
+<ellipse fill="none" stroke="black" cx="123" cy="-666" rx="57.3905" ry="18"/>
+<text text-anchor="middle" x="123" y="-662.3" font-family="Times,serif" font-size="14.00">secretsharing</text>
+</g>
+<!-- voting&#45;&gt;secretsharing -->
+<g id="edge4" class="edge"><title>voting&#45;&gt;secretsharing</title>
+<path fill="none" stroke="black" d="M88.4954,-723.17C93.8716,-714.418 100.986,-702.837 107.357,-692.466"/>
+<polygon fill="black" stroke="black" points="110.45,-694.117 112.702,-683.764 104.486,-690.453 110.45,-694.117"/>
+</g>
+<!-- consensus&#45;&gt;cadet -->
+<g id="edge72" class="edge"><title>consensus&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M146.507,-581.905C153.275,-579.85 160.34,-577.79 167,-576 236.135,-557.417 256.193,-562.96 324,-540 360.547,-527.625 367.474,-519.056 403,-504 437.068,-489.562 476.509,-474.236 503.927,-463.798"/>
+<polygon fill="black" stroke="black" points="505.344,-467.004 513.453,-460.185 502.862,-460.459 505.344,-467.004"/>
+</g>
+<!-- set -->
+<g id="node24" class="node"><title>set</title>
+<ellipse fill="none" stroke="black" cx="517" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="517" y="-518.3" font-family="Times,serif" font-size="14.00">set</text>
+</g>
+<!-- consensus&#45;&gt;set -->
+<g id="edge71" class="edge"><title>consensus&#45;&gt;set</title>
+<path fill="none" stroke="black" d="M145.818,-581.678C152.772,-579.596 160.083,-577.583 167,-576 182.24,-572.511 394.44,-541.075 480.815,-528.33"/>
+<polygon fill="black" stroke="black" points="481.561,-531.758 490.943,-526.837 480.539,-524.833 481.561,-531.758"/>
+</g>
+<!-- dht -->
+<g id="node7" class="node"><title>dht</title>
+<ellipse fill="none" stroke="black" cx="756" cy="-378" rx="27" ry="18"/>
+<text text-anchor="middle" x="756" y="-374.3" font-family="Times,serif" font-size="14.00">dht</text>
+</g>
+<!-- cadet&#45;&gt;dht -->
+<g id="edge51" class="edge"><title>cadet&#45;&gt;dht</title>
+<path fill="none" stroke="black" d="M563.434,-440.833C602.822,-428.186 678.592,-403.856 722.428,-389.78"/>
+<polygon fill="black" stroke="black" points="723.607,-393.078 732.058,-386.688 721.467,-386.413 723.607,-393.078"/>
+</g>
+<!-- core -->
+<g id="node8" class="node"><title>core</title>
+<ellipse fill="none" stroke="black" cx="555" cy="-234" rx="27" ry="18"/>
+<text text-anchor="middle" x="555" y="-230.3" font-family="Times,serif" font-size="14.00">core</text>
+</g>
+<!-- cadet&#45;&gt;core -->
+<g id="edge50" class="edge"><title>cadet&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M539.362,-431.849C542.303,-394.832 549.266,-307.181 552.824,-262.386"/>
+<polygon fill="black" stroke="black" points="556.328,-262.478 553.631,-252.232 549.35,-261.924 556.328,-262.478"/>
+</g>
+<!-- block -->
+<g id="node11" class="node"><title>block</title>
+<polygon fill="none" stroke="black" points="429,-324 385.598,-306 429,-288 472.402,-306 429,-324"/>
+<text text-anchor="middle" x="429" y="-302.3" font-family="Times,serif" font-size="14.00">block</text>
+</g>
+<!-- cadet&#45;&gt;block -->
+<g id="edge52" class="edge"><title>cadet&#45;&gt;block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M522.106,-434.467C511.33,-424.227 497.085,-409.913 486,-396 469.058,-374.736 452.633,-348.272 441.802,-329.75"/>
+<polygon fill="blue" stroke="blue" points="444.702,-327.773 436.674,-320.859 438.638,-331.27 444.702,-327.773"/>
+</g>
+<!-- secretsharing&#45;&gt;consensus -->
+<g id="edge5" class="edge"><title>secretsharing&#45;&gt;consensus</title>
+<path fill="none" stroke="black" d="M120.281,-647.697C119.069,-639.983 117.612,-630.712 116.261,-622.112"/>
+<polygon fill="black" stroke="black" points="119.698,-621.44 114.688,-612.104 112.783,-622.526 119.698,-621.44"/>
+</g>
+<!-- fs -->
+<g id="node6" class="node"><title>fs</title>
+<polygon fill="none" stroke="black" points="100,-527.562 73,-540 46,-527.562 46.0252,-507.438 99.9748,-507.438 100,-527.562"/>
+<text text-anchor="middle" x="73" y="-518.3" font-family="Times,serif" font-size="14.00">fs</text>
+</g>
+<!-- fs&#45;&gt;identity -->
+<g id="edge12" class="edge"><title>fs&#45;&gt;identity</title>
+<path fill="none" stroke="black" d="M100.21,-509.307C104.786,-507.46 109.507,-505.625 114,-504 164.764,-485.643 178.566,-484.387 230,-468 233.971,-466.735 238.108,-465.404 242.237,-464.067"/>
+<polygon fill="black" stroke="black" points="243.351,-467.386 251.778,-460.965 241.186,-460.729 243.351,-467.386"/>
+</g>
+<!-- fs&#45;&gt;cadet -->
+<g id="edge9" class="edge"><title>fs&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M100.01,-516.934C178.772,-505.077 408.387,-470.512 499.803,-456.75"/>
+<polygon fill="black" stroke="black" points="500.372,-460.204 509.74,-455.254 499.33,-453.282 500.372,-460.204"/>
+</g>
+<!-- fs&#45;&gt;dht -->
+<g id="edge6" class="edge"><title>fs&#45;&gt;dht</title>
+<path fill="none" stroke="black" d="M100.081,-509.411C132.571,-495.433 183.726,-473.164 192,-468 213.144,-454.802 212.035,-441.688 235,-432 322.67,-395.017 615.27,-383.079 719.081,-379.955"/>
+<polygon fill="black" stroke="black" points="719.199,-383.453 729.093,-379.664 718.996,-376.456 719.199,-383.453"/>
+</g>
+<!-- fs&#45;&gt;core -->
+<g id="edge7" class="edge"><title>fs&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M65.0877,-507.277C55.5997,-488.827 42.6595,-455.618 57,-432 93.0072,-372.699 269.007,-312.27 334,-288 397.135,-264.424 474.404,-248.714 518.841,-240.869"/>
+<polygon fill="black" stroke="black" points="519.614,-244.287 528.871,-239.134 518.42,-237.39 519.614,-244.287"/>
+</g>
+<!-- datastore -->
+<g id="node9" class="node"><title>datastore</title>
+<ellipse fill="none" stroke="black" cx="108" cy="-450" rx="42.4939" ry="18"/>
+<text text-anchor="middle" x="108" y="-446.3" font-family="Times,serif" font-size="14.00">datastore</text>
+</g>
+<!-- fs&#45;&gt;datastore -->
+<g id="edge8" class="edge"><title>fs&#45;&gt;datastore</title>
+<path fill="none" stroke="black" d="M79.9149,-507.17C84.2467,-498.507 89.9645,-487.071 95.1098,-476.78"/>
+<polygon fill="black" stroke="black" points="98.2763,-478.274 99.618,-467.764 92.0153,-475.143 98.2763,-478.274"/>
+</g>
+<!-- ats -->
+<g id="node10" class="node"><title>ats</title>
+<ellipse fill="none" stroke="black" cx="385" cy="-90" rx="27" ry="18"/>
+<text text-anchor="middle" x="385" y="-86.3" font-family="Times,serif" font-size="14.00">ats</text>
+</g>
+<!-- fs&#45;&gt;ats -->
+<g id="edge10" class="edge"><title>fs&#45;&gt;ats</title>
+<path fill="none" stroke="black" d="M60.2844,-507.296C39.3694,-483.267 0,-431.113 0,-379 0,-379 0,-379 0,-233 0,-159.097 252.872,-111.714 348.742,-96.4063"/>
+<polygon fill="black" stroke="black" points="349.504,-99.8296 358.84,-94.8203 348.418,-92.9144 349.504,-99.8296"/>
+</g>
+<!-- fs&#45;&gt;block -->
+<g id="edge11" class="edge"><title>fs&#45;&gt;block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M99.0792,-507.426C116.81,-497.613 140.343,-483.417 159,-468 175.732,-454.174 174.815,-445.258 192,-432 259.224,-380.139 351.062,-338.689 398.245,-319.166"/>
+<polygon fill="blue" stroke="blue" points="399.679,-322.361 407.611,-315.337 397.03,-315.881 399.679,-322.361"/>
+</g>
+<!-- dht&#45;&gt;core -->
+<g id="edge42" class="edge"><title>dht&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M780.722,-370.233C802.496,-362.816 832.877,-348.569 847,-324 854.974,-310.128 857.48,-300.09 847,-288 810.092,-245.421 650.341,-266.908 596,-252 592.628,-251.075 589.164,-249.944 585.745,-248.709"/>
+<polygon fill="black" stroke="black" points="586.936,-245.416 576.348,-245.037 584.388,-251.936 586.936,-245.416"/>
+</g>
+<!-- dht&#45;&gt;block -->
+<g id="edge44" class="edge"><title>dht&#45;&gt;block</title>
+<path fill="none" stroke="black" d="M730.132,-372.774C681.84,-364.697 574.817,-345.908 486,-324 478.104,-322.052 469.673,-319.694 461.782,-317.363"/>
+<polygon fill="black" stroke="black" points="462.742,-313.997 452.157,-314.456 460.718,-320.698 462.742,-313.997"/>
+</g>
+<!-- nse -->
+<g id="node27" class="node"><title>nse</title>
+<ellipse fill="none" stroke="black" cx="811" cy="-306" rx="27" ry="18"/>
+<text text-anchor="middle" x="811" y="-302.3" font-family="Times,serif" font-size="14.00">nse</text>
+</g>
+<!-- dht&#45;&gt;nse -->
+<g id="edge43" class="edge"><title>dht&#45;&gt;nse</title>
+<path fill="none" stroke="black" d="M767.934,-361.811C775.214,-352.546 784.663,-340.52 792.854,-330.094"/>
+<polygon fill="black" stroke="black" points="795.663,-332.185 799.089,-322.159 790.159,-327.86 795.663,-332.185"/>
+</g>
+<!-- datacache -->
+<g id="node28" class="node"><title>datacache</title>
+<polygon fill="none" stroke="black" points="702,-324 637.818,-306 702,-288 766.182,-306 702,-324"/>
+<text text-anchor="middle" x="702" y="-302.3" font-family="Times,serif" font-size="14.00">datacache</text>
+</g>
+<!-- dht&#45;&gt;datacache -->
+<g id="edge45" class="edge"><title>dht&#45;&gt;datacache</title>
+<path fill="none" stroke="black" d="M744.016,-361.465C736.66,-351.93 727.125,-339.57 718.998,-329.034"/>
+<polygon fill="black" stroke="black" points="721.73,-326.846 712.851,-321.066 716.187,-331.121 721.73,-326.846"/>
+</g>
+<!-- peerinfo -->
+<g id="node29" class="node"><title>peerinfo</title>
+<ellipse fill="none" stroke="black" cx="518" cy="-90" rx="40.0939" ry="18"/>
+<text text-anchor="middle" x="518" y="-86.3" font-family="Times,serif" font-size="14.00">peerinfo</text>
+</g>
+<!-- dht&#45;&gt;peerinfo -->
+<g id="edge46" class="edge"><title>dht&#45;&gt;peerinfo</title>
+<path fill="none" stroke="black" d="M728.828,-376.457C687.438,-374.282 608.033,-364.658 557,-324 495.436,-274.952 504.26,-168.494 512.535,-118.27"/>
+<polygon fill="black" stroke="black" points="516.027,-118.624 514.32,-108.168 509.133,-117.406 516.027,-118.624"/>
+</g>
+<!-- hello -->
+<g id="node30" class="node"><title>hello</title>
+<polygon fill="none" stroke="black" points="854,-36 813.614,-18 854,-3.55271e-15 894.386,-18 854,-36"/>
+<text text-anchor="middle" x="854" y="-14.3" font-family="Times,serif" font-size="14.00">hello</text>
+</g>
+<!-- dht&#45;&gt;hello -->
+<g id="edge47" class="edge"><title>dht&#45;&gt;hello</title>
+<path fill="none" stroke="black" d="M782.364,-373.864C833.24,-367.278 942.225,-350.399 968,-324 996.322,-294.992 988,-275.542 988,-235 988,-235 988,-235 988,-161 988,-99.7534 921.245,-54.2239 881.968,-32.736"/>
+<polygon fill="black" stroke="black" points="883.108,-29.3792 872.632,-27.796 879.834,-35.5665 883.108,-29.3792"/>
+</g>
+<!-- transport -->
+<g id="node33" class="node"><title>transport</title>
+<ellipse fill="none" stroke="black" cx="680" cy="-162" rx="42.4939" ry="18"/>
+<text text-anchor="middle" x="680" y="-158.3" font-family="Times,serif" font-size="14.00">transport</text>
+</g>
+<!-- core&#45;&gt;transport -->
+<g id="edge58" class="edge"><title>core&#45;&gt;transport</title>
+<path fill="none" stroke="black" d="M575.083,-221.753C594.251,-211.02 623.495,-194.643 646.244,-181.903"/>
+<polygon fill="black" stroke="black" points="648.219,-184.809 655.234,-176.869 644.799,-178.701 648.219,-184.809"/>
+</g>
+<!-- exit -->
+<g id="node12" class="node"><title>exit</title>
+<polygon fill="none" stroke="black" points="952,-540 898,-540 898,-504 952,-504 952,-540"/>
+<text text-anchor="middle" x="925" y="-518.3" font-family="Times,serif" font-size="14.00">exit</text>
+</g>
+<!-- exit&#45;&gt;cadet -->
+<g id="edge13" class="edge"><title>exit&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M897.67,-514.323C883.742,-511.021 866.513,-507.093 851,-504 752.337,-484.331 635.236,-465.765 576.155,-456.729"/>
+<polygon fill="black" stroke="black" points="576.571,-453.252 566.158,-455.206 575.517,-460.172 576.571,-453.252"/>
+</g>
+<!-- tun -->
+<g id="node13" class="node"><title>tun</title>
+<polygon fill="none" stroke="black" points="929,-468 897.995,-450 929,-432 960.005,-450 929,-468"/>
+<text text-anchor="middle" x="929" y="-446.3" font-family="Times,serif" font-size="14.00">tun</text>
+</g>
+<!-- exit&#45;&gt;tun -->
+<g id="edge14" class="edge"><title>exit&#45;&gt;tun</title>
+<path fill="none" stroke="black" d="M925.989,-503.697C926.436,-495.868 926.975,-486.435 927.473,-477.728"/>
+<polygon fill="black" stroke="black" points="930.974,-477.806 928.05,-467.622 923.985,-477.406 930.974,-477.806"/>
+</g>
+<!-- dnsstub -->
+<g id="node14" class="node"><title>dnsstub</title>
+<polygon fill="none" stroke="black" points="1032,-468 978.877,-450 1032,-432 1085.12,-450 1032,-468"/>
+<text text-anchor="middle" x="1032" y="-446.3" font-family="Times,serif" font-size="14.00">dnsstub</text>
+</g>
+<!-- exit&#45;&gt;dnsstub -->
+<g id="edge15" class="edge"><title>exit&#45;&gt;dnsstub</title>
+<path fill="none" stroke="black" d="M951.175,-503.876C967.88,-492.948 989.443,-478.841 1006.1,-467.947"/>
+<polygon fill="black" stroke="black" points="1008.33,-470.67 1014.78,-462.266 1004.49,-464.812 1008.33,-470.67"/>
+</g>
+<!-- vpn -->
+<g id="node15" class="node"><title>vpn</title>
+<ellipse fill="none" stroke="black" cx="815" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="815" y="-518.3" font-family="Times,serif" font-size="14.00">vpn</text>
+</g>
+<!-- vpn&#45;&gt;cadet -->
+<g id="edge16" class="edge"><title>vpn&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M793.129,-511.116C787.017,-508.578 780.317,-506.003 774,-504 705.524,-482.293 623.185,-465.931 576.085,-457.463"/>
+<polygon fill="black" stroke="black" points="576.482,-453.979 566.025,-455.678 575.26,-460.871 576.482,-453.979"/>
+</g>
+<!-- vpn&#45;&gt;tun -->
+<g id="edge18" class="edge"><title>vpn&#45;&gt;tun</title>
+<path fill="none" stroke="black" d="M834.339,-509.125C854.149,-496.961 884.945,-478.051 905.995,-465.126"/>
+<polygon fill="black" stroke="black" points="907.942,-468.038 914.632,-459.822 904.279,-462.072 907.942,-468.038"/>
+</g>
+<!-- regex -->
+<g id="node16" class="node"><title>regex</title>
+<ellipse fill="none" stroke="black" cx="756" cy="-450" rx="30.5947" ry="18"/>
+<text text-anchor="middle" x="756" y="-446.3" font-family="Times,serif" font-size="14.00">regex</text>
+</g>
+<!-- vpn&#45;&gt;regex -->
+<g id="edge17" class="edge"><title>vpn&#45;&gt;regex</title>
+<path fill="none" stroke="black" d="M802.198,-505.811C794.496,-496.673 784.53,-484.849 775.827,-474.524"/>
+<polygon fill="black" stroke="black" points="778.307,-472.035 769.186,-466.644 772.954,-476.546 778.307,-472.035"/>
+</g>
+<!-- regex&#45;&gt;dht -->
+<g id="edge57" class="edge"><title>regex&#45;&gt;dht</title>
+<path fill="none" stroke="black" d="M756,-431.697C756,-423.983 756,-414.712 756,-406.112"/>
+<polygon fill="black" stroke="black" points="759.5,-406.104 756,-396.104 752.5,-406.104 759.5,-406.104"/>
+</g>
+<!-- regex&#45;&gt;block -->
+<g id="edge49" class="edge"><title>regex&#45;&gt;block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M732.22,-438.673C673.767,-413.29 523.157,-347.888 458.838,-319.957"/>
+<polygon fill="blue" stroke="blue" points="459.85,-316.581 449.283,-315.808 457.061,-323.002 459.85,-316.581"/>
+</g>
+<!-- pt -->
+<g id="node17" class="node"><title>pt</title>
+<polygon fill="none" stroke="black" points="986,-599.562 959,-612 932,-599.562 932.025,-579.438 985.975,-579.438 986,-599.562"/>
+<text text-anchor="middle" x="959" y="-590.3" font-family="Times,serif" font-size="14.00">pt</text>
+</g>
+<!-- pt&#45;&gt;cadet -->
+<g id="edge19" class="edge"><title>pt&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M931.717,-579.439C928.807,-578.197 925.864,-577.023 923,-576 860.875,-553.809 836.841,-571.725 779,-540 758.602,-528.812 761.339,-515.294 741,-504 688.34,-474.76 619.008,-461.18 576.516,-455.23"/>
+<polygon fill="black" stroke="black" points="576.951,-451.758 566.577,-453.91 576.029,-458.697 576.951,-451.758"/>
+</g>
+<!-- pt&#45;&gt;vpn -->
+<g id="edge20" class="edge"><title>pt&#45;&gt;vpn</title>
+<path fill="none" stroke="black" d="M931.915,-579.834C907.352,-567.894 871.179,-550.309 845.585,-537.868"/>
+<polygon fill="black" stroke="black" points="846.864,-534.598 836.34,-533.373 843.803,-540.893 846.864,-534.598"/>
+</g>
+<!-- dns -->
+<g id="node18" class="node"><title>dns</title>
+<ellipse fill="none" stroke="black" cx="997" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="997" y="-518.3" font-family="Times,serif" font-size="14.00">dns</text>
+</g>
+<!-- pt&#45;&gt;dns -->
+<g id="edge21" class="edge"><title>pt&#45;&gt;dns</title>
+<path fill="none" stroke="black" d="M966.508,-579.17C971.277,-570.385 977.594,-558.748 983.241,-548.346"/>
+<polygon fill="black" stroke="black" points="986.48,-549.716 988.175,-539.257 980.328,-546.376 986.48,-549.716"/>
+</g>
+<!-- dnsparser -->
+<g id="node19" class="node"><title>dnsparser</title>
+<polygon fill="none" stroke="black" points="1143,-540 1080.49,-522 1143,-504 1205.51,-522 1143,-540"/>
+<text text-anchor="middle" x="1143" y="-518.3" font-family="Times,serif" font-size="14.00">dnsparser</text>
+</g>
+<!-- pt&#45;&gt;dnsparser -->
+<g id="edge22" class="edge"><title>pt&#45;&gt;dnsparser</title>
+<path fill="none" stroke="black" d="M986.15,-582.671C1018.5,-570.365 1072.61,-549.781 1108.05,-536.296"/>
+<polygon fill="black" stroke="black" points="1109.42,-539.521 1117.52,-532.694 1106.93,-532.979 1109.42,-539.521"/>
+</g>
+<!-- dns&#45;&gt;tun -->
+<g id="edge23" class="edge"><title>dns&#45;&gt;tun</title>
+<path fill="none" stroke="black" d="M982.91,-506.496C972.543,-495.824 958.362,-481.226 947.147,-469.681"/>
+<polygon fill="black" stroke="black" points="949.418,-466.995 939.94,-462.261 944.397,-471.873 949.418,-466.995"/>
+</g>
+<!-- dns&#45;&gt;dnsstub -->
+<g id="edge24" class="edge"><title>dns&#45;&gt;dnsstub</title>
+<path fill="none" stroke="black" d="M1005.12,-504.765C1009.59,-495.828 1015.21,-484.573 1020.16,-474.673"/>
+<polygon fill="black" stroke="black" points="1023.3,-476.227 1024.64,-465.717 1017.04,-473.096 1023.3,-476.227"/>
+</g>
+<!-- gnsrecord -->
+<g id="node25" class="node"><title>gnsrecord</title>
+<ellipse fill="none" stroke="black" cx="1192" cy="-450" rx="45.4919" ry="18"/>
+<text text-anchor="middle" x="1192" y="-446.3" font-family="Times,serif" font-size="14.00">gnsrecord</text>
+</g>
+<!-- dnsparser&#45;&gt;gnsrecord -->
+<g id="edge39" class="edge"><title>dnsparser&#45;&gt;gnsrecord</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M1152.92,-506.834C1159.12,-497.971 1167.29,-486.304 1174.55,-475.928"/>
+<polygon fill="blue" stroke="blue" points="1177.51,-477.805 1180.38,-467.606 1171.77,-473.791 1177.51,-477.805"/>
+</g>
+<!-- zonemaster -->
+<g id="node20" class="node"><title>zonemaster</title>
+<polygon fill="none" stroke="black" points="914.433,-599.562 851,-612 787.567,-599.562 787.626,-579.438 914.374,-579.438 914.433,-599.562"/>
+<text text-anchor="middle" x="851" y="-590.3" font-family="Times,serif" font-size="14.00">zonemaster</text>
+</g>
+<!-- zonemaster&#45;&gt;dht -->
+<g id="edge26" class="edge"><title>zonemaster&#45;&gt;dht</title>
+<path fill="none" stroke="black" d="M853.642,-579.298C856.499,-561.438 859.583,-529.479 851,-504 836.849,-461.994 802.343,-422.916 779.052,-399.996"/>
+<polygon fill="black" stroke="black" points="781.264,-397.267 771.628,-392.861 776.413,-402.314 781.264,-397.267"/>
+</g>
+<!-- namestore -->
+<g id="node21" class="node"><title>namestore</title>
+<ellipse fill="none" stroke="black" cx="685" cy="-522" rx="47.3916" ry="18"/>
+<text text-anchor="middle" x="685" y="-518.3" font-family="Times,serif" font-size="14.00">namestore</text>
+</g>
+<!-- zonemaster&#45;&gt;namestore -->
+<g id="edge25" class="edge"><title>zonemaster&#45;&gt;namestore</title>
+<path fill="none" stroke="black" d="M818.599,-579.337C791.812,-568.041 753.653,-551.95 724.971,-539.855"/>
+<polygon fill="black" stroke="black" points="726.212,-536.58 715.637,-535.919 723.492,-543.03 726.212,-536.58"/>
+</g>
+<!-- namestore&#45;&gt;identity -->
+<g id="edge37" class="edge"><title>namestore&#45;&gt;identity</title>
+<path fill="none" stroke="black" d="M642.634,-513.641C566.046,-500.338 405.247,-472.408 326.867,-458.793"/>
+<polygon fill="black" stroke="black" points="327.275,-455.312 316.823,-457.049 326.077,-462.208 327.275,-455.312"/>
+</g>
+<!-- namestore&#45;&gt;gnsrecord -->
+<g id="edge38" class="edge"><title>namestore&#45;&gt;gnsrecord</title>
+<path fill="none" stroke="black" d="M726.085,-512.971C742.503,-509.919 761.609,-506.564 779,-504 918.405,-483.451 954.522,-488.05 1094,-468 1109.42,-465.784 1126.13,-463.019 1141.32,-460.368"/>
+<polygon fill="black" stroke="black" points="1142.32,-463.746 1151.56,-458.558 1141.1,-456.853 1142.32,-463.746"/>
+</g>
+<!-- gns -->
+<g id="node22" class="node"><title>gns</title>
+<ellipse fill="none" stroke="black" cx="850" cy="-666" rx="27" ry="18"/>
+<text text-anchor="middle" x="850" y="-662.3" font-family="Times,serif" font-size="14.00">gns</text>
+</g>
+<!-- gns&#45;&gt;identity -->
+<g id="edge34" class="edge"><title>gns&#45;&gt;identity</title>
+<path fill="none" stroke="black" d="M823.048,-663.899C740.091,-660.169 489.801,-646.281 417,-612 395.952,-602.089 396.543,-591.28 379,-576 359.686,-559.178 350.742,-559.383 334,-540 317.464,-520.856 303.335,-495.717 293.996,-477.041"/>
+<polygon fill="black" stroke="black" points="297.085,-475.39 289.562,-467.93 290.791,-478.453 297.085,-475.39"/>
+</g>
+<!-- gns&#45;&gt;dht -->
+<g id="edge28" class="edge"><title>gns&#45;&gt;dht</title>
+<path fill="none" stroke="black" d="M870.511,-653.985C875.467,-651.699 880.829,-649.525 886,-648 1002.11,-613.746 1046.93,-664.524 1156,-612 1236.59,-573.194 1305.75,-498.559 1246,-432 1215.85,-398.416 902.601,-384.19 793.343,-380.225"/>
+<polygon fill="black" stroke="black" points="793.243,-376.719 783.125,-379.863 792.995,-383.715 793.243,-376.719"/>
+</g>
+<!-- gns&#45;&gt;block -->
+<g id="edge29" class="edge"><title>gns&#45;&gt;block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M822.824,-664.872C770.707,-663.582 654.321,-655.598 569,-612 548.284,-601.414 548.925,-590.83 531,-576 509.902,-558.544 496.079,-562.857 481,-540 438.212,-475.142 430.206,-380.324 428.985,-334.208"/>
+<polygon fill="blue" stroke="blue" points="432.483,-334.033 428.808,-324.096 425.484,-334.156 432.483,-334.033"/>
+</g>
+<!-- gns&#45;&gt;dnsstub -->
+<g id="edge33" class="edge"><title>gns&#45;&gt;dnsstub</title>
+<path fill="none" stroke="black" d="M871.065,-654.325C875.905,-652.077 881.078,-649.834 886,-648 941.778,-627.217 973.486,-654.658 1015,-612 1049.82,-576.222 1044.5,-512.583 1037.99,-476.971"/>
+<polygon fill="black" stroke="black" points="1041.36,-476 1035.97,-466.88 1034.5,-477.373 1041.36,-476"/>
+</g>
+<!-- gns&#45;&gt;vpn -->
+<g id="edge31" class="edge"><title>gns&#45;&gt;vpn</title>
+<path fill="none" stroke="black" d="M827.858,-655.35C811.041,-646.688 789.135,-632.213 779,-612 768.086,-590.233 781.353,-564.325 794.756,-546.091"/>
+<polygon fill="black" stroke="black" points="797.832,-547.84 801.242,-537.808 792.321,-543.524 797.832,-547.84"/>
+</g>
+<!-- gns&#45;&gt;dns -->
+<g id="edge27" class="edge"><title>gns&#45;&gt;dns</title>
+<path fill="none" stroke="black" d="M871.13,-654.496C875.967,-652.239 881.122,-649.949 886,-648 933.377,-629.072 964.65,-653.009 995,-612 1008.03,-594.39 1007.25,-568.995 1003.95,-549.835"/>
+<polygon fill="black" stroke="black" points="1007.35,-549.022 1001.93,-539.921 1000.49,-550.418 1007.35,-549.022"/>
+</g>
+<!-- gns&#45;&gt;dnsparser -->
+<g id="edge32" class="edge"><title>gns&#45;&gt;dnsparser</title>
+<path fill="none" stroke="black" d="M870.586,-654.227C875.54,-651.931 880.881,-649.692 886,-648 963.461,-622.391 995.505,-653.066 1066,-612 1093.37,-596.054 1115.84,-566.774 1129.29,-546.163"/>
+<polygon fill="black" stroke="black" points="1132.29,-547.978 1134.66,-537.654 1126.37,-544.243 1132.29,-547.978"/>
+</g>
+<!-- revocation -->
+<g id="node23" class="node"><title>revocation</title>
+<ellipse fill="none" stroke="black" cx="474" cy="-594" rx="48.1917" ry="18"/>
+<text text-anchor="middle" x="474" y="-590.3" font-family="Times,serif" font-size="14.00">revocation</text>
+</g>
+<!-- gns&#45;&gt;revocation -->
+<g id="edge30" class="edge"><title>gns&#45;&gt;revocation</title>
+<path fill="none" stroke="black" d="M823.776,-661.482C769.658,-654.024 641.808,-635.374 536,-612 531.019,-610.9 525.841,-609.65 520.694,-608.34"/>
+<polygon fill="black" stroke="black" points="521.456,-604.922 510.895,-605.77 519.68,-611.693 521.456,-604.922"/>
+</g>
+<!-- gns&#45;&gt;gnsrecord -->
+<g id="edge41" class="edge"><title>gns&#45;&gt;gnsrecord</title>
+<path fill="none" stroke="black" d="M870.549,-654.113C875.504,-651.822 880.856,-649.613 886,-648 978.027,-619.137 1009.84,-646.249 1100,-612 1156.37,-590.587 1185.79,-592.754 1215,-540 1225.98,-520.174 1217.7,-494.957 1208.15,-476.431"/>
+<polygon fill="black" stroke="black" points="1211.2,-474.717 1203.29,-467.672 1205.08,-478.114 1211.2,-474.717"/>
+</g>
+<!-- revocation&#45;&gt;core -->
+<g id="edge35" class="edge"><title>revocation&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M447.586,-578.755C410.639,-556.683 348,-510.49 348,-451 348,-451 348,-451 348,-377 348,-335.398 347.208,-317.038 377,-288 415.046,-250.916 477.859,-239.613 517.794,-236.267"/>
+<polygon fill="black" stroke="black" points="518.191,-239.747 527.918,-235.547 517.695,-232.765 518.191,-239.747"/>
+</g>
+<!-- revocation&#45;&gt;set -->
+<g id="edge36" class="edge"><title>revocation&#45;&gt;set</title>
+<path fill="none" stroke="black" d="M484.409,-576.055C489.683,-567.469 496.183,-556.888 501.987,-547.439"/>
+<polygon fill="black" stroke="black" points="505.024,-549.182 507.276,-538.829 499.06,-545.518 505.024,-549.182"/>
+</g>
+<!-- set&#45;&gt;cadet -->
+<g id="edge75" class="edge"><title>set&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M522.084,-504.055C524.482,-496.059 527.401,-486.331 530.08,-477.4"/>
+<polygon fill="black" stroke="black" points="533.442,-478.373 532.963,-467.789 526.737,-476.362 533.442,-478.373"/>
+</g>
+<!-- conversation -->
+<g id="node26" class="node"><title>conversation</title>
+<polygon fill="none" stroke="black" points="1017.18,-743.562 948,-756 878.82,-743.562 878.884,-723.438 1017.12,-723.438 1017.18,-743.562"/>
+<text text-anchor="middle" x="948" y="-734.3" font-family="Times,serif" font-size="14.00">conversation</text>
+</g>
+<!-- conversation&#45;&gt;cadet -->
+<g id="edge53" class="edge"><title>conversation&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M900.537,-723.335C873.864,-714.435 840.677,-701.257 814,-684 756.206,-646.615 759.329,-615.558 703,-576 673.069,-554.981 658.318,-561.866 629,-540 611.601,-527.024 611.36,-519.336 596,-504 585.077,-493.094 572.479,-481.475 561.82,-471.903"/>
+<polygon fill="black" stroke="black" points="563.901,-469.069 554.107,-465.028 559.243,-474.295 563.901,-469.069"/>
+</g>
+<!-- conversation&#45;&gt;gns -->
+<g id="edge54" class="edge"><title>conversation&#45;&gt;gns</title>
+<path fill="none" stroke="black" d="M928.638,-723.17C913.533,-712.381 892.408,-697.291 875.857,-685.469"/>
+<polygon fill="black" stroke="black" points="877.846,-682.589 867.674,-679.625 873.777,-688.285 877.846,-682.589"/>
+</g>
+<!-- conversation&#45;&gt;gnsrecord -->
+<g id="edge40" class="edge"><title>conversation&#45;&gt;gnsrecord</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M1017.21,-728.51C1076.25,-719.968 1155.24,-705.041 1179,-684 1241.33,-628.786 1256.97,-583.117 1231,-504 1227.58,-493.58 1221.24,-483.522 1214.65,-475.019"/>
+<polygon fill="blue" stroke="blue" points="1217.15,-472.551 1208.08,-467.08 1211.76,-477.015 1217.15,-472.551"/>
+</g>
+<!-- speaker -->
+<g id="node31" class="node"><title>speaker</title>
+<polygon fill="none" stroke="black" points="948,-684 894.877,-666 948,-648 1001.12,-666 948,-684"/>
+<text text-anchor="middle" x="948" y="-662.3" font-family="Times,serif" font-size="14.00">speaker</text>
+</g>
+<!-- conversation&#45;&gt;speaker -->
+<g id="edge55" class="edge"><title>conversation&#45;&gt;speaker</title>
+<path fill="none" stroke="black" d="M948,-723.17C948,-714.919 948,-704.153 948,-694.256"/>
+<polygon fill="black" stroke="black" points="951.5,-694.019 948,-684.019 944.5,-694.019 951.5,-694.019"/>
+</g>
+<!-- microphone -->
+<g id="node32" class="node"><title>microphone</title>
+<polygon fill="none" stroke="black" points="1095,-684 1019.76,-666 1095,-648 1170.24,-666 1095,-684"/>
+<text text-anchor="middle" x="1095" y="-662.3" font-family="Times,serif" font-size="14.00">microphone</text>
+</g>
+<!-- conversation&#45;&gt;microphone -->
+<g id="edge56" class="edge"><title>conversation&#45;&gt;microphone</title>
+<path fill="none" stroke="black" d="M976.692,-723.337C1001.14,-711.695 1036.29,-694.958 1061.92,-682.753"/>
+<polygon fill="black" stroke="black" points="1063.71,-685.777 1071.23,-678.318 1060.7,-679.457 1063.71,-685.777"/>
+</g>
+<!-- nse&#45;&gt;core -->
+<g id="edge48" class="edge"><title>nse&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M790.412,-294.231C785.459,-291.935 780.118,-289.695 775,-288 697.966,-262.487 673.625,-275.652 596,-252 592.83,-251.034 589.569,-249.913 586.336,-248.716"/>
+<polygon fill="black" stroke="black" points="587.428,-245.385 576.841,-244.978 584.864,-251.899 587.428,-245.385"/>
+</g>
+<!-- peerinfo&#45;&gt;hello -->
+<g id="edge76" class="edge"><title>peerinfo&#45;&gt;hello</title>
+<path fill="none" stroke="black" d="M548.194,-77.9517C554.676,-75.8006 561.524,-73.6914 568,-72 654.752,-49.3407 758.747,-32.6176 814.333,-24.4966"/>
+<polygon fill="black" stroke="black" points="815.063,-27.9277 824.46,-23.0344 814.062,-20.9995 815.063,-27.9277"/>
+</g>
+<!-- transport&#45;&gt;ats -->
+<g id="edge66" class="edge"><title>transport&#45;&gt;ats</title>
+<path fill="none" stroke="black" d="M644.122,-152.487C587.168,-138.972 476.742,-112.769 420.21,-99.3548"/>
+<polygon fill="black" stroke="black" points="420.844,-95.9082 410.306,-97.0048 419.228,-102.719 420.844,-95.9082"/>
+</g>
+<!-- transport&#45;&gt;peerinfo -->
+<g id="edge68" class="edge"><title>transport&#45;&gt;peerinfo</title>
+<path fill="none" stroke="black" d="M651.411,-148.647C624.725,-137.116 584.738,-119.837 555.501,-107.204"/>
+<polygon fill="black" stroke="black" points="556.601,-103.867 546.033,-103.113 553.824,-110.292 556.601,-103.867"/>
+</g>
+<!-- transport&#45;&gt;hello -->
+<g id="edge67" class="edge"><title>transport&#45;&gt;hello</title>
+<path fill="none" stroke="black" d="M721.405,-157.922C756.719,-153.037 806.213,-140.439 835,-108 850.042,-91.0495 854.193,-65.1533 854.935,-45.6573"/>
+<polygon fill="black" stroke="black" points="858.435,-45.6195 855.044,-35.5822 851.436,-45.5437 858.435,-45.6195"/>
+</g>
+<!-- nat -->
+<g id="node36" class="node"><title>nat</title>
+<polygon fill="none" stroke="black" points="796,-108 765.835,-90 796,-72 826.165,-90 796,-108"/>
+<text text-anchor="middle" x="796" y="-86.3" font-family="Times,serif" font-size="14.00">nat</text>
+</g>
+<!-- transport&#45;&gt;nat -->
+<g id="edge69" class="edge"><title>transport&#45;&gt;nat</title>
+<path fill="none" stroke="black" d="M703.474,-146.834C723.706,-134.626 752.749,-117.1 772.878,-104.953"/>
+<polygon fill="black" stroke="black" points="774.946,-107.793 781.7,-99.6294 771.33,-101.799 774.946,-107.793"/>
+</g>
+<!-- fragmentation -->
+<g id="node37" class="node"><title>fragmentation</title>
+<polygon fill="none" stroke="black" points="662,-108 576.537,-90 662,-72 747.463,-90 662,-108"/>
+<text text-anchor="middle" x="662" y="-86.3" font-family="Times,serif" font-size="14.00">fragmentation</text>
+</g>
+<!-- transport&#45;&gt;fragmentation -->
+<g id="edge70" class="edge"><title>transport&#45;&gt;fragmentation</title>
+<path fill="none" stroke="black" d="M675.643,-144.055C673.556,-135.941 671.011,-126.044 668.687,-117.006"/>
+<polygon fill="black" stroke="black" points="672.073,-116.12 666.193,-107.307 665.294,-117.864 672.073,-116.12"/>
+</g>
+<!-- topology -->
+<g id="node34" class="node"><title>topology</title>
+<polygon fill="none" stroke="black" points="959.5,-324 894.5,-324 894.5,-288 959.5,-288 959.5,-324"/>
+<text text-anchor="middle" x="927" y="-302.3" font-family="Times,serif" font-size="14.00">topology</text>
+</g>
+<!-- topology&#45;&gt;core -->
+<g id="edge61" class="edge"><title>topology&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M894.413,-292.17C889.63,-290.593 884.724,-289.139 880,-288 756.312,-258.18 718.97,-284.656 596,-252 592.621,-251.103 589.151,-249.989 585.73,-248.765"/>
+<polygon fill="black" stroke="black" points="586.918,-245.471 576.329,-245.106 584.379,-251.995 586.918,-245.471"/>
+</g>
+<!-- topology&#45;&gt;peerinfo -->
+<g id="edge59" class="edge"><title>topology&#45;&gt;peerinfo</title>
+<path fill="none" stroke="black" d="M894.233,-295.354C862.315,-285.612 812.655,-269.532 771,-252 705.781,-224.55 688.475,-218.336 629,-180 597.704,-159.827 564.778,-132.553 542.992,-113.534"/>
+<polygon fill="black" stroke="black" points="545.032,-110.666 535.215,-106.682 540.404,-115.919 545.032,-110.666"/>
+</g>
+<!-- topology&#45;&gt;hello -->
+<g id="edge62" class="edge"><title>topology&#45;&gt;hello</title>
+<path fill="none" stroke="black" d="M922.652,-287.966C910.314,-239.626 875.032,-101.398 860.438,-44.2243"/>
+<polygon fill="black" stroke="black" points="863.829,-43.3557 857.964,-34.532 857.046,-45.087 863.829,-43.3557"/>
+</g>
+<!-- topology&#45;&gt;transport -->
+<g id="edge60" class="edge"><title>topology&#45;&gt;transport</title>
+<path fill="none" stroke="black" d="M897.206,-287.871C850.798,-261.191 761.564,-209.891 713.17,-182.069"/>
+<polygon fill="black" stroke="black" points="714.758,-178.945 704.344,-176.995 711.269,-185.014 714.758,-178.945"/>
+</g>
+<!-- hostlist -->
+<g id="node35" class="node"><title>hostlist</title>
+<polygon fill="none" stroke="black" points="214,-324 158,-324 158,-288 214,-288 214,-324"/>
+<text text-anchor="middle" x="186" y="-302.3" font-family="Times,serif" font-size="14.00">hostlist</text>
+</g>
+<!-- hostlist&#45;&gt;core -->
+<g id="edge63" class="edge"><title>hostlist&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M214.167,-292.599C218.733,-290.88 223.455,-289.271 228,-288 330.933,-259.219 456.746,-244.294 517.975,-238.275"/>
+<polygon fill="black" stroke="black" points="518.666,-241.725 528.286,-237.286 517.998,-234.757 518.666,-241.725"/>
+</g>
+<!-- hostlist&#45;&gt;peerinfo -->
+<g id="edge64" class="edge"><title>hostlist&#45;&gt;peerinfo</title>
+<path fill="none" stroke="black" d="M212.608,-287.849C273.449,-248.632 422.455,-152.586 487.166,-110.875"/>
+<polygon fill="black" stroke="black" points="489.21,-113.721 495.719,-105.362 485.418,-107.838 489.21,-113.721"/>
+</g>
+<!-- hostlist&#45;&gt;hello -->
+<g id="edge65" class="edge"><title>hostlist&#45;&gt;hello</title>
+<path fill="none" stroke="black" d="M192.198,-287.715C209.228,-243.039 261.382,-123.627 349,-72 425.521,-26.9118 694.449,-19.9666 805.486,-19.053"/>
+<polygon fill="black" stroke="black" points="805.751,-22.5513 815.727,-18.9823 805.703,-15.5515 805.751,-22.5513"/>
+</g>
+<!-- scalarproduct -->
+<g id="node38" class="node"><title>scalarproduct</title>
+<ellipse fill="none" stroke="black" cx="636" cy="-594" rx="57.6901" ry="18"/>
+<text text-anchor="middle" x="636" y="-590.3" font-family="Times,serif" font-size="14.00">scalarproduct</text>
+</g>
+<!-- scalarproduct&#45;&gt;cadet -->
+<g id="edge74" class="edge"><title>scalarproduct&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M622.726,-576.035C614.79,-565.742 604.61,-552.266 596,-540 581.021,-518.662 564.9,-493.752 553.465,-475.721"/>
+<polygon fill="black" stroke="black" points="556.241,-473.562 547.943,-466.975 550.322,-477.299 556.241,-473.562"/>
+</g>
+<!-- scalarproduct&#45;&gt;set -->
+<g id="edge73" class="edge"><title>scalarproduct&#45;&gt;set</title>
+<path fill="none" stroke="black" d="M610.179,-577.811C591.059,-566.564 565.021,-551.248 545.33,-539.665"/>
+<polygon fill="black" stroke="black" points="546.899,-536.527 536.505,-534.473 543.349,-542.56 546.899,-536.527"/>
+</g>
+<!-- secushare -->
+<g id="node39" class="node"><title>secushare</title>
+<polygon fill="none" stroke="black" points="633.366,-815.562 578,-828 522.634,-815.562 522.686,-795.438 633.314,-795.438 633.366,-815.562"/>
+<text text-anchor="middle" x="578" y="-806.3" font-family="Times,serif" font-size="14.00">secushare</text>
+</g>
+<!-- social -->
+<g id="node42" class="node"><title>social</title>
+<ellipse fill="none" stroke="black" cx="578" cy="-738" rx="31.3957" ry="18"/>
+<text text-anchor="middle" x="578" y="-734.3" font-family="Times,serif" font-size="14.00">social</text>
+</g>
+<!-- secushare&#45;&gt;social -->
+<g id="edge80" class="edge"><title>secushare&#45;&gt;social</title>
+<path fill="none" stroke="black" d="M578,-795.17C578,-786.919 578,-776.153 578,-766.256"/>
+<polygon fill="black" stroke="black" points="581.5,-766.019 578,-756.019 574.5,-766.019 581.5,-766.019"/>
+</g>
+<!-- multicast -->
+<g id="node40" class="node"><title>multicast</title>
+<ellipse fill="none" stroke="black" cx="326" cy="-594" rx="43.5923" ry="18"/>
+<text text-anchor="middle" x="326" y="-590.3" font-family="Times,serif" font-size="14.00">multicast</text>
+</g>
+<!-- multicast&#45;&gt;cadet -->
+<g id="edge82" class="edge"><title>multicast&#45;&gt;cadet</title>
+<path fill="none" stroke="black" d="M347.889,-578.338C386.803,-552.273 467.927,-497.935 510.526,-469.402"/>
+<polygon fill="black" stroke="black" points="512.642,-472.198 519.003,-463.725 508.747,-466.382 512.642,-472.198"/>
+</g>
+<!-- psyc -->
+<g id="node41" class="node"><title>psyc</title>
+<ellipse fill="none" stroke="black" cx="326" cy="-666" rx="27" ry="18"/>
+<text text-anchor="middle" x="326" y="-662.3" font-family="Times,serif" font-size="14.00">psyc</text>
+</g>
+<!-- psyc&#45;&gt;multicast -->
+<g id="edge81" class="edge"><title>psyc&#45;&gt;multicast</title>
+<path fill="none" stroke="black" d="M326,-647.697C326,-639.983 326,-630.712 326,-622.112"/>
+<polygon fill="black" stroke="black" points="329.5,-622.104 326,-612.104 322.5,-622.104 329.5,-622.104"/>
+</g>
+<!-- psycstore -->
+<g id="node43" class="node"><title>psycstore</title>
+<ellipse fill="none" stroke="black" cx="220" cy="-594" rx="44.393" ry="18"/>
+<text text-anchor="middle" x="220" y="-590.3" font-family="Times,serif" font-size="14.00">psycstore</text>
+</g>
+<!-- psyc&#45;&gt;psycstore -->
+<g id="edge79" class="edge"><title>psyc&#45;&gt;psycstore</title>
+<path fill="none" stroke="black" d="M307.536,-652.807C291.938,-642.506 269.271,-627.537 250.911,-615.413"/>
+<polygon fill="black" stroke="black" points="252.567,-612.312 242.294,-609.722 248.71,-618.154 252.567,-612.312"/>
+</g>
+<!-- social&#45;&gt;gns -->
+<g id="edge78" class="edge"><title>social&#45;&gt;gns</title>
+<path fill="none" stroke="black" d="M605.831,-729.838C655.82,-716.973 760.68,-689.987 815.282,-675.935"/>
+<polygon fill="black" stroke="black" points="816.373,-679.268 825.185,-673.386 814.628,-672.489 816.373,-679.268"/>
+</g>
+<!-- social&#45;&gt;psyc -->
+<g id="edge77" class="edge"><title>social&#45;&gt;psyc</title>
+<path fill="none" stroke="black" d="M550.552,-729.376C504.247,-716.513 410.731,-690.537 360.222,-676.506"/>
+<polygon fill="black" stroke="black" points="360.996,-673.089 350.424,-673.784 359.122,-679.833 360.996,-673.089"/>
+</g>
+<!-- rps -->
+<g id="node44" class="node"><title>rps</title>
+<ellipse fill="none" stroke="black" cx="593" cy="-306" rx="27" ry="18"/>
+<text text-anchor="middle" x="593" y="-302.3" font-family="Times,serif" font-size="14.00">rps</text>
+</g>
+<!-- rps&#45;&gt;core -->
+<g id="edge83" class="edge"><title>rps&#45;&gt;core</title>
+<path fill="none" stroke="black" d="M584.187,-288.765C579.582,-280.283 573.845,-269.714 568.679,-260.197"/>
+<polygon fill="black" stroke="black" points="571.613,-258.266 563.766,-251.147 565.461,-261.606 571.613,-258.266"/>
+</g>
+</g>
+</svg>
diff --git a/contrib/packages/guix/notest-guix-env.scm b/contrib/packages/guix/notest-guix-env.scm
new file mode 100644
index 000000000..ffb0ec889
--- /dev/null
+++ b/contrib/packages/guix/notest-guix-env.scm
@@ -0,0 +1,145 @@
+;;; This file is part of GNUnet.
+;;; Copyright (C) 2016, 2017, 2018 GNUnet e.V.
+;;;
+;;; GNUnet is free software: you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published
+;;; by the Free Software Foundation, either version 3 of the License,
+;;; or (at your option) any later version.
+;;;
+;;; GNUnet is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+;;; Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules
+ (ice-9 popen)
+ (ice-9 match)
+ (ice-9 rdelim)
+ (guix packages)
+ (guix build-system gnu)
+ (guix gexp)
+ ((guix build utils) #:select (with-directory-excursion))
+ (guix git-download)
+ (guix utils) ; current-source-directory
+ (gnu packages)
+ (gnu packages aidc)
+ (gnu packages autotools)
+ (gnu packages backup)
+ (gnu packages base)
+ (gnu packages compression)
+ (gnu packages curl)
+ (gnu packages databases)
+ (gnu packages file)
+ (gnu packages gettext)
+ (gnu packages glib)
+ (gnu packages gnome)
+ (gnu packages gnunet)
+ (gnu packages gnupg)
+ (gnu packages gnuzilla)
+ (gnu packages groff)
+ (gnu packages gstreamer)
+ (gnu packages gtk)
+ (gnu packages guile)
+ (gnu packages image)
+ (gnu packages image-viewers)
+ (gnu packages libidn)
+ (gnu packages libunistring)
+ (gnu packages linux)
+ (gnu packages maths)
+ (gnu packages multiprecision)
+ (gnu packages perl)
+ (gnu packages pkg-config)
+ (gnu packages pulseaudio)
+ (gnu packages python)
+ (gnu packages tex)
+ (gnu packages texinfo)
+ (gnu packages tex)
+ (gnu packages tls)
+ (gnu packages upnp)
+ (gnu packages video)
+ (gnu packages web)
+ (gnu packages xiph)
+ ((guix licenses) #:prefix license:))
+
+(define %source-dir (current-source-directory))
+
+(define gnunet-dev-env
+  (let* ((revision "1")
+         (select? (delay (or (git-predicate
+                              (current-source-directory))
+                             source-file?))))
+    (package
+      (inherit gnunet)
+      (name "gnunet")
+      (version (string-append "git" revision))
+      (source
+       (local-file
+        (string-append (getcwd))
+        #:recursive? #t))
+      (inputs
+       `(("glpk" ,glpk)
+         ("gnurl" ,gnurl)
+         ("gstreamer" ,gstreamer)
+         ("gst-plugins-base" ,gst-plugins-base)
+         ("gnutls/dane" ,gnutls/dane)
+         ("libextractor" ,libextractor)
+         ("libgcrypt" ,libgcrypt)
+         ("libidn" ,libidn)
+         ("libmicrohttpd" ,libmicrohttpd)
+         ("libltdl" ,libltdl)
+         ("libunistring" ,libunistring)
+         ("openssl" ,openssl)
+         ("opus" ,opus)
+         ("pulseaudio" ,pulseaudio)
+         ("sqlite" ,sqlite)
+         ("postgresql" ,postgresql)
+         ("mysql" ,mariadb)
+         ("zlib" ,zlib)
+         ("perl" ,perl)
+         ("python-2" ,python-2) ; tests and gnunet-qr
+         ("python2-future" ,python2-future)
+         ("jansson" ,jansson)
+         ("nss" ,nss)
+         ("glib" ,glib "bin")
+         ("gmp" ,gmp)
+         ("bluez" ,bluez) ; for optional bluetooth feature
+         ("glib" ,glib)
+         ;; ("texlive" ,texlive) ;FIXME: minimize.
+         ("texlive-tiny" ,texlive-tiny) ;; Seems to be enough for _just_ info output.
+         ("miniupnpc" ,miniupnpc)
+         ("libogg" ,libogg)))
+      (native-inputs
+       `(("pkg-config" ,pkg-config)
+         ("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("gnu-gettext" ,gnu-gettext)
+         ("which" ,which)
+         ("texinfo" ,texinfo-5) ; Debian stable: 5.2
+         ("libtool" ,libtool)))
+      (outputs '("out" "debug"))
+      (arguments
+       `(#:configure-flags
+         (list (string-append "--with-nssdir=" %output "/lib")
+               "--enable-experimental")
+         #:phases
+         ;; swap check and install phases and set paths to installed bin
+         (modify-phases %standard-phases
+           (add-after 'unpack 'patch-bin-sh
+             (lambda _
+               (for-each (lambda (f) (chmod f #o755))
+                         (find-files "po" ""))
+               #t))
+           (add-after 'patch-bin-sh 'bootstrap
+             (lambda _
+               (invoke "sh" "bootstrap")))
+           ;;(add-before 'build 'chdir
+           ;; (lambda _
+           ;;  (chdir "doc/documentation")))
+           (delete 'check)
+           ;; XXX: https://gnunet.org/bugs/view.php?id=4619
+                 ))))))
+
+gnunet-dev-env
diff --git a/doc/documentation/chapters/preface.texi b/doc/documentation/chapters/preface.texi
index 00e6290f0..29cf924a2 100644
--- a/doc/documentation/chapters/preface.texi
+++ b/doc/documentation/chapters/preface.texi
@@ -12,9 +12,9 @@ all kinds of basic applications for the foundation of a new Internet.
 
 @menu
 * About this book::
+* Contributing to this book::
 * Introduction::
 * Project governance::
-* General Terminology::
 * Typography::
 @end menu
 
@@ -37,6 +37,26 @@ The first chapter (``Preface'') as well as the the second
 chapter (``Philosophy'') give an introduction to GNUnet as a project,
 what GNUnet tries to achieve.
 
+@node Contributing to this book
+@section Contributing to this book
+
+The GNUnet Reference Manual is a collective work produced by various
+people throughout the years. The version you are reading is derived
+from many individual efforts hosted on our website. This was a failed
+experiment, and with the conversion to Texinfo we hope to address this
+in the longterm. Texinfo is the documentation language of the GNU project.
+While it can be intimidating at first and look scary or complicated,
+it is just another way to express text format instructions. We encourage
+you to take this opportunity and learn about Texinfo, learn about GNUnet,
+and one word at a time we will arrive at a book which explains GNUnet in
+the least complicated way to you. Even when you don't want or can't learn
+Texinfo, you can contribute. Send us an Email or join our IRC chat room
+on freenode and talk with us about the documentation (the prefered way
+to reach out is the mailinglist, since you can communicate with us
+without waiting on someone in the chatroom). One way or another you
+can help shape the understanding of GNUnet without the ability to read
+and understand its sourcecode.
+
 @node Introduction
 @section Introduction
 
@@ -66,25 +86,31 @@ immediately.  A few months after the first release we contacted the
 GNU project, happily agreed to their governance model and became an
 official GNU package.
 
-Within the first year, we created GNU libextractor, a helper library
+Within the first year, we created
+@uref{https://gnu.org/s/libextractor, GNU libextractor}, a helper library
 for meta data extraction which has been used by a few other projects
 as well.  2003 saw the emergence of pluggable transports, the ability
 for GNUnet to use different mechanisms for communication, starting
 with TCP, UDP and SMTP (support for the latter was later dropped due
 to a lack of maintenance).  In 2005, the project first started to
 evolve beyond the original file-sharing application with a first
-simple P2P chat.  In 2007, we created GNU libmicrohttpd
+simple P2P chat.  In 2007, we created
+@uref{https://gnu.org/s/libmicrohttpd, GNU libmicrohttpd}
 to support a pluggable transport based on HTTP.  In 2009, the
 architecture was radically modularized into the multi-process system
-that exists today.  Coincidentally, the first version of the ARM
+that exists today.  Coincidentally, the first version of the ARM@footnote{ARM: Automatic Restart Manager}
 service was implemented a day before systemd was announced.  From 2009
 to 2014 work progressed rapidly thanks to a significant research grant
 from the Deutsche Forschungsgesellschaft.  This resulted in particular
 in the creation of the R5N DHT, CADET, ATS and the GNU Name System.
-In 2010, GNUnet was selected as the basis for the SecuShare online
-social network, resutling in a significant growth of the core team.
-In 2013, we launched GNU Taler to address the challenge of convenient
-and privacy-preserving online payments.  In 2015, the pEp project
+In 2010, GNUnet was selected as the basis for the
+@uref{https://secushare.org, secushare} online
+social network, resulting in a significant growth of the core team.
+In 2013, we launched @uref{https://taler.net, GNU Taler} to address
+the challenge of convenient
+and privacy-preserving online payments.  In 2015, the
+@c TODO: Maybe even markup for the E if it renders in most outputs.
+@uref{https://pep.foundation/, pEp}@footnote{pretty easy privacy} project
 announced that they will use GNUnet as the technology for their
 meta-data protection layer, ultimately resulting in GNUnet e.V.
 entering into a formal long-term collaboration with the pEp
@@ -99,9 +125,9 @@ computing has been the core driver of the GNU project. With GNUnet we
 are focusing on informational self-determination for collaborative
 computing and communication over networks.
 
-The Internet is shaped as much by code and protocols as by its
-associated political processes (IETF, ICANN, IEEE, etc.), and its
-flaws are similarly not limited to the protocol design.  Thus,
+The Internet is shaped as much by code and protocols as it is by its
+associated political processes (IETF, ICANN, IEEE, etc.).
+Similarly its flaws are not limited to the protocol design.  Thus,
 technical excellence by itself will not suffice to create a better
 network. We also need to build a community that is wise, humble and
 has a sense of humor to achieve our goal to create a technical
@@ -116,23 +142,22 @@ follows the governance model of a benevolent dictator.  This means
 that ultimately, the GNU project appoints the GNU maintainer and can
 overrule decisions made by the GNUnet maintainer. Similarly, the
 GNUnet maintainer can overrule any decisions made by individual
+@c TODO: Should we mention if this is just about GNUnet? Other projects
+@c TODO: in GNU seem to have rare issues (GCC, the 2018 documentation
+@c TODO: discussion.
 developers.  Still, in practice neither has happened in the last 20
 years, and we hope to keep it that way.
 
+@c TODO: Actually we are a Swiss association, or just a German association
+@c TODO: with Swiss bylaws/Satzung?
+@c TODO: Rewrite one of the 'GNUnet eV may also' sentences.
 The GNUnet project is supported by GNUnet e.V., a German association
-where any developer can become a member.  GNUnet e.V. servers as a
+where any developer can become a member.  GNUnet e.V. serves as a
 legal entity to hold the copyrights to GNUnet.  GNUnet e.V. may also
 choose to pay for project resources, and can collect donations.
 GNUnet e.V. may also choose to adjust the license of the
-software (with the constraint that it has to remain free software).
-
-
-@node General Terminology
-@section General Terminology
+software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.}
 
-In the following manual we may use words that can not be found in the
-Appendix. Since we want to keep the manual selfcontained, we will
-explain words here.
 
 @node Typography
 @section Typography
@@ -142,3 +167,5 @@ command should/can be issued as root, or if "normal" user privileges are
 sufficient. We use a @code{#} for root's shell prompt, a
 @code{%} for users' shell prompt, assuming they use the C-shell or tcsh
 and a @code{$} for bourne shell and derivatives.
+@c TODO: Really? Why the different prompts? Do we already have c-shell
+@c TODO: examples?
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index fe47abb86..35afdf5f7 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -26,6 +26,7 @@ always welcome.
 * First steps - Using the GNUnet VPN::
 * File-sharing::
 * The GNU Name System::
+* re@:claim Identity Provider::
 * Using the Virtual Public Network::
 @end menu
 
@@ -43,6 +44,7 @@ To stop GNUnet:
 @example
 $ gnunet-arm -e
 @end example
+
 @node First steps - Using the GNU Name System
 @section First steps - Using the GNU Name System
 @c %**end of header
@@ -246,7 +248,7 @@ more an experimental feature and not really our primary goal at this
 time. Still, it is a possible use-case and we welcome help with testing
 and development.
 
-
+@pindex gnunet-bcd
 @node Creating a Business Card
 @subsection Creating a Business Card
 @c FIXME: Which parts of texlive are needed? Some systems offer a modular
@@ -257,7 +259,9 @@ Note that this requires having @command{LaTeX} installed on your system.
 If you are using a Debian GNU/Linux based operating system, the
 following command should install the required components.
 Keep in mind that this @b{requires 3GB} of downloaded data and possibly
-@b{even more} when unpacked.
+@b{even more}@footnote{Author's note:
+@command{guix size `guix build texlive`} in summer 2018 returns a DAG
+size of 5032.4 MiB} when unpacked.
 @b{We welcome any help in identifying the required components of the
 TexLive Distribution. This way we could just state the required components
 without pulling in the full distribution of TexLive.}
@@ -312,12 +316,14 @@ you might need a trip to the store together.
 Before we get started, we need to tell @code{gnunet-qr} which zone
 it should import new records into.  For this, run:
 
+@pindex gnunet-identity
 @example
 $ gnunet-identity -s namestore -e NAME
 @end example
 where NAME is the name of the zone you want to import records
 into.  In our running example, this would be ``gnu''.
 
+@pindex gnunet-qr
 Henceforth, for every business card you collect, simply run:
 @example
 $ gnunet-qr
@@ -335,6 +341,7 @@ GNUnet network at this time, you should thus be able to
 resolve your friends names. Suppose your friend's nickname
 is "Bob". Then, type
 
+@pindex gnunet-gns
 @example
 $ gnunet-gns -u test.bob.gnu
 @end example
@@ -381,6 +388,7 @@ a revocation certificate corresponding to your ego.  This certificate,
 when published on the P2P network, flags your private key as invalid,
 and all further resolutions or other checks involving the key will fail.
 
+@pindex gnunet-revocation
 A revocation certificate is thus a useful tool when things go out of
 control, but at the same time it should be stored securely.
 Generation of the revocation certificate for a zone can be done through
@@ -433,6 +441,7 @@ private conversation with your friend. Finally, help us
 with the next GNUnet release for even more applications
 using this new public key infrastructure.
 
+@pindex gnunet-conservation-gtk
 @node First steps - Using GNUnet Conversation
 @section First steps - Using GNUnet Conversation
 @c %**end of header
@@ -485,6 +494,7 @@ that will show up when you call somebody else, as well as the
 GNS zone that will be used to resolve names of users that you
 are calling. Run
 
+@pindex gnunet-conversation
 @example
 gnunet-conversation -e zone-name
 @end example
@@ -564,7 +574,7 @@ Either of you can end the call using @command{/cancel}. You can exit
 
 @menu
 * VPN Preliminaries::
-* Exit configuration::
+* GNUnet-Exit configuration::
 * GNS configuration::
 * Accessing the service::
 * Using a Browser::
@@ -595,6 +605,9 @@ The exact details may differ a bit, which is fine. Add the text
 hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
 @end example
 
+@c TODO: outdated section, we no longer install this as part of the
+@c TODO: standard installation procedure and should point out the manual
+@c TODO: steps required to make it useful.
 @noindent
 You might want to make sure that @code{/lib/libnss_gns.so.2} exists on
 your system, it should have been created during the installation.
@@ -608,8 +621,8 @@ $ cd src/gns/nss; sudo make install
 @noindent
 to install the NSS plugins in the proper location.
 
-@node Exit configuration
-@subsection Exit configuration
+@node GNUnet-Exit configuration
+@subsection GNUnet-Exit configuration
 @c %**end of header
 
 Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and
@@ -696,9 +709,10 @@ the searcher/downloader specify "no anonymity", non-anonymous
 file-sharing is used. If either user specifies some desired degree
 of anonymity, anonymous file-sharing will be used.
 
-After a short introduction, we will first look at the various concepts in
-GNUnet's file-sharing implementation. Then, we will discuss specifics as to how
-they impact users that publish, search or download files.
+After a short introduction, we will first look at the various concepts
+in GNUnet's file-sharing implementation. Then, we will discuss
+specifics as to how they impact users that publish, search or download
+files.
 
 
 @menu
@@ -706,7 +720,6 @@ they impact users that publish, search or download files.
 * fs-Downloading::
 * fs-Publishing::
 * fs-Concepts::
-* fs-Directories::
 * Namespace Management::
 * File-Sharing URIs::
 * GTK User Interface::
@@ -724,10 +737,11 @@ $ gnunet-search [-t TIMEOUT] KEYWORD
 @end example
 
 @noindent
-The -t option specifies that the query should timeout after
-approximately TIMEOUT seconds. A value of zero is interpreted
-as @emph{no timeout}, which is also the default. In this case,
-gnunet-search will never terminate (unless you press CTRL-C).
+The @command{-t} option specifies that the query should timeout after
+approximately TIMEOUT seconds. A value of zero (``0'') is interpreted
+as @emph{no timeout}, which is the default. In this case,
+@command{gnunet-search} will never terminate (unless you press
+@command{CTRL-C}).
 
 If multiple words are passed as keywords, they will all be
 considered optional. Prefix keywords with a "+" to make them mandatory.
@@ -750,10 +764,11 @@ as the first will match files shared under the keywords
 "Das" or "Kapital" whereas the second will match files
 shared under the keyword "Das Kapital".
 
-Search results are printed by gnunet-search like this:
+Search results are printed by @command{gnunet-search} like this:
 
 @c it will be better the avoid the ellipsis altogether because I don't
 @c understand the explanation below that
+@c ng0: who is ``I'' and what was the complete sentence?
 @example
 #15:
 gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
@@ -762,10 +777,11 @@ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
 
 @noindent
 The whole line is the command you would have to enter to download
-the file. The argument passed to @code{-o} is the suggested
+the file. The first argument passed to @code{-o} is the suggested
 filename (you may change it to whatever you like).
-It is followed by the key for decrypting the file, the query for searching the
-file, a checksum (in hexadecimal) finally the size of the file in bytes.
+It is followed by the key for decrypting the file, the query for
+searching the file, a checksum (in hexadecimal) finally the size of
+the file in bytes.
 
 @node fs-Downloading
 @subsection Downloading
@@ -802,9 +818,9 @@ already present.
 GNUnet's file-encoding mechanism will ensure file integrity, even if the
 existing file was not downloaded from GNUnet in the first place.
 
-You may want to use the @command{-V} switch  to turn on verbose reporting. In
-this case, @command{gnunet-download} will print the current number of bytes
-downloaded whenever new data was received.
+You may want to use the @command{-V} switch to turn on verbose
+reporting. In this case, @command{gnunet-download} will print the
+current number of bytes downloaded whenever new data was received.
 
 @node fs-Publishing
 @subsection Publishing
@@ -834,7 +850,7 @@ $ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/p
 The option @code{-k} is used to specify keywords for the file that
 should be inserted. You can supply any number of keywords,
 and each of the keywords will be sufficient to locate and
-retrieve the file. Please note that you must use the @code{-k} option 
+retrieve the file. Please note that you must use the @code{-k} option
 more than once -- one for each expression you use as a keyword for
 the filename.
 
@@ -845,10 +861,14 @@ list by running @command{extract -L}. Use quotes around the entire
 meta-data argument if the value contains spaces. The meta-data
 is displayed to other users when they select which files to
 download. The meta-data and the keywords are optional and
-maybe inferred using @code{GNU libextractor}.
+may be inferred using @code{GNU libextractor}.
+
+@command{gnunet-publish} has a few additional options to handle
+namespaces and directories. Refer to the man-page for details:
 
-gnunet-publish has a few additional options to handle namespaces and
-directories. See the man-page for details.
+@example
+man gnunet-publish
+@end example
 
 @node Indexing vs. Inserting
 @subsubsection Indexing vs Inserting
@@ -890,18 +910,17 @@ able to crack the encryption (e.g. by guessing the keyword.
 @subsection Concepts
 @c %**end of header
 
-Sharing files in GNUnet is not quite as simple as in traditional
-file sharing systems. For example, it is not sufficient to just
-place files into a specific directory to share them. In addition
-to anonymous routing GNUnet attempts to give users a better experience
-in searching for content. GNUnet uses cryptography to safely break
-content into smaller pieces that can be obtained from different
-sources without allowing participants to corrupt files. GNUnet
-makes it difficult for an adversary to send back bogus search
-results. GNUnet enables content providers to group related content
-and to establish a reputation. Furthermore, GNUnet allows updates
-to certain content to be made available. This section is supposed
-to introduce users to the concepts that are used to achieve these goals.
+For better results with filesharing it is useful to understand the
+following concepts.
+In addition to anonymous routing GNUnet attempts to give users a better
+experience in searching for content. GNUnet uses cryptography to safely
+break content into smaller pieces that can be obtained from different
+sources without allowing participants to corrupt files. GNUnet makes it
+difficult for an adversary to send back bogus search results. GNUnet
+enables content providers to group related content and to establish a
+reputation. Furthermore, GNUnet allows updates to certain content to be
+made available. This section is supposed to introduce users to the
+concepts that are used to achieve these goals.
 
 
 @menu
@@ -921,10 +940,10 @@ to introduce users to the concepts that are used to achieve these goals.
 @c %**end of header
 
 A file in GNUnet is just a sequence of bytes. Any file-format is allowed
-and the maximum file size is theoretically 264 bytes, except that it
-would take an impractical amount of time to share such a file.
-GNUnet itself never interprets the contents of shared files, except
-when using GNU libextractor to obtain keywords.
+and the maximum file size is theoretically @math{2^64 - 1} bytes, except
+that it would take an impractical amount of time to share such a file.
+GNUnet itself never interprets the contents of shared files, except when
+using GNU libextractor to obtain keywords.
 
 @node Keywords
 @subsubsection Keywords
@@ -954,10 +973,26 @@ it cannot be changed since it is treated just like an ordinary file
 by the network. Small files (of a few kilobytes) can be inlined in
 the directory, so that a separate download becomes unnecessary.
 
+Directories are shared just like ordinary files. If you download a
+directory with @command{gnunet-download}, you can use
+@command{gnunet-directory} to list its contents. The canonical
+extension for GNUnet directories when stored as files in your
+local file-system is ".gnd". The contents of a directory are URIs and
+meta data.
+The URIs contain all the information required by
+@command{gnunet-download} to retrieve the file. The meta data
+typically includes the mime-type, description, a filename and
+other meta information, and possibly even the full original file
+(if it was small).
+
 @node Pseudonyms
 @subsubsection Pseudonyms
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 Pseudonyms in GNUnet are essentially public-private (RSA) key pairs
 that allow a GNUnet user to maintain an identity (which may or may not
 be detached from their real-life identity). GNUnet's pseudonyms are not
@@ -973,6 +1008,10 @@ to copy around).
 @subsubsection Namespaces
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 A namespace is a set of files that were signed by the same pseudonym.
 Files (or directories) that have been signed and placed into a namespace
 can be updated. Updates are identified as authentic if the same secret
@@ -984,11 +1023,15 @@ same entity (which does not have to be the same person).
 @subsubsection Advertisements
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 Advertisements are used to notify other users about the existence of a
 namespace. Advertisements are propagated using the normal keyword search.
 When an advertisement is received (in response to a search), the namespace
 is added to the list of namespaces available in the namespace-search
-dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a
+dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a
 namespace is created, an appropriate advertisement can be generated.
 The default keyword for the advertising of namespaces is "namespace".
 
@@ -996,7 +1039,7 @@ Note that GNUnet differentiates between your pseudonyms (the identities
 that you control) and namespaces. If you create a pseudonym, you will
 not automatically see the respective namespace. You first have to create
 an advertisement for the namespace and find it using keyword
-search --- even for your own namespaces. The @command{gnunet-pseudonym}
+search --- even for your own namespaces. The @command{gnunet-identity}
 tool is currently responsible for both managing pseudonyms and namespaces.
 This will likely change in the future to reduce the potential for
 confusion.
@@ -1044,22 +1087,6 @@ level by one. If all blocks reach replication level zero, the
 selection is simply random.
 
 
-@node fs-Directories
-@subsection Directories
-@c %**end of header
-
-Directories are shared just like ordinary files. If you download a
-directory with @command{gnunet-download}, you can use
-@command{gnunet-directory} to list its contents. The canonical
-extension for GNUnet directories when stored as files in your
-local file-system is ".gnd". The contents of a directory are URIs and
-meta data.
-The URIs contain all the information required by
-@command{gnunet-download} to retrieve the file. The meta data
-typically includes the mime-type, description, a filename and
-other meta information, and possibly even the full original file
-(if it was small).
-
 @node Namespace Management
 @subsection Namespace Management
 @c %**end of header
@@ -1067,8 +1094,8 @@ other meta information, and possibly even the full original file
 @b{Please note that the text in this subsection is outdated and needs}
 @b{to be rewritten for version 0.10!}
 
-The gnunet-pseudonym tool can be used to create pseudonyms and
-to advertise namespaces. By default, gnunet-pseudonym simply
+The @code{gnunet-identity} tool can be used to create pseudonyms and
+to advertise namespaces. By default, @code{gnunet-identity -D} simply
 lists all locally available pseudonyms.
 
 
@@ -1084,6 +1111,10 @@ lists all locally available pseudonyms.
 @subsubsection Creating Pseudonyms
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 With the @command{-C NICK} option it can also be used to
 create a new pseudonym. A pseudonym is the virtual identity
 of the entity in control of a namespace. Anyone can create
@@ -1095,6 +1126,10 @@ used.
 @subsubsection Deleting Pseudonyms
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 With the @command{-D NICK} option pseudonyms can be deleted.
 Once the pseudonym has been deleted it is impossible to add
 content to the corresponding namespace. Deleting the
@@ -1105,6 +1140,10 @@ unavailable.
 @subsubsection Advertising namespaces
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 Each namespace is associated with meta-data that describes
 the namespace. This meta-data is provided by the user at
 the time that the namespace is advertised. Advertisements
@@ -1121,6 +1160,10 @@ the quality of the content found in it.
 @subsubsection Namespace names
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 While the namespace is uniquely identified by its ID, another way
 to refer to the namespace is to use the NICKNAME.
 The NICKNAME can be freely chosen by the creator of the namespace and
@@ -1132,6 +1175,10 @@ to the NICKNAME to get a unique identifier.
 @subsubsection Namespace root
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 An item of particular interest in the namespace advertisement is
 the ROOT. The ROOT is the identifier of a designated entry in the
 namespace. The idea is that the ROOT can be used to advertise an
@@ -1219,6 +1266,10 @@ Furthermore they must not contain '++'.
 @subsubsection Namespace content (sks)
 @c %**end of header
 
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
 Namespaces are sets of files that have been approved by some (usually
 pseudonymous) user --- typically by that user publishing all of the
 files together. A file can be in many namespaces. A file is in a
@@ -1419,8 +1470,8 @@ $ gnunet-identity -C "myzone"
 
 Henceforth, on your system you control the TLD ``myzone''.
 
-All of your zones can be listed using the @command{gnunet-identity}
-command line tool as well:
+All of your zones can be listed (displayed) using the
+@command{gnunet-identity} command line tool as well:
 
 @example
 $ gnunet-identity -d
@@ -1528,11 +1579,11 @@ record you want to access).
 @subsection Using Public Keys as Top Level Domains
 
 
-GNS also assumes responsibility for any name that uses in a well-formed
-public key for the TLD.  Names ending this way are then resolved by querying
-the respective zone. Such public key TLDs are expected to be used under rare
-circumstances where globally unique names are required, and for
-integration with legacy systems.
+GNS also assumes responsibility for any name that uses in a
+well-formed public key for the TLD.  Names ending this way are then
+resolved by querying the respective zone. Such public key TLDs are
+expected to be used under rare circumstances where globally unique
+names are required, and for integration with legacy systems.
 
 @node Resource Records in GNS
 @subsection Resource Records in GNS
@@ -1569,18 +1620,31 @@ GNS currently supports the following record types:
 * CNAME::
 * GNS2DNS::
 * SOA SRV PTR and MX::
+* PLACE::
+* PHONE::
+* ID ATTR::
+* ID TOKEN::
+* ID TOKEN METADATA::
+* CREDENTIAL::
+* POLICY::
+* ATTRIBUTE::
+* ABE KEY::
+* ABE MASTER::
+* RECLAIM OIDC CLIENT::
+* RECLAIM OIDC REDIRECT::
 @end menu
 
 @node NICK
 @subsubsection NICK
 
-A NICK record is used to give a zone a name. With a NICK record, you can
-essentially specify how you would like to be called. GNS expects this
-record under the empty label ``@@'' in the zone's database (NAMESTORE); however,
-it will then automatically be copied into each record set, so that
-clients never need to do a separate lookup to discover the NICK record.
-Also, users do not usually have to worry about setting the NICK record:
-it is automatically set to the local name of the TLD.
+A NICK record is used to give a zone a name. With a NICK record, you
+can essentially specify how you would like to be called. GNS expects
+this record under the empty label ``@@'' in the zone's database
+(NAMESTORE); however, it will then automatically be copied into each
+record set, so that clients never need to do a separate lookup to
+discover the NICK record.  Also, users do not usually have to worry
+about setting the NICK record: it is automatically set to the local
+name of the TLD.
 
 @b{Example}@
 
@@ -1739,6 +1803,66 @@ should use the ZKEY zone as the destination hostname and
 GNS-enabled mail servers should be configured to accept
 e-mails to the ZKEY-zones of all local users.
 
+@node PLACE
+@subsubsection PLACE
+
+Record type for a social place.
+
+@node PHONE
+@subsubsection PHONE
+
+Record type for a phone (of CONVERSATION).
+
+@node ID ATTR
+@subsubsection ID ATTR
+
+Record type for identity attributes (of IDENTITY).
+
+@node ID TOKEN
+@subsubsection ID TOKEN
+
+Record type for an identity token (of IDENTITY-TOKEN).
+
+@node ID TOKEN METADATA
+@subsubsection ID TOKEN METADATA
+
+Record type for the private metadata of an identity token (of IDENTITY-TOKEN).
+
+@node CREDENTIAL
+@subsubsection CREDENTIAL
+
+Record type for credential.
+
+@node POLICY
+@subsubsection POLICY
+
+Record type for policies.
+
+@node ATTRIBUTE
+@subsubsection ATTRIBUTE
+
+Record type for reverse lookups.
+
+@node ABE KEY
+@subsubsection ABE KEY
+
+Record type for ABE records.
+
+@node ABE MASTER
+@subsubsection ABE MASTER
+
+Record type for ABE master keys.
+
+@node RECLAIM OIDC CLIENT
+@subsubsection RECLAIM OIDC CLIENT
+
+Record type for reclaim OIDC clients.
+
+@node RECLAIM OIDC REDIRECT
+@subsubsection RECLAIM OIDC REDIRECT
+
+Record type for reclaim OIDC redirect URIs.
+
 @node Synchronizing with legacy DNS
 @subsection Synchronizing with legacy DNS
 
@@ -1769,6 +1893,98 @@ is thus advisable to disable the namecache by setting the
 option ``DISABLE'' to ``YES'' in section ``[namecache]''.
 
 
+@node re@:claim Identity Provider
+@section re@:claim Identity Provider
+
+The re:claim Identity Provider (IdP) is a decentralized IdP service.
+It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses.
+
+It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook.
+Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort.
+
+@menu
+* Managing Attributes::
+* Sharing Attributes with Third Parties::
+* Revoking Authorizations of Third Parties::
+* Using the OpenID-Connect IdP::
+@end menu
+
+@node Managing Attributes
+@subsection Managing Attributes
+
+Before adding attributes to an identity, you must first create an ego:
+
+@example
+$ gnunet-identity -C "username"
+@end example
+
+Henceforth, you can manage a new user profile of the user ``username''.
+
+To add an email address to your user profile, simply use the @command{gnunet-idp} command line tool::
+
+@example
+$ gnunet-idp -e "username" -a "email" -V "username@@example.gnunet"
+@end example
+
+All of your attributes can be listed using the @command{gnunet-idp}
+command line tool as well:
+
+@example
+$ gnunet-idp -e "username" -D
+@end example
+
+Currently, and by default, attribute values are interpreted as plain text.
+In the future there might be more value types such as X.509 certificate credentials.
+
+@node Sharing Attributes with Third Parties
+@subsection Sharing Attributes with Third Parties
+
+If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute:
+
+@example
+$ gnunet-idp -e "username" -r "PKEY" -i "attribute1,attribute2,..."
+@end example
+
+Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share.
+
+The command will return a "ticket" string.
+You must give this "ticket" to the requesting third party.
+
+The third party can then retrieve your shared identity attributes using:
+
+@example
+$ gnunet-idp -e "friend" -C "ticket"
+@end example
+
+This will retrieve and list the shared identity attributes.
+The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS.
+Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed.
+
+To list all given authorizations (tickets) you can execute:
+@example
+$ gnunet-idp -e "friend" -T (TODO there is only a REST API for this ATM) 
+@end example
+
+
+@node Revoking Authorizations of Third Parties
+@subsection Revoking Authorizations of Third Parties
+
+If you want to revoke the access of a third party to your attributes you can execute:
+
+@example
+$ gnunet-idp -e "username" -R "ticket"
+@end example
+
+This will prevent the third party from accessing the attribute in the future.
+Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data.
+As such, only access to updated data in the future can be revoked.
+This behaviour is _exactly the same_ as with other IdPs.
+
+@node Using the OpenID-Connect IdP
+@subsection Using the OpenID-Connect IdP
+
+TODO: Document setup and REST endpoints
+
 @node Using the Virtual Public Network
 @section Using the Virtual Public Network
 
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi
index 7743fddea..50630d4fe 100644
--- a/doc/documentation/gnunet.texi
+++ b/doc/documentation/gnunet.texi
@@ -101,8 +101,8 @@ This document is the Reference Manual for GNUnet version @value{VERSION}.
 Preface
 
 * About this book
+* Contributing to this book
 * Introduction
-* General Terminology::
 * Typography::
 
 Philosophy
@@ -251,6 +251,7 @@ GNUnet Developer Handbook
 @unnumbered Programming Index
 @syncodeindex tp fn
 @syncodeindex vr fn
+@syncodeindex pg fn
 @printindex fn
 
 @bye
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 000000000..ce05012fc
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,138 @@
+# gnunet-docker
+A Dockerfile (and maybe later docker-compose.yml) for getting a running GNUnet docker container.
+
+> This README and parts of the Dockerfile were adapted from https://github.com/compiaffe/gnunet-docker
+
+
+## Build it
+This will take quite a while and will consume a bit of data.
+
+First you need to go to the root of this repo.
+
+```bash
+cd ..
+```
+
+Now you can build the image.
+
+```bash
+docker build -t gnunet .
+```
+
+## Start it from the newly created gnunet image
+Start a container from `gnunet` image, which can access /dev/net/tun, has access to the host network. We are going to name it `gnunet1`.
+
+Note the `--rm` that will delete the container as soon as you stop it and `-ti` gives you an interactive terminal.
+
+#### Linux Users
+```bash
+docker run \
+  --rm \
+  -ti \
+  --privileged \
+  --name gnunet1 \
+  --net=host \
+  -v /dev/net/tun:/dev/net/tun \
+  gnunet
+```
+
+#### Mac Users
+```bash
+docker run \
+  --rm \
+  -it \
+  --privileged \
+  --name gnunet1 \
+  -e LOCAL_PORT_RANGE='40001 40200' \
+  -e GNUNET_PORT=2086 \
+  -p 2086:2086 \
+  -p 2086:2086/udp \
+  -p40001-40200:40001-40200 \
+  -p40001-40200:40001-40200/udp \
+  gnunet
+```
+
+This terminal will keep on printing to screen at the moment. So go on in a new terminal please.
+
+Don't worry about warnings too much...
+
+## Check if you are connected
+Open a new terminal and connect to the container we just started:
+
+```bash
+docker exec -it gnunet1 gnunet-peerinfo -i
+```
+
+If you get a list of peers, all is good.
+
+## Multiple containers on the same host
+### Running
+#### Run Container 1
+```bash
+export GPORT=2086 LPORT='40001-40200' GNAME=gnunet1
+docker run \
+  --rm \
+  -it \
+  --privileged \
+  -e GNUNET_PORT=$GPORT \
+  -e LOCAL_PORT_RANGE="${LPORT/-/ }" \
+  -p $GPORT:$GPORT \
+  -p $GPORT:$GPORT/udp \
+  -p$LPORT:$LPORT \
+  -p$LPORT:$LPORT/udp \
+  --name $GNAME \
+  gnunet
+```
+
+#### Run Container 2
+```bash
+export GPORT=2087 LPORT='40201-40400' GNAME=gnunet2
+docker run \
+  --rm \
+  -it \
+  --privileged \
+  -e GNUNET_PORT=$GPORT \
+  -e LOCAL_PORT_RANGE="${LPORT/-/ }" \
+  -p $GPORT:$GPORT \
+  -p $GPORT:$GPORT/udp \
+  -p$LPORT:$LPORT \
+  -p$LPORT:$LPORT/udp \
+  --name $GNAME \
+  gnunet
+```
+
+### Testing cadet example
+#### Container 1
+```bash
+$ docker exec -it gnunet1 bash
+$ gnunet-peerinfo -s
+I am peer `VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0'.
+$ gnunet-cadet -o asdasd
+```
+
+#### Container 2
+```bash
+$ docker exec -it gnunet2 bash
+$ gnunet-cadet VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0 asdasd
+```
+
+### Testing file sharing example
+#### Container 1
+```bash
+$ docker exec -it gnunet1 bash
+$ echo 'test' > test.txt
+$ gnunet-publish test.txt
+Publishing `/test.txt' done.
+URI is `gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5'.
+```
+
+#### Container 2
+```bash
+$ docker exec -it gnunet2 bash
+$ gnunet-download -o out.file "gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5"
+100% [============================================================]
+Downloading `out.file' done (0 b/s).
+$ cat out.file
+test
+```
+
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
new file mode 100644
index 000000000..7f98ef68b
--- /dev/null
+++ b/docker/docker-entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+
+echo "${LOCAL_PORT_RANGE:-49152 65535}" > /proc/sys/net/ipv4/ip_local_port_range
+sed -i 's/$GNUNET_PORT/'${GNUNET_PORT:-2086}'/g' /etc/gnunet.conf
+
+if [[ $# -eq 0 ]]; then
+  exec gnunet-arm \
+    --config=/etc/gnunet.conf \
+    --start \
+    --monitor
+elif [[ -z $1 ]] || [[ ${1:0:1} == '-' ]]; then
+  exec gnunet-arm "$@"
+else
+  exec "$@"
+fi
diff --git a/docker/gnunet.conf b/docker/gnunet.conf
new file mode 100644
index 000000000..c8299ef46
--- /dev/null
+++ b/docker/gnunet.conf
@@ -0,0 +1,21 @@
+[arm]
+SYSTEM_ONLY = NO
+USER_ONLY = NO
+
+[fs]
+FORCESTART = NO
+
+[nat]
+ENABLE_UPNP = NO
+BEHIND_NAT = YES
+
+[transport-tcp]
+PORT = $GNUNET_PORT
+ADVERTISED_PORT = $GNUNET_PORT
+
+[transport-udp]
+PORT = $GNUNET_PORT
+BROADCAST = YES
+
+[cadet]
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 8a95064a6..86235f860 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -4,13 +4,21 @@ src/arm/arm_monitor_api.c
 src/arm/gnunet-arm.c
 src/arm/gnunet-service-arm.c
 src/arm/mockup-service.c
+src/ats-tests/ats-testing-experiment.c
+src/ats-tests/ats-testing-log.c
+src/ats-tests/ats-testing-preferences.c
+src/ats-tests/ats-testing-traffic.c
+src/ats-tests/ats-testing.c
+src/ats-tests/gnunet-ats-sim.c
+src/ats-tests/gnunet-solver-eval.c
+src/ats-tool/gnunet-ats.c
 src/ats/ats_api_connectivity.c
 src/ats/ats_api_performance.c
 src/ats/ats_api_scanner.c
 src/ats/ats_api_scheduling.c
 src/ats/gnunet-ats-solver-eval.c
-src/ats/gnunet-service-ats_addresses.c
 src/ats/gnunet-service-ats.c
+src/ats/gnunet-service-ats_addresses.c
 src/ats/gnunet-service-ats_connectivity.c
 src/ats/gnunet-service-ats_normalization.c
 src/ats/gnunet-service-ats_performance.c
@@ -21,14 +29,6 @@ src/ats/gnunet-service-ats_scheduling.c
 src/ats/plugin_ats_mlp.c
 src/ats/plugin_ats_proportional.c
 src/ats/plugin_ats_ril.c
-src/ats-tests/ats-testing.c
-src/ats-tests/ats-testing-experiment.c
-src/ats-tests/ats-testing-log.c
-src/ats-tests/ats-testing-preferences.c
-src/ats-tests/ats-testing-traffic.c
-src/ats-tests/gnunet-ats-sim.c
-src/ats-tests/gnunet-solver-eval.c
-src/ats-tool/gnunet-ats.c
 src/auction/gnunet-auction-create.c
 src/auction/gnunet-auction-info.c
 src/auction/gnunet-auction-join.c
@@ -40,8 +40,8 @@ src/block/plugin_block_test.c
 src/cadet/cadet_api.c
 src/cadet/cadet_test_lib.c
 src/cadet/desirability_table.c
-src/cadet/gnunet-cadet.c
 src/cadet/gnunet-cadet-profiler.c
+src/cadet/gnunet-cadet.c
 src/cadet/gnunet-service-cadet.c
 src/cadet/gnunet-service-cadet_channel.c
 src/cadet/gnunet-service-cadet_connection.c
@@ -57,15 +57,15 @@ src/consensus/gnunet-service-consensus.c
 src/consensus/plugin_block_consensus.c
 src/conversation/conversation_api.c
 src/conversation/conversation_api_call.c
-src/conversation/gnunet-conversation.c
 src/conversation/gnunet-conversation-test.c
-src/conversation/gnunet_gst.c
-src/conversation/gnunet_gst_test.c
-src/conversation/gnunet-helper-audio-playback.c
+src/conversation/gnunet-conversation.c
 src/conversation/gnunet-helper-audio-playback-gst.c
-src/conversation/gnunet-helper-audio-record.c
+src/conversation/gnunet-helper-audio-playback.c
 src/conversation/gnunet-helper-audio-record-gst.c
+src/conversation/gnunet-helper-audio-record.c
 src/conversation/gnunet-service-conversation.c
+src/conversation/gnunet_gst.c
+src/conversation/gnunet_gst_test.c
 src/conversation/microphone.c
 src/conversation/plugin_gnsrecord_conversation.c
 src/conversation/speaker.c
@@ -102,7 +102,6 @@ src/dht/dht_api.c
 src/dht/dht_test_lib.c
 src/dht/gnunet-dht-get.c
 src/dht/gnunet-dht-monitor.c
-src/dht/gnunet_dht_profiler.c
 src/dht/gnunet-dht-put.c
 src/dht/gnunet-service-dht.c
 src/dht/gnunet-service-dht_clients.c
@@ -111,6 +110,7 @@ src/dht/gnunet-service-dht_hello.c
 src/dht/gnunet-service-dht_neighbours.c
 src/dht/gnunet-service-dht_nse.c
 src/dht/gnunet-service-dht_routing.c
+src/dht/gnunet_dht_profiler.c
 src/dht/plugin_block_dht.c
 src/dns/dns_api.c
 src/dns/gnunet-dns-monitor.c
@@ -124,8 +124,8 @@ src/dv/gnunet-dv.c
 src/dv/gnunet-service-dv.c
 src/dv/plugin_transport_dv.c
 src/exit/gnunet-daemon-exit.c
-src/exit/gnunet-helper-exit.c
 src/exit/gnunet-helper-exit-windows.c
+src/exit/gnunet-helper-exit.c
 src/fragmentation/defragmentation.c
 src/fragmentation/fragmentation.c
 src/fs/fs_api.c
@@ -150,8 +150,8 @@ src/fs/gnunet-auto-share.c
 src/fs/gnunet-daemon-fsprofiler.c
 src/fs/gnunet-directory.c
 src/fs/gnunet-download.c
-src/fs/gnunet-fs.c
 src/fs/gnunet-fs-profiler.c
+src/fs/gnunet-fs.c
 src/fs/gnunet-helper-fs-publish.c
 src/fs/gnunet-publish.c
 src/fs/gnunet-search.c
@@ -171,10 +171,10 @@ src/gns/gns_tld_api.c
 src/gns/gnunet-bcd.c
 src/gns/gnunet-dns2gns.c
 src/gns/gnunet-gns-benchmark.c
-src/gns/gnunet-gns.c
 src/gns/gnunet-gns-helper-service-w32.c
 src/gns/gnunet-gns-import.c
 src/gns/gnunet-gns-proxy.c
+src/gns/gnunet-gns.c
 src/gns/gnunet-service-gns.c
 src/gns/gnunet-service-gns_interceptor.c
 src/gns/gnunet-service-gns_resolver.c
@@ -183,45 +183,35 @@ src/gns/nss/nss_gns_query.c
 src/gns/plugin_block_gns.c
 src/gns/plugin_gnsrecord_gns.c
 src/gns/plugin_rest_gns.c
+src/gns/w32nsp-install.c
+src/gns/w32nsp-resolve.c
+src/gns/w32nsp-uninstall.c
+src/gns/w32nsp.c
 src/gnsrecord/gnsrecord.c
 src/gnsrecord/gnsrecord_crypto.c
 src/gnsrecord/gnsrecord_misc.c
 src/gnsrecord/gnsrecord_serialization.c
 src/gnsrecord/plugin_gnsrecord_dns.c
-src/gns/w32nsp.c
-src/gns/w32nsp-install.c
-src/gns/w32nsp-resolve.c
-src/gns/w32nsp-uninstall.c
 src/hello/address.c
 src/hello/gnunet-hello.c
 src/hello/hello.c
 src/hostlist/gnunet-daemon-hostlist.c
 src/hostlist/gnunet-daemon-hostlist_client.c
 src/hostlist/gnunet-daemon-hostlist_server.c
-src/identity-attribute/identity_attribute.c
-src/identity-attribute/plugin_identity_attribute_gnuid.c
 src/identity/gnunet-identity.c
 src/identity/gnunet-service-identity.c
 src/identity/identity_api.c
 src/identity/identity_api_lookup.c
 src/identity/plugin_rest_identity.c
-src/identity-provider/gnunet-idp.c
-src/identity-provider/gnunet-service-identity-provider.c
-src/identity-provider/identity_provider_api.c
-src/identity-provider/jwt.c
-src/identity-provider/plugin_gnsrecord_identity_provider.c
-src/identity-provider/plugin_identity_provider_sqlite.c
-src/identity-provider/plugin_rest_identity_provider.c
-src/identity-provider/plugin_rest_openid_connect.c
+src/json/json.c
+src/json/json_generator.c
+src/json/json_helper.c
+src/json/json_mhd.c
 src/jsonapi/jsonapi.c
 src/jsonapi/jsonapi_document.c
 src/jsonapi/jsonapi_error.c
 src/jsonapi/jsonapi_relationship.c
 src/jsonapi/jsonapi_resource.c
-src/json/json.c
-src/json/json_generator.c
-src/json/json_helper.c
-src/json/json_mhd.c
 src/multicast/gnunet-multicast.c
 src/multicast/gnunet-service-multicast.c
 src/multicast/multicast_api.c
@@ -235,8 +225,8 @@ src/namecache/namecache_api.c
 src/namecache/plugin_namecache_flat.c
 src/namecache/plugin_namecache_postgres.c
 src/namecache/plugin_namecache_sqlite.c
-src/namestore/gnunet-namestore.c
 src/namestore/gnunet-namestore-fcfsd.c
+src/namestore/gnunet-namestore.c
 src/namestore/gnunet-service-namestore.c
 src/namestore/gnunet-zoneimport.c
 src/namestore/namestore_api.c
@@ -252,10 +242,10 @@ src/nat-auto/gnunet-service-nat-auto.c
 src/nat-auto/gnunet-service-nat-auto_legacy.c
 src/nat-auto/nat_auto_api.c
 src/nat-auto/nat_auto_api_test.c
-src/nat/gnunet-helper-nat-client.c
 src/nat/gnunet-helper-nat-client-windows.c
-src/nat/gnunet-helper-nat-server.c
+src/nat/gnunet-helper-nat-client.c
 src/nat/gnunet-helper-nat-server-windows.c
+src/nat/gnunet-helper-nat-server.c
 src/nat/gnunet-nat.c
 src/nat/gnunet-service-nat.c
 src/nat/gnunet-service-nat_externalip.c
@@ -264,15 +254,15 @@ src/nat/gnunet-service-nat_mini.c
 src/nat/gnunet-service-nat_stun.c
 src/nat/nat_api.c
 src/nat/nat_api_stun.c
-src/nse/gnunet-nse.c
 src/nse/gnunet-nse-profiler.c
+src/nse/gnunet-nse.c
 src/nse/gnunet-service-nse.c
 src/nse/nse_api.c
+src/peerinfo-tool/gnunet-peerinfo.c
+src/peerinfo-tool/gnunet-peerinfo_plugins.c
 src/peerinfo/gnunet-service-peerinfo.c
 src/peerinfo/peerinfo_api.c
 src/peerinfo/peerinfo_api_notify.c
-src/peerinfo-tool/gnunet-peerinfo.c
-src/peerinfo-tool/gnunet-peerinfo_plugins.c
 src/peerstore/gnunet-peerstore.c
 src/peerstore/gnunet-service-peerstore.c
 src/peerstore/peerstore_api.c
@@ -297,6 +287,16 @@ src/psycutil/psyc_env.c
 src/psycutil/psyc_message.c
 src/psycutil/psyc_slicer.c
 src/pt/gnunet-daemon-pt.c
+src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
+src/reclaim-attribute/reclaim_attribute.c
+src/reclaim/gnunet-reclaim.c
+src/reclaim/gnunet-service-reclaim.c
+src/reclaim/jwt.c
+src/reclaim/plugin_gnsrecord_reclaim.c
+src/reclaim/plugin_reclaim_sqlite.c
+src/reclaim/plugin_rest_openid_connect.c
+src/reclaim/plugin_rest_reclaim.c
+src/reclaim/reclaim_api.c
 src/regex/gnunet-daemon-regexprofiler.c
 src/regex/gnunet-regex-profiler.c
 src/regex/gnunet-regex-simulation-profiler.c
@@ -317,21 +317,20 @@ src/revocation/gnunet-revocation.c
 src/revocation/gnunet-service-revocation.c
 src/revocation/plugin_block_revocation.c
 src/revocation/revocation_api.c
-src/rps/gnunet-rps.c
 src/rps/gnunet-rps-profiler.c
+src/rps/gnunet-rps.c
 src/rps/gnunet-service-rps.c
 src/rps/gnunet-service-rps_custommap.c
 src/rps/gnunet-service-rps_sampler.c
 src/rps/gnunet-service-rps_sampler_elem.c
 src/rps/gnunet-service-rps_view.c
-src/rps/rps_api.c
-src/rps/rps_test_lib.c
 src/rps/rps-test_util.c
+src/rps/rps_api.c
 src/scalarproduct/gnunet-scalarproduct.c
-src/scalarproduct/gnunet-service-scalarproduct_alice.c
-src/scalarproduct/gnunet-service-scalarproduct_bob.c
 src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
 src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
+src/scalarproduct/gnunet-service-scalarproduct_alice.c
+src/scalarproduct/gnunet-service-scalarproduct_bob.c
 src/scalarproduct/scalarproduct_api.c
 src/secretsharing/gnunet-secretsharing-profiler.c
 src/secretsharing/gnunet-service-secretsharing.c
@@ -360,15 +359,16 @@ src/statistics/gnunet-statistics.c
 src/statistics/statistics_api.c
 src/template/gnunet-service-template.c
 src/template/gnunet-template.c
+src/testbed-logger/gnunet-service-testbed-logger.c
+src/testbed-logger/testbed_logger_api.c
 src/testbed/generate-underlay-topology.c
 src/testbed/gnunet-daemon-latency-logger.c
 src/testbed/gnunet-daemon-testbed-blacklist.c
 src/testbed/gnunet-daemon-testbed-underlay.c
 src/testbed/gnunet-helper-testbed.c
-src/testbed/gnunet_mpi_test.c
 src/testbed/gnunet-service-test-barriers.c
-src/testbed/gnunet-service-testbed_barriers.c
 src/testbed/gnunet-service-testbed.c
+src/testbed/gnunet-service-testbed_barriers.c
 src/testbed/gnunet-service-testbed_cache.c
 src/testbed/gnunet-service-testbed_connectionpool.c
 src/testbed/gnunet-service-testbed_cpustatus.c
@@ -376,20 +376,19 @@ src/testbed/gnunet-service-testbed_links.c
 src/testbed/gnunet-service-testbed_meminfo.c
 src/testbed/gnunet-service-testbed_oc.c
 src/testbed/gnunet-service-testbed_peers.c
-src/testbed/gnunet_testbed_mpi_spawn.c
 src/testbed/gnunet-testbed-profiler.c
-src/testbed-logger/gnunet-service-testbed-logger.c
-src/testbed-logger/testbed_logger_api.c
-src/testbed/testbed_api_barriers.c
+src/testbed/gnunet_mpi_test.c
+src/testbed/gnunet_testbed_mpi_spawn.c
 src/testbed/testbed_api.c
+src/testbed/testbed_api_barriers.c
 src/testbed/testbed_api_hosts.c
 src/testbed/testbed_api_operations.c
 src/testbed/testbed_api_peers.c
 src/testbed/testbed_api_sd.c
 src/testbed/testbed_api_services.c
 src/testbed/testbed_api_statistics.c
-src/testbed/testbed_api_testbed.c
 src/testbed/testbed_api_test.c
+src/testbed/testbed_api_testbed.c
 src/testbed/testbed_api_topology.c
 src/testbed/testbed_api_underlay.c
 src/testing/gnunet-testing.c
@@ -398,28 +397,28 @@ src/testing/testing.c
 src/topology/friends.c
 src/topology/gnunet-daemon-topology.c
 src/transport/gnunet-helper-transport-bluetooth.c
-src/transport/gnunet-helper-transport-wlan.c
 src/transport/gnunet-helper-transport-wlan-dummy.c
-src/transport/gnunet-service-transport_ats.c
+src/transport/gnunet-helper-transport-wlan.c
 src/transport/gnunet-service-transport.c
+src/transport/gnunet-service-transport_ats.c
 src/transport/gnunet-service-transport_hello.c
 src/transport/gnunet-service-transport_manipulation.c
 src/transport/gnunet-service-transport_neighbours.c
 src/transport/gnunet-service-transport_plugins.c
 src/transport/gnunet-service-transport_validation.c
-src/transport/gnunet-transport.c
 src/transport/gnunet-transport-certificate-creation.c
 src/transport/gnunet-transport-profiler.c
 src/transport/gnunet-transport-wlan-receiver.c
 src/transport/gnunet-transport-wlan-sender.c
+src/transport/gnunet-transport.c
 src/transport/plugin_transport_http_client.c
 src/transport/plugin_transport_http_common.c
 src/transport/plugin_transport_http_server.c
 src/transport/plugin_transport_smtp.c
 src/transport/plugin_transport_tcp.c
 src/transport/plugin_transport_template.c
-src/transport/plugin_transport_udp_broadcasting.c
 src/transport/plugin_transport_udp.c
+src/transport/plugin_transport_udp_broadcasting.c
 src/transport/plugin_transport_unix.c
 src/transport/plugin_transport_wlan.c
 src/transport/plugin_transport_xt.c
@@ -428,6 +427,11 @@ src/transport/tcp_connection_legacy.c
 src/transport/tcp_server_legacy.c
 src/transport/tcp_server_mst_legacy.c
 src/transport/tcp_service_legacy.c
+src/transport/transport-testing-filenames.c
+src/transport/transport-testing-loggers.c
+src/transport/transport-testing-main.c
+src/transport/transport-testing-send.c
+src/transport/transport-testing.c
 src/transport/transport_api_address_to_string.c
 src/transport/transport_api_blacklist.c
 src/transport/transport_api_core.c
@@ -436,11 +440,6 @@ src/transport/transport_api_manipulation.c
 src/transport/transport_api_monitor_peers.c
 src/transport/transport_api_monitor_plugins.c
 src/transport/transport_api_offer_hello.c
-src/transport/transport-testing.c
-src/transport/transport-testing-filenames.c
-src/transport/transport-testing-loggers.c
-src/transport/transport-testing-main.c
-src/transport/transport-testing-send.c
 src/util/bandwidth.c
 src/util/bio.c
 src/util/client.c
@@ -452,8 +451,8 @@ src/util/configuration_loader.c
 src/util/container_bloomfilter.c
 src/util/container_heap.c
 src/util/container_meta_data.c
-src/util/container_multihashmap32.c
 src/util/container_multihashmap.c
+src/util/container_multihashmap32.c
 src/util/container_multipeermap.c
 src/util/container_multishortmap.c
 src/util/crypto_abe.c
@@ -475,13 +474,15 @@ src/util/dnsparser.c
 src/util/dnsstub.c
 src/util/getopt.c
 src/util/getopt_helpers.c
-src/util/gnunet-config.c
 src/util/gnunet-config-diff.c
+src/util/gnunet-config.c
 src/util/gnunet-ecc.c
 src/util/gnunet-helper-w32-console.c
 src/util/gnunet-resolver.c
 src/util/gnunet-scrypt.c
 src/util/gnunet-service-resolver.c
+src/util/gnunet-timeout-w32.c
+src/util/gnunet-timeout.c
 src/util/gnunet-uri.c
 src/util/helper.c
 src/util/load.c
@@ -509,13 +510,13 @@ src/util/tun.c
 src/util/w32cat.c
 src/util/win.c
 src/util/winproc.c
-src/vpn/gnunet-helper-vpn.c
 src/vpn/gnunet-helper-vpn-windows.c
+src/vpn/gnunet-helper-vpn.c
 src/vpn/gnunet-service-vpn.c
 src/vpn/gnunet-vpn.c
 src/vpn/vpn_api.c
-src/zonemaster/gnunet-service-zonemaster.c
 src/zonemaster/gnunet-service-zonemaster-monitor.c
+src/zonemaster/gnunet-service-zonemaster.c
 src/fs/fs_api.h
 src/include/gnunet_common.h
 src/include/gnunet_mq_lib.h
diff --git a/src/Makefile.am b/src/Makefile.am
index 00f30adc3..4ded81891 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,11 +19,13 @@ if HAVE_EXPERIMENTAL
   social 
 #  dv (FTBFS)
 if HAVE_ABE
+if HAVE_JSON
  EXP_DIR += \
     abe \
     credential \
-    identity-attribute \
-    identity-provider 
+    reclaim-attribute \
+    reclaim 
+endif
 endif
 if HAVE_JSON
  EXP_DIR += \
diff --git a/src/arm/test_exponential_backoff.c b/src/arm/test_exponential_backoff.c
index 4a7d51bc7..f15bca2db 100644
--- a/src/arm/test_exponential_backoff.c
+++ b/src/arm/test_exponential_backoff.c
@@ -343,7 +343,10 @@ init ()
   cfg = GNUNET_CONFIGURATION_create ();
   if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg,
                                                "test_arm_api_data.conf"))
+  {
+    GNUNET_CONFIGURATION_destroy (cfg);
     return GNUNET_SYSERR;
+  }
   if (NULL == getcwd (pwd, PATH_MAX))
     return GNUNET_SYSERR;
   GNUNET_assert (0 < GNUNET_asprintf (&binary,
diff --git a/src/cadet/cadet_api.c b/src/cadet/cadet_api.c
index 319279110..92dd39b97 100644
--- a/src/cadet/cadet_api.c
+++ b/src/cadet/cadet_api.c
@@ -841,6 +841,7 @@ handle_mq_error (void *cls,
                                            h);
   GNUNET_MQ_destroy (h->mq);
   h->mq = NULL;
+  GNUNET_assert (NULL == h->reconnect_task);
   h->reconnect_task = GNUNET_SCHEDULER_add_delayed (h->reconnect_time,
                                                     &reconnect_cbk,
                                                     h);
diff --git a/src/core/test_core_api_reliability.c b/src/core/test_core_api_reliability.c
index 4cc5b4bcd..c7c71f1f1 100644
--- a/src/core/test_core_api_reliability.c
+++ b/src/core/test_core_api_reliability.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -143,6 +143,8 @@ do_shutdown (void *cls)
   unsigned long long delta;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   FPRINTF (stderr,
            "\nThroughput was %llu kb/s\n",
            total_bytes * 1000000LL / 1024 / delta);
diff --git a/src/core/test_core_quota_compliance.c b/src/core/test_core_quota_compliance.c
index a15105556..caff045f0 100644
--- a/src/core/test_core_quota_compliance.c
+++ b/src/core/test_core_quota_compliance.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -227,7 +227,8 @@ measurement_stop (void *cls)
   running = GNUNET_NO;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
-
+  if (0 == delta)
+    delta = 1;
   throughput_out = total_bytes_sent * 1000000LL / delta;     /* convert to bytes/s */
   throughput_in = total_bytes_recv * 1000000LL / delta;      /* convert to bytes/s */
 
diff --git a/src/datacache/plugin_datacache_sqlite.c b/src/datacache/plugin_datacache_sqlite.c
index 4684e514c..dc4236a8b 100644
--- a/src/datacache/plugin_datacache_sqlite.c
+++ b/src/datacache/plugin_datacache_sqlite.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -749,7 +749,8 @@ libgnunet_plugin_datacache_sqlite_init (void *cls)
                 "  value BLOB NOT NULL,"
                 "  path BLOB DEFAULT '')");
   SQLITE3_EXEC (dbh, "CREATE INDEX idx_hashidx ON ds091 (key,type,expire)");
-  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_prox_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire_only ON ds091 (expire)");
   plugin = GNUNET_new (struct Plugin);
   plugin->env = env;
   plugin->dbh = dbh;
diff --git a/src/identity-provider/identity-token.conf b/src/identity-provider/identity-token.conf
deleted file mode 100644
index f29f6cdf3..000000000
--- a/src/identity-provider/identity-token.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[identity-token]
-BINARY=gnunet-service-identity-token
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c
deleted file mode 100644
index 1a984f7b5..000000000
--- a/src/identity-provider/jwt.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
-      This file is part of GNUnet
-      Copyright (C) 2010-2015 GNUnet e.V.
-
-      GNUnet is free software: you can redistribute it and/or modify it
-      under the terms of the GNU Affero General Public License as published
-      by the Free Software Foundation, either version 3 of the License,
-      or (at your option) any later version.
-
-      GNUnet is distributed in the hope that it will be useful, but
-      WITHOUT ANY WARRANTY; without even the implied warranty of
-      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-      Affero General Public License for more details.
-     
-      You should have received a copy of the GNU Affero General Public License
-      along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * @file identity-provider/jwt.c
- * @brief helper library for JSON-Web-Tokens
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include <jansson.h>
-
-
-#define JWT_ALG "alg"
-
-/*TODO is this the correct way to define new algs? */
-#define JWT_ALG_VALUE "urn:org:gnunet:jwt:alg:ecdsa:ed25519"
-
-#define JWT_TYP "typ"
-
-#define JWT_TYP_VALUE "jwt"
-
-//TODO change server address
-#define SERVER_ADDRESS "https://localhost"
-
-static char*
-create_jwt_header(void)
-{
-  json_t *root;
-  char *json_str;
-
-  root = json_object ();
-  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
-  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
-
-  json_str = json_dumps (root, JSON_INDENT(1));
-  json_decref (root);
-  return json_str;
-}
-
-/**
- * Create a JWT from attributes
- *
- * @param aud_key the public of the subject
- * @param attrs the attribute list
- * @param priv_key the key used to sign the JWT
- * @return a new base64-encoded JWT string.
- */
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
-{
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_CRYPTO_EcdsaPublicKey sub_key;
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
-  char* audience;
-  char* subject;
-  char* header;
-  char* padding;
-  char* body_str;
-  char* result;
-  char* header_base64;
-  char* body_base64;
-  char* signature_target;
-  char* signature_base64;
-  char* attr_val_str;
-  json_t* body;
-
-  //exp REQUIRED time expired from config
-  //iat REQUIRED time now
-  //auth_time only if max_age
-  //nonce only if nonce
-  // OPTIONAL acr,amr,azp
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &sub_key);
-  /* TODO maybe we should use a local identity here */
-  subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
-                                                sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
-                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  header = create_jwt_header ();
-  body = json_object ();
-  /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
-  //iss REQUIRED case sensitive server uri with https
-  json_object_set_new (body,
-                       "iss", json_string (SERVER_ADDRESS));
-  //sub REQUIRED public key identity, not exceed 255 ASCII  length
-  json_object_set_new (body,
-                       "sub", json_string (subject));
-  /* TODO what should be in here exactly? */
-  //aud REQUIRED public key client_id must be there
-  json_object_set_new (body,
-                       "aud", json_string (audience));
-  for (le = attrs->list_head; NULL != le; le = le->next)
-  {
-    /**
-     * TODO here we should have a function that
-     * calls the Attribute plugins to create a
-     * json representation for its value
-     */
-    attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
-                                                              le->claim->data,
-                                                              le->claim->data_size);
-    json_object_set_new (body,
-                         le->claim->name,
-                         json_string (attr_val_str));
-    GNUNET_free (attr_val_str);
-  }
-  body_str = json_dumps (body, JSON_INDENT(0));
-  json_decref (body);
-
-  GNUNET_STRINGS_base64_encode (header,
-                                strlen (header),
-                                &header_base64);
-  //Remove GNUNET padding of base64
-  padding = strtok(header_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-
-  GNUNET_STRINGS_base64_encode (body_str,
-                                strlen (body_str),
-                                &body_base64);
-
-  //Remove GNUNET padding of base64
-  padding = strtok(body_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-
-  GNUNET_free (subject);
-  GNUNET_free (audience);
-
-  /**
-   * TODO
-   * Creating the JWT signature. This might not be
-   * standards compliant, check.
-   */
-  GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
-
-  purpose =
-    GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-                   strlen (signature_target));
-  purpose->size =
-    htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
-  purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
-  GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
-  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
-                                             purpose,
-                                             (struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
-  {
-    GNUNET_free (signature_target);
-    GNUNET_free (body_str);
-    GNUNET_free (body_base64);
-    GNUNET_free (header_base64);
-    GNUNET_free (purpose);
-    return NULL;
-  }
-  GNUNET_STRINGS_base64_encode ((const char*)&signature,
-                                sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
-                                &signature_base64);
-  GNUNET_asprintf (&result, "%s.%s.%s",
-                   header_base64, body_base64, signature_base64);
-
-  GNUNET_free (signature_target);
-  GNUNET_free (header);
-  GNUNET_free (body_str);
-  GNUNET_free (signature_base64);
-  GNUNET_free (body_base64);
-  GNUNET_free (header_base64);
-  GNUNET_free (purpose);
-  return result;
-}
diff --git a/src/identity-provider/jwt.h b/src/identity-provider/jwt.h
deleted file mode 100644
index 072958973..000000000
--- a/src/identity-provider/jwt.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef JWT_H
-#define JWT_H
-
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key);
-
-#endif
diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf
deleted file mode 100644
index 3e4df561a..000000000
--- a/src/identity-provider/test_idp.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-@INLINE@ test_idp_defaults.conf
-
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-peer-1/
-
-[dht]
-START_ON_DEMAND = YES
-
-[rest]
-START_ON_DEMAND = YES
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog
-
-[transport]
-PLUGINS =
-
-[identity-provider]
-START_ON_DEMAND = YES
-#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog
-
-[gns]
-#PREFIX = valgrind --leak-check=full --track-origins=yes
-START_ON_DEMAND = YES
-AUTO_IMPORT_PKEY = YES
-MAX_PARALLEL_BACKGROUND_QUERIES = 10
-DEFAULT_LOOKUP_TIMEOUT = 15 s
-RECORD_PUT_INTERVAL = 1 h
-ZONE_PUBLISH_TIME_WINDOW = 1 h
-DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
-
-[identity-rest-plugin]
-address = http://localhost:8000/#/login
-psw = mysupersecretpassword
-expiration_time = 3600
diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh
deleted file mode 100755
index 598d1008c..000000000
--- a/src/identity-provider/test_idp.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-gnunet-idp -e testego -D -c test_idp.conf
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh
deleted file mode 100755
index 7f0f06dac..000000000
--- a/src/identity-provider/test_idp_attribute.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-
-#curl localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh
deleted file mode 100755
index 11f6865a4..000000000
--- a/src/identity-provider/test_idp_consume.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
-gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1
-
-if test $? != 0
-then
-  "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/tickets/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh
deleted file mode 100755
index 90487ee73..000000000
--- a/src/identity-provider/test_idp_issue.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-#gnunet-idp -e testego -D -c test_idp.conf
-gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh
deleted file mode 100755
index 7a3f5d030..000000000
--- a/src/identity-provider/test_idp_revoke.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-gnunet-identity -C alice -c test_idp.conf
-gnunet-identity -C bob -c test_idp.conf
-gnunet-identity -C eve -c test_idp.conf
-ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}')
-BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
-EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-
-gnunet-idp -e alice -E 15s -a email -V john@doe.gnu -c test_idp.conf 
-gnunet-idp -e alice -E 15s -a name -V John -c test_idp.conf
-TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}')
-#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
-TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}')
-
-#echo "Consuming $TICKET"
-#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
-gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
-
-#sleep 6
-
-gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf 2&>1 >/dev/null
-if test $? == 0
-then 
-  echo "Eve can still resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-
-gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf 2&>1 >/dev/null
-if test $? != 0
-then
-  echo "Bob cannot resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index 6b8e21806..266f5ccc3 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -371,11 +371,12 @@ handle_get_default_message (void *cls,
   struct GNUNET_MQ_Envelope *env;
   struct GNUNET_SERVICE_Client *client = cls;
   struct Ego *ego;
-  const char *name;
+  char *name;
   char *identifier;
 
 
-  name = (const char *) &gdm[1];
+  name = GNUNET_strdup ((const char *) &gdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &gdm[1], name);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received GET_DEFAULT for service `%s' from client\n",
               name);
@@ -387,6 +388,7 @@ handle_get_default_message (void *cls,
   {
     send_result_code (client, 1, gettext_noop ("no default known"));
     GNUNET_SERVICE_client_continue (client);
+    GNUNET_free (name);
     return;
   }
   for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -399,6 +401,7 @@ handle_get_default_message (void *cls,
       GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), env);
       GNUNET_SERVICE_client_continue (client);
       GNUNET_free (identifier);
+      GNUNET_free (name);
       return;
     }
   }
@@ -406,6 +409,7 @@ handle_get_default_message (void *cls,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Failed to find ego `%s'\n",
               name);
+  GNUNET_free (name);
   send_result_code (client, 1,
                     gettext_noop ("default configured, but ego unknown (internal error)"));
   GNUNET_SERVICE_client_continue (client);
@@ -477,9 +481,11 @@ handle_set_default_message (void *cls,
 {
   struct Ego *ego;
   struct GNUNET_SERVICE_Client *client = cls;
-  const char *str;
+  char *str;
+
+  str = GNUNET_strdup ((const char *) &sdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &sdm[1], str);
 
-  str = (const char *) &sdm[1];
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received SET_DEFAULT for service `%s' from client\n",
               str);
@@ -500,10 +506,12 @@ handle_set_default_message (void *cls,
                     subsystem_cfg_file);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
       return;
     }
   }
   send_result_code (client, 1, _("Unknown ego specified for service (internal error)"));
+  GNUNET_free (str);
   GNUNET_SERVICE_client_continue (client);
 }
 
@@ -585,12 +593,13 @@ handle_create_message (void *cls,
 {
   struct GNUNET_SERVICE_Client *client = cls;
   struct Ego *ego;
-  const char *str;
+  char *str;
   char *fn;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received CREATE message from client\n");
-  str = (const char *) &crm[1];
+  str = GNUNET_strdup ((const char *) &crm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &crm[1], str);
   for (ego = ego_head; NULL != ego; ego = ego->next)
   {
     if (0 == strcmp (ego->identifier,
@@ -598,6 +607,7 @@ handle_create_message (void *cls,
     {
       send_result_code (client, 1, gettext_noop ("identifier already in use for another ego"));
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
       return;
     }
   }
@@ -620,6 +630,7 @@ handle_create_message (void *cls,
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
                               "write", fn);
   GNUNET_free (fn);
+  GNUNET_free (str);
   notify_listeners (ego);
   GNUNET_SERVICE_client_continue (client);
 }
@@ -726,18 +737,22 @@ handle_rename_message (void *cls,
 {
   uint16_t old_name_len;
   struct Ego *ego;
-  const char *old_name;
-  const char *new_name;
+  char *old_name;
+  char *new_name;
   struct RenameContext rename_ctx;
   struct GNUNET_SERVICE_Client *client = cls;
   char *fn_old;
   char *fn_new;
+  const char *old_name_tmp;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received RENAME message from client\n");
   old_name_len = ntohs (rm->old_name_len);
-  old_name = (const char *) &rm[1];
-  new_name = &old_name[old_name_len];
+  old_name_tmp = (const char *) &rm[1];
+  old_name = GNUNET_strdup (old_name_tmp);
+  GNUNET_STRINGS_utf8_tolower (old_name_tmp, old_name);
+  new_name = GNUNET_strdup (&old_name_tmp[old_name_len]);
+  GNUNET_STRINGS_utf8_tolower (&old_name_tmp[old_name_len], old_name);
 
   /* check if new name is already in use */
   for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -747,6 +762,8 @@ handle_rename_message (void *cls,
     {
       send_result_code (client, 1, gettext_noop ("target name already exists"));
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
       return;
     }
   }
@@ -776,6 +793,8 @@ handle_rename_message (void *cls,
         GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "rename", fn_old);
       GNUNET_free (fn_old);
       GNUNET_free (fn_new);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
       notify_listeners (ego);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
@@ -785,6 +804,8 @@ handle_rename_message (void *cls,
 
   /* failed to locate old name */
   send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (old_name);
+  GNUNET_free (new_name);
   GNUNET_SERVICE_client_continue (client);
 }
 
@@ -868,13 +889,15 @@ handle_delete_message (void *cls,
                        const struct DeleteMessage *dm)
 {
   struct Ego *ego;
-  const char *name;
+  char *name;
   char *fn;
   struct GNUNET_SERVICE_Client *client = cls;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received DELETE message from client\n");
-  name = (const char *) &dm[1];
+  name = GNUNET_strdup ((const char *) &dm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &dm[1], name);
+
   for (ego = ego_head; NULL != ego; ego = ego->next)
   {
     if (0 == strcmp (ego->identifier,
@@ -901,6 +924,7 @@ handle_delete_message (void *cls,
       notify_listeners (ego);
       GNUNET_free (ego->pk);
       GNUNET_free (ego);
+      GNUNET_free (name);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
       return;
@@ -908,6 +932,7 @@ handle_delete_message (void *cls,
   }
 
   send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (name);
   GNUNET_SERVICE_client_continue (client);
 }
 
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 08e9dd156..41b2b1382 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -66,7 +66,7 @@ gnunetinclude_HEADERS = \
   gnunet_hello_lib.h \
   gnunet_helper_lib.h \
   gnunet_identity_service.h \
-  gnunet_identity_provider_service.h \
+  gnunet_reclaim_service.h \
   gnunet_json_lib.h \
   gnunet_jsonapi_lib.h \
   gnunet_jsonapi_util.h \
diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h
index d380c9b03..554d4488b 100644
--- a/src/include/gnunet_abe_lib.h
+++ b/src/include/gnunet_abe_lib.h
@@ -87,7 +87,7 @@ GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key,
  * Delete a CP-ABE key.
  *
  * @param key the key to delete
- * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe)
+ * @param delete_pub GNUNET_YES if the public key should also be freed (bug in gabe)
  * @return fresh private key; free using #GNUNET_free
  */
 void
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 0bffef212..8a591fa09 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -206,14 +206,15 @@ struct GNUNET_CRYPTO_EcdsaSignature
 
 
 /**
- * Public ECC key (always for Curve25519) encoded in a format suitable
- * for network transmission and EdDSA signatures.
+ * Public ECC key (always for curve Ed25519) encoded in a format
+ * suitable for network transmission and EdDSA signatures.
  */
 struct GNUNET_CRYPTO_EddsaPublicKey
 {
   /**
-   * Q consists of an x- and a y-value, each mod p (256 bits), given
-   * here in affine coordinates and Ed25519 standard compact format.
+   * Point Q consists of a y-value mod p (256 bits); the x-value is
+   * always positive. The point is stored in Ed25519 standard
+   * compact format.
    */
   unsigned char q_y[256 / 8];
 
@@ -725,6 +726,23 @@ GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
 
 
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac);
+
+
+/**
  * @ingroup hash
  * Calculate HMAC of a message (RFC 2104)
  *
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 20846238b..693cc6cdb 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -132,6 +132,16 @@ extern "C"
 #define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551
 
 /**
+ * Record type for reclaim OIDC clients
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552
+
+/**
+ * Record type for reclaim OIDC redirect URIs
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553
+
+/**
  * Flags that can be set for a record.
  */
 enum GNUNET_GNSRECORD_Flags
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 36aa424b4..4400db7e1 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2656,35 +2656,35 @@ extern "C"
  *
  * IDENTITY PROVIDER MESSAGE TYPES
  */
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE 961
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE 962
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START 963
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP 964
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT 965
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT 966
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET 967
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT 968
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET 969
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT 970
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET 971
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT 972
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START 973
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP 974
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT 975
 
 /**************************************************
  *
diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_reclaim_attribute_lib.h
index eb01f7ac2..df5356d76 100644
--- a/src/include/gnunet_identity_attribute_lib.h
+++ b/src/include/gnunet_reclaim_attribute_lib.h
@@ -25,8 +25,8 @@
  * @defgroup identity-provider  Identity Provider service
  * @{
  */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H
-#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H
+#define GNUNET_RECLAIM_ATTRIBUTE_LIB_H
 
 #ifdef __cplusplus
 extern "C"
@@ -42,19 +42,19 @@ extern "C"
 /**
  * No value attribute.
  */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_NONE 0
 
 /**
  * String attribute.
  */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING 1
 
 
 
 /**
  * An attribute.
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim
 {
   /**
    * The name of the attribute. Note "name" must never be individually
@@ -86,35 +86,35 @@ struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 
 };
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList
 {
   /**
    * List head
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_head;
 
   /**
    * List tail
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_tail;
 };
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry
 {
   /**
    * DLL
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *prev;
 
   /**
    * DLL
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *next;
 
   /**
    * The attribute claim
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
 };
 
 /**
@@ -126,8 +126,8 @@ struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
  * @param data_size the attribute value size
  * @return the new attribute
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
                                      uint32_t type,
                                      const void* data,
                                      size_t data_size);
@@ -141,13 +141,13 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
  * @return the required buffer size
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                                     const char* attr_name,
                                     uint32_t type,
                                     const void* data,
@@ -162,7 +162,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
  * @return length of serialized data
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                      char *result);
 
 /**
@@ -173,8 +173,8 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
  *
  * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                             size_t data_size);
 
 
@@ -186,7 +186,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
  * @return the required buffer size
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
 
 
 
@@ -199,7 +199,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
  * @return length of serialized data
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                      char *result);
 
 /**
@@ -210,12 +210,12 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
  *
  * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                        size_t data_size);
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 /**
  * Convert a type name to the corresponding number
@@ -224,7 +224,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
  * @return corresponding number, UINT32_MAX on error
  */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename);
 
 /**
  * Convert human-readable version of a 'claim' of an attribute to the binary
@@ -237,7 +237,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                            const char *s,
                                            void **data,
                                            size_t *data_size);
@@ -251,7 +251,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
  * @return NULL on error, otherwise human-readable representation of the claim
  */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                            const void* data,
                                            size_t data_size);
 
@@ -262,7 +262,7 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
  * @return corresponding typestring, NULL on error
  */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
@@ -273,9 +273,9 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
 #endif
 
 
-/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */
+/* ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H */
 #endif
 
 /** @} */ /* end of group identity */
 
-/* end of gnunet_identity_attribute_lib.h */
+/* end of gnunet_reclaim_attribute_lib.h */
diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_reclaim_attribute_plugin.h
index 7c399c616..cf0bb141a 100644
--- a/src/include/gnunet_identity_attribute_plugin.h
+++ b/src/include/gnunet_reclaim_attribute_plugin.h
@@ -26,11 +26,11 @@
  * Plugin API for the idp database backend
  * @{
  */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
-#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
+#define GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -51,7 +51,7 @@ extern "C"
  * @param data_size number of bytes in @a data
  * @return NULL on error, otherwise human-readable representation of the value
  */
-typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
+typedef char * (*GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction) (void *cls,
                                                           uint32_t type,
                                                           const void *data,
                                                           size_t data_size);
@@ -69,7 +69,7 @@ typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
  * @param data_size set to number of bytes in @a data
  * @return #GNUNET_OK on success
  */
-typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
+typedef int (*GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction) (void *cls,
                                                        uint32_t type,
                                                        const char *s,
                                                        void **data,
@@ -84,7 +84,7 @@ typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
  * @param typename name to convert
  * @return corresponding number, UINT32_MAX on error
  */
-typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
+typedef uint32_t (*GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
                                                                const char *typename);
 
 
@@ -96,7 +96,7 @@ typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cl
  * @param type number of a type to convert
  * @return corresponding typestring, NULL on error
  */
-typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
+typedef const char * (*GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
                                                                    uint32_t type);
 
 
@@ -104,7 +104,7 @@ typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void
  * Each plugin is required to return a pointer to a struct of this
  * type as the return value from its entry point.
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
+struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions
 {
 
   /**
@@ -115,22 +115,22 @@ struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
   /**
    * Conversion to string.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string;
+  GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction value_to_string;
 
   /**
    * Conversion to binary.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value;
+  GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction string_to_value;
 
   /**
    * Typename to number.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
+  GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
 
   /**
    * Number to typename.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
+  GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
 
 };
 
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_reclaim_plugin.h
index 2330066dd..c400af64c 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_reclaim_plugin.h
@@ -22,15 +22,15 @@
  * @file
  * Plugin API for the idp database backend
  *
- * @defgroup identity-provider-plugin  IdP service plugin API
+ * @defgroup reclaim-plugin  IdP service plugin API
  * Plugin API for the idp database backend
  * @{
  */
-#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H
-#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H
+#ifndef GNUNET_RECLAIM_PLUGIN_H
+#define GNUNET_RECLAIM_PLUGIN_H
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -47,15 +47,15 @@ extern "C"
  * @param cls closure
  * @param ticket the ticket
  */
-typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
-                                                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-             const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+typedef void (*GNUNET_RECLAIM_TicketIterator) (void *cls,
+                                                 const struct GNUNET_RECLAIM_Ticket *ticket,
+             const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 
 /**
  * @brief struct returned by the initialization function of the plugin
  */
-struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
+struct GNUNET_RECLAIM_PluginFunctions
 {
 
   /**
@@ -71,8 +71,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
    * @return #GNUNET_OK on success, else #GNUNET_SYSERR
    */
   int (*store_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-      const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
+      const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
   /**
    * Delete a ticket from the database.
@@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
    * @return #GNUNET_OK on success, else #GNUNET_SYSERR
    */
   int (*delete_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                        const struct GNUNET_RECLAIM_Ticket *ticket);
 
 
 
@@ -101,11 +101,11 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
         int audience,
                           uint64_t offset,
-                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls);
+                          GNUNET_RECLAIM_TicketIterator iter, void *iter_cls);
 
   int (*get_ticket_attributes) (void* cls,
-                                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                const struct GNUNET_RECLAIM_Ticket *ticket,
+                                GNUNET_RECLAIM_TicketIterator iter,
                                 void *iter_cls);
 };
 
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_reclaim_service.h
index 0c72556e8..7e668cd62 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_reclaim_service.h
@@ -22,11 +22,11 @@
  * @file
  * Identity provider service; implements identity provider for GNUnet
  *
- * @defgroup identity-provider  Identity Provider service
+ * @defgroup reclaim  Identity Provider service
  * @{
  */
-#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
-#define GNUNET_IDENTITY_PROVIDER_SERVICE_H
+#ifndef GNUNET_RECLAIM_SERVICE_H
+#define GNUNET_RECLAIM_SERVICE_H
 
 #ifdef __cplusplus
 extern "C"
@@ -37,27 +37,27 @@ extern "C"
 #endif
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 
 /**
  * Version number of GNUnet Identity Provider API.
  */
-#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
+#define GNUNET_RECLAIM_VERSION 0x00000000
 
 /**
  * Handle to access the identity service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle;
+struct GNUNET_RECLAIM_Handle;
 
 /**
  * Handle for a token.
  */
-struct GNUNET_IDENTITY_PROVIDER_Token;
+struct GNUNET_RECLAIM_Token;
 
 /**
  * The ticket
  */
-struct GNUNET_IDENTITY_PROVIDER_Ticket
+struct GNUNET_RECLAIM_Ticket
 {
   /**
    * The ticket issuer
@@ -78,7 +78,7 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket
 /**
  * Handle for an operation with the identity provider service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation;
+struct GNUNET_RECLAIM_Operation;
 
 
 /**
@@ -87,8 +87,8 @@ struct GNUNET_IDENTITY_PROVIDER_Operation;
  * @param cfg Configuration to contact the identity provider service.
  * @return handle to communicate with identity provider service
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
 
 /**
  * Continuation called to notify client about result of the
@@ -101,7 +101,7 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
  * @param emsg NULL on success, otherwise an error message
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
+(*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
                                             int32_t success,
                                             const char *emsg);
 
@@ -118,12 +118,12 @@ typedef void
  * @param cont_cls closure for @a cont
  * @return handle to abort the request
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                           const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                           void *cont_cls);
 
 
@@ -135,19 +135,19 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param attr the attribute
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
+(*GNUNET_RECLAIM_AttributeResult) (void *cls,
                                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+                                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
 
 
 
 /**
  * List all attributes for a local identity. 
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
  * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
  *
  * On error (disconnect), @a error_cb will be invoked.
  * On normal completion, @a finish_cb proc will be
@@ -166,36 +166,36 @@ typedef void
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                                void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                                void *proc_cls,
                                                GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                void *finish_cb_cls);
 
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it);
 
 
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it);
 
 
 /**
@@ -207,12 +207,12 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
  * @param ticket the ticket
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
-                            const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+(*GNUNET_RECLAIM_TicketCallback)(void *cls,
+                            const struct GNUNET_RECLAIM_Ticket *ticket);
 
 /**
  * Issues a ticket to another identity. The identity may use
- * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket
+ * GNUNET_RECLAIM_ticket_consume to consume the ticket
  * and retrieve the attributes specified in the AttributeList.
  *
  * @param h the identity provider to use
@@ -223,12 +223,12 @@ typedef void
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                        void *cb_cls);
 
 /**
@@ -242,11 +242,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                         void *cb_cls);
 
 
@@ -262,11 +262,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                          void *cb_cls);
 
 /**
@@ -286,12 +286,12 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                                  void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                  void *proc_cls,
                                                  GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                  void *finish_cb_cls);
@@ -313,34 +313,34 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                     const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                     GNUNET_SCHEDULER_TaskCallback error_cb,
                                                     void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                     void *proc_cls,
                                                     GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                     void *finish_cb_cls);
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it);
 
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it);
 
 /**
  * Disconnect from identity provider service.
@@ -348,7 +348,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
  * @param h identity provider service to disconnect
  */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h);
 
 
 /**
@@ -360,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
  * @param op operation to cancel
  */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op);
 
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
@@ -370,9 +370,9 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
 #endif
 
 
-/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
+/* ifndef GNUNET_RECLAIM_SERVICE_H */
 #endif
 
 /** @} */ /* end of group identity */
 
-/* end of gnunet_identity_provider_service.h */
+/* end of gnunet_reclaim_service.h */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index d7accaf2c..829f8be7e 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -151,12 +151,12 @@ extern "C"
 /**
  * Signature for the first round of distributed key generation.
  */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 22
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 21
 
 /**
  * Signature for the second round of distributed key generation.
  */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 23
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 22
 
 /**
  * Signature for cooperatice decryption.
@@ -181,7 +181,7 @@ extern "C"
 /**
  * Signature for a GNUid Ticket
  */
-#define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27
+#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN 27
 
 /**
  * Signature for a GNUnet credential
diff --git a/src/multicast/gnunet-service-multicast.c b/src/multicast/gnunet-service-multicast.c
index 20d29b906..f8441cc2b 100644
--- a/src/multicast/gnunet-service-multicast.c
+++ b/src/multicast/gnunet-service-multicast.c
@@ -1449,17 +1449,15 @@ check_client_member_join (void *cls,
   struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1];
   uint32_t relay_count = ntohl (msg->relay_count);
 
-  if (0 == relay_count)
+  if (0 != relay_count)
   {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  if (UINT32_MAX / relay_count < sizeof (*relays)){
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                    "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
-              (unsigned long)relay_count,
-              sizeof (*relays));
-      return GNUNET_SYSERR;
+    if (UINT32_MAX / relay_count < sizeof (*relays)){
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                      "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
+                (unsigned long)relay_count,
+                sizeof (*relays));
+        return GNUNET_SYSERR;
+    }
   }
   uint32_t relay_size = relay_count * sizeof (*relays);
   struct GNUNET_MessageHeader *join_msg = NULL;
diff --git a/src/multicast/test_multicast_multipeer.c b/src/multicast/test_multicast_multipeer.c
index 3a7c6d961..7766ff875 100644
--- a/src/multicast/test_multicast_multipeer.c
+++ b/src/multicast/test_multicast_multipeer.c
@@ -160,6 +160,7 @@ notify (void *cls,
 
   *data_size = sizeof (struct pingpong_msg);
   GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
 
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Peer #%u sents ping to origin\n", mc_peer->peer);
@@ -328,6 +329,7 @@ origin_notify (void *cls,
   pp_msg->msg = PONG;
   *data_size = sizeof (struct pingpong_msg);
   GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
 
   GNUNET_log (GNUNET_ERROR_TYPE_INFO, "origin sends pong\n");
 
diff --git a/src/identity-attribute/Makefile.am b/src/reclaim-attribute/Makefile.am
index 2c73a443e..7db2925b1 100644
--- a/src/identity-attribute/Makefile.am
+++ b/src/reclaim-attribute/Makefile.am
@@ -17,28 +17,28 @@ if USE_COVERAGE
 endif
 
 lib_LTLIBRARIES = \
-  libgnunetidentityattribute.la
+  libgnunetreclaimattribute.la
 
-libgnunetidentityattribute_la_SOURCES = \
-  identity_attribute.c
-libgnunetidentityattribute_la_LIBADD = \
+libgnunetreclaimattribute_la_SOURCES = \
+  reclaim_attribute.c
+libgnunetreclaimattribute_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(GN_LIBINTL)
-libgnunetidentityattribute_la_LDFLAGS = \
+libgnunetreclaimattribute_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS) $(WINFLAGS) \
   -version-info 0:0:0
 
 
 plugin_LTLIBRARIES = \
-  libgnunet_plugin_identity_attribute_gnuid.la
+  libgnunet_plugin_reclaim_attribute_gnuid.la
 
 
-libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \
-  plugin_identity_attribute_gnuid.c
-libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_SOURCES = \
+  plugin_reclaim_attribute_gnuid.c
+libgnunet_plugin_reclaim_attribute_gnuid_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LTLIBINTL)
-libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 
diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
index c09b167f5..48afc0732 100644
--- a/src/identity-attribute/plugin_identity_attribute_gnuid.c
+++ b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
@@ -17,7 +17,7 @@
 */
 
 /**
- * @file identity-attribute/plugin_identity_attribute_gnuid.c
+ * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c
  * @brief identity attribute plugin to provide the API for fundamental 
  *                 attribute types.
  *
@@ -25,7 +25,7 @@
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 #include <inttypes.h>
 
 
@@ -47,7 +47,7 @@ gnuid_value_to_string (void *cls,
 
   switch (type)
   {
-  case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+  case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
     return GNUNET_strndup (data, data_size);
   default:
     return NULL;
@@ -78,7 +78,7 @@ gnuid_string_to_value (void *cls,
   switch (type)
   {
 
-    case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+    case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
       *data = GNUNET_strdup (s);
       *data_size = strlen (s);
       return GNUNET_OK;
@@ -96,7 +96,7 @@ static struct {
   const char *name;
   uint32_t number;
 } gnuid_name_map[] = {
-  { "STRING",  GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING },
+  { "STRING",  GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING },
   { NULL, UINT32_MAX }
 };
 
@@ -151,11 +151,11 @@ gnuid_number_to_typename (void *cls,
  * @return the exported block API
  */
 void *
-libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_init (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
 
-  api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions);
   api->value_to_string = &gnuid_value_to_string;
   api->string_to_value = &gnuid_string_to_value;
   api->typename_to_number = &gnuid_typename_to_number;
@@ -171,12 +171,12 @@ libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
  * @return NULL
  */
 void *
-libgnunet_plugin_identity_attribute_gnuid_done (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_done (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = cls;
 
   GNUNET_free (api);
   return NULL;
 }
 
-/* end of plugin_identity_attribute_type_gnuid.c */
+/* end of plugin_reclaim_attribute_type_gnuid.c */
diff --git a/src/identity-attribute/identity_attribute.c b/src/reclaim-attribute/reclaim_attribute.c
index 7d47c46a7..74d668ea8 100644
--- a/src/identity-attribute/identity_attribute.c
+++ b/src/reclaim-attribute/reclaim_attribute.c
@@ -17,14 +17,14 @@
  */
 
 /**
- * @file identity-attribute/identity_attribute.c
+ * @file reclaim-attribute/reclaim_attribute.c
  * @brief helper library to manage identity attributes
  * @author Martin Schanzenbach
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "identity_attribute.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "reclaim_attribute.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 
 /**
  * Handle for a plugin
@@ -39,7 +39,7 @@ struct Plugin
   /**
    * Plugin API
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
 };
 
 /**
@@ -65,7 +65,7 @@ add_plugin (void* cls,
             const char *library_name,
             void *lib_ret)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = lib_ret;
   struct Plugin *plugin;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -86,7 +86,7 @@ init()
   if (GNUNET_YES == initialized)
     return;
   initialized = GNUNET_YES;
-  GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL,
+  GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attribute_", NULL,
                           &add_plugin, NULL);
 }
 
@@ -97,7 +97,7 @@ init()
  * @return corresponding number, UINT32_MAX on error
  */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename)
 {
   unsigned int i;
   struct Plugin *plugin;
@@ -121,7 +121,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
  * @return corresponding typestring, NULL on error
  */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type)
 {
   unsigned int i;
   struct Plugin *plugin;
@@ -149,7 +149,7 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                            const char *s,
                                            void **data,
                                            size_t *data_size)
@@ -180,7 +180,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
  * @return NULL on error, otherwise human-readable representation of the claim
  */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                            const void* data,
                                            size_t data_size)
 {
@@ -210,16 +210,16 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
  * @param data_size the attribute value size
  * @return the new attribute
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
                uint32_t type,
                const void* data,
                size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
   char *write_ptr;
 
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) +
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) +
                         strlen (attr_name) + 1 +
                         data_size);
   attr->type = type;
@@ -249,15 +249,15 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
  * @return
  */
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *claim_list,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *claim_list,
                                     const char* attr_name,
                                     uint32_t type,
                                     const void* data,
                                     size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
                                                type,
                                                data,
                                                data_size);
@@ -267,20 +267,20 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
-    len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    len += GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
   return len; 
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                           char *result)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t len;
   size_t total_len;
   char* write_ptr;
@@ -289,7 +289,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
   total_len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim,
+    len = GNUNET_RECLAIM_ATTRIBUTE_serialize (le->claim,
                                write_ptr);
     total_len += len;
     write_ptr += len;
@@ -297,49 +297,49 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
   return total_len;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t attr_len;
   const char* read_ptr;
 
   if (data_size < sizeof (struct Attribute))
     return NULL;
   
-  attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   read_ptr = data;
   while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
   {
 
-    le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-    le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr,
+    le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+    le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (read_ptr,
                                            data_size - (read_ptr - data));
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Deserialized attribute %s\n", le->claim->name);
     GNUNET_CONTAINER_DLL_insert (attrs->list_head,
                                  attrs->list_tail,
                                  le);
-    attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
     read_ptr += attr_len;
   }
   return attrs;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *result_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *result;
 
-  result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  result = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-    result_le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (le->claim->name,
+    result_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+    result_le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (le->claim->name,
                                                      le->claim->type,
                                                      le->claim->data,
                                                      le->claim->data_size);
@@ -352,10 +352,10 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *tmp_le;
 
   for (le = attrs->list_head; NULL != le;)
   {
@@ -369,7 +369,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimLi
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   return sizeof (struct Attribute) 
     + strlen (attr->name)
@@ -377,7 +377,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                      char *result)
 {
   size_t data_len_ser;
@@ -403,11 +403,11 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
   return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
   struct Attribute *attr_ser;
   size_t data_len;
   size_t name_len;
@@ -419,7 +419,7 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
   attr_ser = (struct Attribute*)data;
   data_len = ntohs (attr_ser->data_size);
   name_len = ntohs (attr_ser->name_len);
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim)
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim)
                         + data_len + name_len + 1);
   attr->type = ntohs (attr_ser->attribute_type);
   attr->version = ntohl (attr_ser->attribute_version);
@@ -441,4 +441,4 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
 
 }
 
-/* end of identity_attribute.c */
+/* end of reclaim_attribute.c */
diff --git a/src/identity-attribute/identity_attribute.h b/src/reclaim-attribute/reclaim_attribute.h
index 2346dcde1..746d32980 100644
--- a/src/identity-attribute/identity_attribute.h
+++ b/src/reclaim-attribute/reclaim_attribute.h
@@ -17,14 +17,14 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file identity-attribute/identity_attribute.h
- * @brief GNUnet Identity attributes
+ * @file reclaim-attribute/reclaim_attribute.h
+ * @brief GNUnet reclaim identity attributes
  *
  */
-#ifndef IDENTITY_ATTRIBUTE_H
-#define IDENTITY_ATTRIBUTE_H
+#ifndef RECLAIM_ATTRIBUTE_H
+#define RECLAIM_ATTRIBUTE_H
 
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 
 struct Attribute
 {
diff --git a/src/identity-provider/.gitignore b/src/reclaim/.gitignore
index ef77fccdc..ef77fccdc 100644
--- a/src/identity-provider/.gitignore
+++ b/src/reclaim/.gitignore
diff --git a/src/identity-provider/Makefile.am b/src/reclaim/Makefile.am
index 2eb699542..2ee43d21a 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -13,12 +13,12 @@ if USE_COVERAGE
 endif
 
 if HAVE_SQLITE
-SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la
+SQLITE_PLUGIN = libgnunet_plugin_reclaim_sqlite.la
 endif
 
 EXTRA_DIST = \
-  test_idp_defaults.conf \
-        test_idp.conf \
+  test_reclaim_defaults.conf \
+        test_reclaim.conf \
         $(check_SCRIPTS)
 
 pkgcfgdir= $(pkgdatadir)/config.d/
@@ -26,46 +26,46 @@ pkgcfgdir= $(pkgdatadir)/config.d/
 libexecdir= $(pkglibdir)/libexec/
 
 pkgcfg_DATA = \
-  identity-provider.conf
+  reclaim.conf
 
 lib_LTLIBRARIES = \
-  libgnunetidentityprovider.la
+  libgnunetreclaim.la
 plugin_LTLIBRARIES = \
-        libgnunet_plugin_rest_identity_provider.la \
+        libgnunet_plugin_rest_reclaim.la \
         libgnunet_plugin_rest_openid_connect.la \
-  libgnunet_plugin_gnsrecord_identity_provider.la \
+  libgnunet_plugin_gnsrecord_reclaim.la \
         $(SQLITE_PLUGIN)
 
 bin_PROGRAMS = \
- gnunet-idp
+ gnunet-reclaim
 
 libexec_PROGRAMS = \
- gnunet-service-identity-provider
+ gnunet-service-reclaim
 
-libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \
-  plugin_gnsrecord_identity_provider.c
-libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \
+libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \
+  plugin_gnsrecord_reclaim.c
+libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LTLIBINTL)
-libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
-libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \
-  plugin_identity_provider_sqlite.c
-libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \
-  libgnunetidentityprovider.la  \
+libgnunet_plugin_reclaim_sqlite_la_SOURCES = \
+  plugin_reclaim_sqlite.c
+libgnunet_plugin_reclaim_sqlite_la_LIBADD = \
+  libgnunetreclaim.la  \
   $(top_builddir)/src/sq/libgnunetsq.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
   $(LTLIBINTL)
-libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
+libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 
 
-gnunet_service_identity_provider_SOURCES = \
- gnunet-service-identity-provider.c
-gnunet_service_identity_provider_LDADD = \
+gnunet_service_reclaim_SOURCES = \
+ gnunet-service-reclaim.c
+gnunet_service_reclaim_LDADD = \
  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(top_builddir)/src/namestore/libgnunetnamestore.la \
@@ -73,66 +73,67 @@ gnunet_service_identity_provider_LDADD = \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
  $(top_builddir)/src/abe/libgnunetabe.la \
  $(top_builddir)/src/credential/libgnunetcredential.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- libgnunetidentityprovider.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ libgnunetreclaim.la \
  $(top_builddir)/src/gns/libgnunetgns.la \
  $(GN_LIBINTL)
 
-libgnunetidentityprovider_la_SOURCES = \
- identity_provider_api.c \
- identity_provider.h
-libgnunetidentityprovider_la_LIBADD = \
+libgnunetreclaim_la_SOURCES = \
+ reclaim_api.c \
+ reclaim.h
+libgnunetreclaim_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
         $(GN_LIBINTL) $(XLIB)
-libgnunetidentityprovider_la_LDFLAGS = \
+libgnunetreclaim_la_LDFLAGS = \
         $(GN_LIB_LDFLAGS)  $(WINFLAGS) \
         -version-info 0:0:0
 
-libgnunet_plugin_rest_identity_provider_la_SOURCES = \
-  plugin_rest_identity_provider.c \
-        jwt.c
-libgnunet_plugin_rest_identity_provider_la_LIBADD = \
+libgnunet_plugin_rest_reclaim_la_SOURCES = \
+  plugin_rest_reclaim.c
+libgnunet_plugin_rest_reclaim_la_LIBADD = \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/rest/libgnunetrest.la \
         $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson -lmicrohttpd
-libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_rest_reclaim_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 libgnunet_plugin_rest_openid_connect_la_SOURCES = \
   plugin_rest_openid_connect.c \
-        jwt.c
+        oidc_helper.c
 libgnunet_plugin_rest_openid_connect_la_LIBADD = \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/rest/libgnunetrest.la \
         $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
+        $(top_builddir)/src/gns/libgnunetgns.la \
+        $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson -lmicrohttpd
 libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
-gnunet_idp_SOURCES = \
- gnunet-idp.c
-gnunet_idp_LDADD = \
+gnunet_reclaim_SOURCES = \
+ gnunet-reclaim.c
+gnunet_reclaim_LDADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
   $(GN_LIBINTL)
 
 check_SCRIPTS = \
-        test_idp_attribute.sh \
-        test_idp_issue.sh \
-        test_idp_consume.sh \
-  test_idp_revoke.sh
+        test_reclaim_attribute.sh \
+        test_reclaim_issue.sh \
+        test_reclaim_consume.sh \
+  test_reclaim_revoke.sh
 
 if ENABLE_TEST_RUN
  AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
diff --git a/src/identity-provider/gnunet-idp.c b/src/reclaim/gnunet-reclaim.c
index 79e4f8d27..9947eac6d 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/reclaim/gnunet-reclaim.c
@@ -17,7 +17,7 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-idp.c
+ * @file src/reclaim/gnunet-reclaim.c
  * @brief Identity Provider utility
  *
  */
@@ -25,7 +25,7 @@
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include "gnunet_namestore_service.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_signatures.h"
 
@@ -85,19 +85,19 @@ static char* ego_name;
 static struct GNUNET_IDENTITY_Handle *identity_handle;
 
 /**
- * IdP handle
+ * reclaim handle
  */
-static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle;
+static struct GNUNET_RECLAIM_Handle *reclaim_handle;
 
 /**
- * IdP operation
+ * reclaim operation
  */
-static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+static struct GNUNET_RECLAIM_Operation *reclaim_op;
 
 /**
  * Attribute iterator
  */
-static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator;
+static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator;
 
 /**
  * Master ABE key
@@ -117,12 +117,12 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
 /**
  * Ticket to consume
  */
-static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+static struct GNUNET_RECLAIM_Ticket ticket;
 
 /**
  * Attribute list
  */
-static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+static struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
 /**
  * Attribute expiration interval
@@ -139,12 +139,12 @@ do_cleanup(void *cls)
 {
   if (NULL != timeout)
     GNUNET_SCHEDULER_cancel (timeout);
-  if (NULL != idp_op)
-    GNUNET_IDENTITY_PROVIDER_cancel (idp_op);
+  if (NULL != reclaim_op)
+    GNUNET_RECLAIM_cancel (reclaim_op);
   if (NULL != attr_iterator)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator);
-  if (NULL != idp_handle)
-    GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle);
+    GNUNET_RECLAIM_get_attributes_stop (attr_iterator);
+  if (NULL != reclaim_handle)
+    GNUNET_RECLAIM_disconnect (reclaim_handle);
   if (NULL != identity_handle)
     GNUNET_IDENTITY_disconnect (identity_handle);
   if (NULL != abe_key)
@@ -155,13 +155,13 @@ do_cleanup(void *cls)
 
 static void
 ticket_issue_cb (void* cls,
-                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                 const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   char* ticket_str;
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (NULL != ticket) {
     ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
-                                                      sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                      sizeof (struct GNUNET_RECLAIM_Ticket));
     printf("%s\n",
            ticket_str);
     GNUNET_free (ticket_str);
@@ -174,7 +174,7 @@ store_attr_cont (void *cls,
                  int32_t success,
                  const char*emsg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (GNUNET_SYSERR == success) {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "%s\n", emsg);
@@ -185,12 +185,12 @@ store_attr_cont (void *cls,
 static void
 process_attrs (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   char *value_str;
   if (NULL == identity)
   {
-    idp_op = NULL;
+    reclaim_op = NULL;
     GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
     return;
   }
@@ -199,9 +199,9 @@ process_attrs (void *cls,
     ret = 1;
     return;
   }
-  value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
-                                                     attr->data,
-                                                     attr->data_size);
+  value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+                                                        attr->data,
+                                                        attr->data_size);
   GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
               "%s: %s\n", attr->name, value_str);
 }
@@ -229,7 +229,7 @@ timeout_task (void *cls)
 static void
 process_rvk (void *cls, int success, const char* msg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (GNUNET_OK != success)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
@@ -242,7 +242,7 @@ process_rvk (void *cls, int success, const char* msg)
 static void
 iter_finished (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
   char *data;
   size_t data_size;
   int type;
@@ -256,21 +256,21 @@ iter_finished (void *cls)
 
   if (issue_attrs)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
-                                                    pkey,
-                                                    &rp_key,
-                                                    attr_list,
-                                                    &ticket_issue_cb,
-                                                    NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle,
+                                              pkey,
+                                              &rp_key,
+                                              attr_list,
+                                              &ticket_issue_cb,
+                                              NULL);
     return;
   }
   if (consume_ticket)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
-                                                      pkey,
-                                                      &ticket,
-                                                      &process_attrs,
-                                                      NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle,
+                                                pkey,
+                                                &ticket,
+                                                &process_attrs,
+                                                NULL);
     timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
                                             &timeout_task,
                                             NULL);
@@ -278,34 +278,34 @@ iter_finished (void *cls)
   }
   if (revoke_ticket)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
-                                                     pkey,
-                                                     &ticket,
-                                                     &process_rvk,
-                                                     NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle,
+                                               pkey,
+                                               &ticket,
+                                               &process_rvk,
+                                               NULL);
     return;
   }
   if (attr_name)
   {
     if (NULL == type_str)
-      type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING;
+      type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING;
     else
-      type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str);
+      type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str);
 
-    GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type,
-                                                                               attr_value,
-                                                                               (void**)&data,
-                                                                               &data_size));
-    claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+    GNUNET_assert (GNUNET_SYSERR != GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type,
+                                                                              attr_value,
+                                                                              (void**)&data,
+                                                                              &data_size));
+    claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
                                                  type,
                                                  data,
                                                  data_size);
-    idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
-                                                       pkey,
-                                                       claim,
-                                                       &exp_interval,
-                                                       &store_attr_cont,
-                                                       NULL);
+    reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle,
+                                                 pkey,
+                                                 claim,
+                                                 &exp_interval,
+                                                 &store_attr_cont,
+                                                 NULL);
     return;
   }
   GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
@@ -314,9 +314,9 @@ iter_finished (void *cls)
 static void
 iter_cb (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char *attrs_tmp;
   char *attr_str;
 
@@ -329,11 +329,11 @@ iter_cb (void *cls,
         attr_str = strtok (NULL, ",");
         continue;
       }
-      le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-      le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
-                                                       attr->type,
-                                                       attr->data,
-                                                       attr->data_size);
+      le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+      le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+                                                      attr->type,
+                                                      attr->data,
+                                                      attr->data_size);
       GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
                                    attr_list->list_tail,
                                    le);
@@ -344,7 +344,7 @@ iter_cb (void *cls,
     GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
                 "%s: %s\n", attr->name, (char*)attr->data);
   }
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator);
+  GNUNET_RECLAIM_get_attributes_next (attr_iterator);
 }
 
 static void
@@ -365,24 +365,24 @@ ego_iter_finished (void *cls)
     GNUNET_STRINGS_string_to_data (consume_ticket,
                                    strlen (consume_ticket),
                                    &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
   if (NULL != revoke_ticket)
     GNUNET_STRINGS_string_to_data (revoke_ticket,
                                    strlen (revoke_ticket),
                                    &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
 
 
-  attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
 
-  attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
-                                                                 pkey,
-                                                                 &iter_error,
-                                                                 NULL,
-                                                                 &iter_cb,
-                                                                 NULL,
-                                                                 &iter_finished,
-                                                                 NULL);
+  attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle,
+                                                       pkey,
+                                                       &iter_error,
+                                                       NULL,
+                                                       &iter_cb,
+                                                       NULL,
+                                                       &iter_finished,
+                                                       NULL);
 
 
 }
@@ -439,7 +439,7 @@ run (void *cls,
     return;
   }
 
-  idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c);
+  reclaim_handle = GNUNET_RECLAIM_connect (c);
   //Get Ego
   identity_handle = GNUNET_IDENTITY_connect (c,
                                              &ego_cb,
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/reclaim/gnunet-service-reclaim.c
index c53e72477..bf8780a92 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/reclaim/gnunet-service-reclaim.c
@@ -17,8 +17,8 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-service-identity-provider.c
- * @brief Identity Token Service
+ * @file src/reclaim/gnunet-service-reclaim.c
+ * @brief reclaim Service
  *
  */
 #include "platform.h"
@@ -32,10 +32,10 @@
 #include "gnunet_credential_service.h"
 #include "gnunet_statistics_service.h"
 #include "gnunet_gns_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_signatures.h"
-#include "identity_provider.h"
+#include "reclaim.h"
 
 /**
  * First pass state
@@ -65,7 +65,7 @@ static struct GNUNET_IDENTITY_Handle *identity_handle;
 /**
  * Database handle
  */
-static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database;
+static struct GNUNET_RECLAIM_PluginFunctions *TKT_database;
 
 /**
  * Name of DB plugin
@@ -396,7 +396,7 @@ struct AttributeStoreHandle
   /**
    * The attribute to store
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
 
   /**
    * The attribute expiration interval
@@ -433,7 +433,7 @@ struct ConsumeTicketHandle
   /**
    * Ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * LookupRequest
@@ -473,7 +473,7 @@ struct ConsumeTicketHandle
   /**
    * Attributes
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
   
   /**
    * Lookup time
@@ -535,12 +535,12 @@ struct TicketRevocationHandle
   /**
    * Attributes to reissue
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Attributes to revoke
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *rvk_attrs;
 
   /**
    * Issuer Key
@@ -550,7 +550,7 @@ struct TicketRevocationHandle
   /**
    * Ticket to issue
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * QueueEntry
@@ -603,7 +603,7 @@ struct TicketIssueHandle
   /**
    * Attributes to issue
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Issuer Key
@@ -613,7 +613,7 @@ struct TicketIssueHandle
   /**
    * Ticket to issue
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * QueueEntry
@@ -861,7 +861,7 @@ static void
 cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 {
   if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
   if (NULL != handle->ns_qe)
     GNUNET_NAMESTORE_cancel (handle->ns_qe);
   GNUNET_free (handle);
@@ -871,12 +871,12 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 static void
 send_ticket_result (struct IdpClient *client,
                     uint32_t r_id,
-                    const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                    const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                    const struct GNUNET_RECLAIM_Ticket *ticket,
+                    const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketResultMessage *irm;
   struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf;
+  struct GNUNET_RECLAIM_Ticket *ticket_buf;
 
   /* store ticket in DB */
   if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
@@ -889,9 +889,9 @@ send_ticket_result (struct IdpClient *client,
   }
 
   env = GNUNET_MQ_msg_extra (irm,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
-  ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1];
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
+                             GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
+  ticket_buf = (struct GNUNET_RECLAIM_Ticket *)&irm[1];
   *ticket_buf = *ticket;
   irm->id = htonl (r_id);
   GNUNET_MQ_send (client->mq,
@@ -927,14 +927,14 @@ store_ticket_issue_cont (void *cls,
 
 
 int
-serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                        const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+serialize_abe_keyinfo2 (const struct GNUNET_RECLAIM_Ticket *ticket,
+                        const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                         const struct GNUNET_ABE_AbeKey *rp_key,
                         struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
                         char **result)
 {
   struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char *enc_keyinfo;
   char *serialized_key;
   char *buf;
@@ -1009,7 +1009,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                   struct GNUNET_ABE_AbeMasterKey *abe_key)
 {
   struct TicketIssueHandle *ih = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_ABE_AbeKey *rp_key;
@@ -1101,7 +1101,7 @@ handle_issue_ticket_message (void *cls,
 
   ih = GNUNET_new (struct TicketIssueHandle);
   attrs_len = ntohs (im->attr_len);
-  ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
+  ih->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
   ih->r_id = ntohl (im->id);
   ih->client = idp;
   ih->identity = im->identity;
@@ -1132,9 +1132,9 @@ static void
 cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh)
 {
   if (NULL != rh->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->attrs);
   if (NULL != rh->rvk_attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->rvk_attrs);
   if (NULL != rh->abe_key)
     GNUNET_ABE_cpabe_delete_master_key (rh->abe_key);
   if (NULL != rh->ns_qe)
@@ -1157,9 +1157,12 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
 {
   struct GNUNET_MQ_Envelope *env;
   struct RevokeTicketResultMessage *trm;
+  
+  GNUNET_break(TKT_database->delete_ticket (TKT_database->cls,
+                                            &rh->ticket));
 
   env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT);
   trm->id = htonl (rh->r_id);
   trm->success = htonl (success);
   GNUNET_MQ_send (rh->client->mq,
@@ -1179,8 +1182,8 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
  */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 static void
 revocation_reissue_tickets (struct TicketRevocationHandle *rh);
@@ -1206,9 +1209,6 @@ reissue_ticket_cont (void *cls,
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
                 "Unknown Error\n");
     send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1226,12 +1226,12 @@ reissue_ticket_cont (void *cls,
  */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le_rollover;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_ABE_AbeKey *rp_key;
@@ -1258,9 +1258,18 @@ ticket_reissue_proc (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Do not reissue for this identity.!\n");
-
-    rh->offset++;
-    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
+    label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd,
+                                                 sizeof (uint64_t));
+    //Delete record
+    rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                                &rh->identity,
+                                                label,
+                                                0,
+                                                NULL,
+                                                &reissue_ticket_cont,
+                                                rh);
+
+    GNUNET_free (label);
     return;
   }
 
@@ -1374,9 +1383,6 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
   if (GNUNET_NO == ret)
   {
     send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1391,10 +1397,8 @@ check_attr_error (void *cls)
   struct TicketRevocationHandle *rh = cls;
   GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
               "Unable to check for existing attribute\n");
+  rh->ns_qe = NULL;
   send_revocation_finished (rh, GNUNET_SYSERR);
-  GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
   cleanup_revoke_ticket_handle (rh);
 }
 
@@ -1426,15 +1430,16 @@ check_attr_cb (void *cls,
   char* policy;
   uint32_t attr_ver;
 
+  rh->ns_qe = NULL;
   if (1 != rd_count) {
     GNUNET_SCHEDULER_add_now (&reenc_next_attribute,
                               rh);
     return;
   }
 
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
   buf = GNUNET_malloc (buf_size);
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
                                        buf);
   rh->attrs->list_head->claim->version++;
   GNUNET_asprintf (&policy, "%s_%lu",
@@ -1458,9 +1463,6 @@ check_attr_cb (void *cls,
                 policy);
     GNUNET_free (policy);
     send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1525,8 +1527,9 @@ attr_reenc_cont (void *cls,
                  const char *emsg)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
 
+  rh->ns_qe = NULL;
   if (GNUNET_SYSERR == success)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -1558,12 +1561,12 @@ attr_reenc_cont (void *cls,
 
 static void
 process_attributes_to_update (void *cls,
-                              const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                              const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                              const struct GNUNET_RECLAIM_Ticket *ticket,
+                              const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
 
-  rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs);
+  rh->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_dup (attrs);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Revocation Phase I: Collecting attributes\n");
   /* Reencrypt all attributes with new key */
@@ -1571,9 +1574,6 @@ process_attributes_to_update (void *cls,
   {
     /* No attributes to reencrypt */
     send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   } else {
@@ -1621,11 +1621,11 @@ handle_revoke_ticket_message (void *cls,
 {
   struct TicketRevocationHandle *rh;
   struct IdpClient *idp = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
 
   rh = GNUNET_new (struct TicketRevocationHandle);
-  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
-  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  ticket = (struct GNUNET_RECLAIM_Ticket*)&rm[1];
+  rh->rvk_attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   rh->ticket = *ticket;
   rh->r_id = ntohl (rm->id);
   rh->client = idp;
@@ -1667,7 +1667,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
     GNUNET_ABE_cpabe_delete_key (handle->key,
                                  GNUNET_YES);
   if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
   GNUNET_free (handle);
 }
 
@@ -1698,7 +1698,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   struct ConsumeTicketHandle *handle = parallel_lookup->handle;
   struct ConsumeTicketResultMessage *crm;
   struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le;
   struct GNUNET_TIME_Absolute decrypt_duration;
   char *data;
   char *data_tmp;
@@ -1741,8 +1741,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                 1,
                                 GNUNET_YES);
 
-      attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-      attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data,
+      attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+      attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (data,
                                                               attr_len);
       attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
       GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
@@ -1766,15 +1766,15 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   }
 
   GNUNET_SCHEDULER_cancel (handle->kill_task);
-  attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs);
+  attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (handle->attrs);
   env = GNUNET_MQ_msg_extra (crm,
                              attrs_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT);
   crm->id = htonl (handle->r_id);
   crm->attrs_len = htons (attrs_len);
   crm->identity = handle->ticket.identity;
   data_tmp = (char *) &crm[1];
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (handle->attrs,
                                             data_tmp);
   GNUNET_MQ_send (handle->client->mq, env);
   GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
@@ -1805,7 +1805,7 @@ abort_parallel_lookups2 (void *cls)
     lu = tmp;
   }
   env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (handle->r_id);
   arm->attr_len = htons (0);
   GNUNET_MQ_send (handle->client->mq, env);
@@ -1918,10 +1918,10 @@ handle_consume_ticket_message (void *cls,
   ch->r_id = ntohl (cm->id);
   ch->client = idp;
   ch->identity = cm->identity;
-  ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  ch->attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
                                       &ch->identity_pub);
-  ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
+  ch->ticket = *((struct GNUNET_RECLAIM_Ticket*)&cm[1]);
   rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
                                                    sizeof (uint64_t));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1967,7 +1967,7 @@ attr_store_cont (void *cls,
   struct AttributeStoreHandle *as_handle = cls;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeStoreResultMessage *acr_msg;
-  
+
   as_handle->ns_qe = NULL;
   GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
                                as_handle->client->store_op_tail,
@@ -1986,7 +1986,7 @@ attr_store_cont (void *cls,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Sending ATTRIBUTE_STORE_RESPONSE message\n");
   env = GNUNET_MQ_msg (acr_msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE);
   acr_msg->id = htonl (as_handle->r_id);
   acr_msg->op_result = htonl (GNUNET_OK);
   GNUNET_MQ_send (as_handle->client->mq,
@@ -2009,10 +2009,10 @@ attr_store_task (void *cls)
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Storing attribute\n");
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (as_handle->claim);
   buf = GNUNET_malloc (buf_size);
 
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (as_handle->claim,
                                        buf);
 
   GNUNET_asprintf (&policy,
@@ -2111,7 +2111,7 @@ handle_attribute_store_message (void *cls,
   data_len = ntohs (sam->attr_len);
 
   as_handle = GNUNET_new (struct AttributeStoreHandle);
-  as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1],
+  as_handle->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&sam[1],
                                                             data_len);
 
   as_handle->r_id = ntohl (sam->id);
@@ -2158,7 +2158,7 @@ attr_iter_finished (void *cls)
   struct AttributeResultMessage *arm;
 
   env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (ai->request_id);
   arm->attr_len = htons (0);
   GNUNET_MQ_send (ai->client->mq, env);
@@ -2189,14 +2189,14 @@ attr_iter_cb (void *cls,
   if (rd_count != 1)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
 
   if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
   attr_ver = ntohl(*((uint32_t*)rd->data));
@@ -2213,7 +2213,7 @@ attr_iter_cb (void *cls,
   if (GNUNET_SYSERR == msg_extra_len)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
 
@@ -2224,7 +2224,7 @@ attr_iter_cb (void *cls,
               "Found attribute: %s\n", label);
   env = GNUNET_MQ_msg_extra (arm,
                              msg_extra_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (ai->request_id);
   arm->attr_len = htons (msg_extra_len);
   GNUNET_CRYPTO_ecdsa_key_get_public (zone,
@@ -2264,7 +2264,7 @@ iterate_next_after_abe_bootstrap (void *cls,
   struct AttributeIterator *ai = cls;
   ai->abe_key = abe_key;
   GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                       1);
+                                       1);
 }
 
 
@@ -2406,8 +2406,8 @@ cleanup_ticket_iter_handle (struct TicketIteration *ti)
  */
 static void
 ticket_iterate_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketIterationProcResult *proc = cls;
 
@@ -2467,7 +2467,7 @@ run_ticket_iteration_round (struct TicketIteration *ti)
   }
   /* send empty response to indicate end of list */
   env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
   trm->id = htonl (ti->r_id);
   GNUNET_MQ_send (ti->client->mq,
                   env);
@@ -2572,7 +2572,7 @@ run (void *cls,
   char *database;
   cfg = c;
 
-  stats = GNUNET_STATISTICS_create ("identity-provider", cfg);
+  stats = GNUNET_STATISTICS_create ("reclaim", cfg);
 
   //Connect to identity and namestore services
   ns_handle = GNUNET_NAMESTORE_connect (cfg);
@@ -2597,13 +2597,13 @@ run (void *cls,
   /* Loading DB plugin */
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
-                                             "identity-provider",
+                                             "reclaim",
                                              "database",
                                              &database))
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "No database backend configured\n");
   GNUNET_asprintf (&db_lib_name,
-                   "libgnunet_plugin_identity_provider_%s",
+                   "libgnunet_plugin_reclaim_%s",
                    database);
   TKT_database = GNUNET_PLUGIN_load (db_lib_name,
                                      (void *) cfg);
@@ -2619,7 +2619,7 @@ run (void *cls,
 
   if (GNUNET_OK ==
       GNUNET_CONFIGURATION_get_value_time (cfg,
-                                           "identity-provider",
+                                           "reclaim",
                                            "TOKEN_EXPIRATION_INTERVAL",
                                            &token_expiration_interval))
   {
@@ -2736,51 +2736,51 @@ client_connect_cb (void *cls,
  * Define "main" method using service macro.
  */
 GNUNET_SERVICE_MAIN
-("identity-provider",
+("reclaim",
  GNUNET_SERVICE_OPTION_NONE,
  &run,
  &client_connect_cb,
  &client_disconnect_cb,
  NULL,
  GNUNET_MQ_hd_var_size (attribute_store_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE,
                         struct AttributeStoreMessage,
                         NULL),
  GNUNET_MQ_hd_fixed_size (iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START,
                           struct AttributeIterationStartMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT,
                           struct AttributeIterationNextMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP,
                           struct AttributeIterationStopMessage,
                           NULL),
  GNUNET_MQ_hd_var_size (issue_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET,
                         struct IssueTicketMessage,
                         NULL),
  GNUNET_MQ_hd_var_size (consume_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET,
                         struct ConsumeTicketMessage,
                         NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START,
                           struct TicketIterationStartMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT,
                           struct TicketIterationNextMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP,
                           struct TicketIterationStopMessage,
                           NULL),
  GNUNET_MQ_hd_var_size (revoke_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET,
                         struct RevokeTicketMessage,
                         NULL),
  GNUNET_MQ_handler_end());
-/* end of gnunet-service-identity-provider.c */
+/* end of gnunet-service-reclaim.c */
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/src/reclaim/jwt.c
@@ -0,0 +1 @@
+
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
new file mode 100644
index 000000000..1e9e64fec
--- /dev/null
+++ b/src/reclaim/oidc_helper.c
@@ -0,0 +1,440 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.c
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "oidc_helper.h"
+
+static char*
+create_jwt_header(void)
+{
+  json_t *root;
+  char *json_str;
+
+  root = json_object ();
+  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
+
+  json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root);
+  return json_str;
+}
+
+static void
+replace_char(char* str, char find, char replace){
+  char *current_pos = strchr(str,find);
+  while (current_pos){
+    *current_pos = replace;
+    current_pos = strchr(current_pos,find);
+  }
+}
+
+//RFC4648
+static void
+fix_base64(char* str) {
+  char *padding;
+  //First, remove trailing padding '='
+  padding = strtok(str, "=");
+  while (NULL != padding)
+    padding = strtok(NULL, "=");
+
+  //Replace + with -
+  replace_char (str, '+', '-');
+
+  //Replace / with _
+  replace_char (str, '/', '_');
+
+}
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key)
+{
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_HashCode signature;
+  struct GNUNET_TIME_Absolute exp_time;
+  struct GNUNET_TIME_Absolute time_now;
+  char* audience;
+  char* subject;
+  char* header;
+  char* body_str;
+  char* result;
+  char* header_base64;
+  char* body_base64;
+  char* signature_target;
+  char* signature_base64;
+  char* attr_val_str;
+  json_t* body;
+
+  //iat REQUIRED time now
+  time_now = GNUNET_TIME_absolute_get();
+  //exp REQUIRED time expired from config
+  exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
+  //auth_time only if max_age
+  //nonce only if nonce
+  // OPTIONAL acr,amr,azp
+  subject = GNUNET_STRINGS_data_to_string_alloc (sub_key,
+                                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  header = create_jwt_header ();
+  body = json_object ();
+
+  //iss REQUIRED case sensitive server uri with https
+  //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid)
+  json_object_set_new (body,
+                       "iss", json_string (SERVER_ADDRESS));
+  //sub REQUIRED public key identity, not exceed 255 ASCII  length
+  json_object_set_new (body,
+                       "sub", json_string (subject));
+  //aud REQUIRED public key client_id must be there
+  json_object_set_new (body,
+                       "aud", json_string (audience));
+  //iat
+  json_object_set_new (body,
+                       "iat", json_integer (time_now.abs_value_us / (1000*1000)));
+  //exp
+  json_object_set_new (body,
+                       "exp", json_integer (exp_time.abs_value_us / (1000*1000)));
+  //nbf
+  json_object_set_new (body,
+                       "nbf", json_integer (time_now.abs_value_us / (1000*1000)));
+  //nonce
+  if (NULL != nonce)
+    json_object_set_new (body,
+                         "nonce", json_string (nonce));
+
+  for (le = attrs->list_head; NULL != le; le = le->next)
+  {
+    attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
+                                                             le->claim->data,
+                                                             le->claim->data_size);
+    json_object_set_new (body,
+                         le->claim->name,
+                         json_string (attr_val_str));
+    GNUNET_free (attr_val_str);
+  }
+  body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (body);
+
+  GNUNET_STRINGS_base64_encode (header,
+                                strlen (header),
+                                &header_base64);
+  fix_base64(header_base64);
+
+  GNUNET_STRINGS_base64_encode (body_str,
+                                strlen (body_str),
+                                &body_base64);
+  fix_base64(body_base64);
+
+  GNUNET_free (subject);
+  GNUNET_free (audience);
+
+  /**
+   * Creating the JWT signature. This might not be
+   * standards compliant, check.
+   */
+  GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+  GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature);
+  GNUNET_STRINGS_base64_encode ((const char*)&signature,
+                                sizeof (struct GNUNET_HashCode),
+                                &signature_base64);
+  fix_base64(signature_base64);
+
+  GNUNET_asprintf (&result, "%s.%s.%s",
+                   header_base64, body_base64, signature_base64);
+
+  GNUNET_free (signature_target);
+  GNUNET_free (header);
+  GNUNET_free (body_str);
+  GNUNET_free (signature_base64);
+  GNUNET_free (body_base64);
+  GNUNET_free (header_base64);
+  return result;
+}
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce)
+{
+  char *ticket_str;
+  json_t *code_json;
+  char *signature_payload;
+  char *signature_str;
+  char *authz_code;
+  size_t signature_payload_len;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce)
+    signature_payload_len += strlen (nonce);
+
+  signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload;
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  memcpy (&purpose[1],
+          ticket,
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (NULL != nonce)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce,
+            strlen (nonce));
+  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer,
+                                                 purpose,
+                                                 &signature))
+  {
+    GNUNET_free (signature_payload);
+    return NULL;
+  }
+  signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature,
+                                                       sizeof (signature));
+  ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
+
+  code_json = json_object ();
+  json_object_set_new (code_json,
+                       "ticket",
+                       json_string (ticket_str));
+  if (NULL != nonce)
+    json_object_set_new (code_json,
+                         "nonce",
+                         json_string (nonce));
+  json_object_set_new (code_json,
+                       "signature",
+                       json_string (signature_str));
+  authz_code = json_dumps (code_json,
+                           JSON_INDENT(0) | JSON_COMPACT);
+  GNUNET_free (signature_payload);
+  GNUNET_free (signature_str);
+  GNUNET_free (ticket_str);
+  json_decref (code_json);
+  return authz_code;
+}
+
+
+
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce)
+{
+  json_error_t error;
+  json_t *code_json;
+  json_t *ticket_json;
+  json_t *nonce_json;
+  json_t *signature_json;
+  const char *ticket_str;
+  const char *signature_str;
+  const char *nonce_str;
+  char *code_output;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  size_t signature_payload_len;
+
+  code_output = NULL; 
+  GNUNET_STRINGS_base64_decode (code,
+                                strlen(code),
+                                (void**)&code_output);
+  code_json = json_loads (code_output, 0 , &error);
+  GNUNET_free (code_output);
+  ticket_json = json_object_get (code_json, "ticket");
+  nonce_json = json_object_get (code_json, "nonce");
+  signature_json = json_object_get (code_json, "signature");
+  *ticket = NULL;
+  *nonce = NULL;
+
+  if ((NULL == ticket_json || !json_is_string (ticket_json)) ||
+      (NULL == signature_json || !json_is_string (signature_json)))
+  {
+    json_decref (code_json);
+    return GNUNET_SYSERR;
+  }
+  ticket_str = json_string_value (ticket_json);
+  signature_str = json_string_value (signature_json);
+  nonce_str = NULL;
+  if (NULL != nonce_json)
+    nonce_str = json_string_value (nonce_json);
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce_str)
+    signature_payload_len += strlen (nonce_str);
+  purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                           signature_payload_len);
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str,
+                                                  strlen (ticket_str),
+                                                  &purpose[1],
+                                                  sizeof (struct GNUNET_RECLAIM_Ticket)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse ticket!\n");
+    return GNUNET_SYSERR;
+  }
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str,
+                                                  strlen (signature_str),
+                                                  &signature,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse signature!\n");
+    return GNUNET_SYSERR;
+  }
+  *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
+  memcpy (*ticket,
+          &purpose[1],
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (0 != memcmp (audience,
+                   &(*ticket)->audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Audience in ticket does not match client!\n");
+    return GNUNET_SYSERR;
+
+  }
+  if (NULL != nonce_str)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce_str,
+            strlen (nonce_str));
+  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+                                               purpose,
+                                               &signature,
+                                               &(*ticket)->identity))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Signature of authZ code invalid!\n");
+    return GNUNET_SYSERR;
+  }
+  *nonce = GNUNET_strdup (nonce_str);
+  return GNUNET_OK;
+}
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response)
+{
+  json_t *root_json;
+
+  root_json = json_object ();
+
+  GNUNET_assert (NULL != access_token);
+  GNUNET_assert (NULL != id_token);
+  GNUNET_assert (NULL != expiration_time);
+  json_object_set_new (root_json,
+                       "access_token",
+                       json_string (access_token));
+  json_object_set_new (root_json,
+                       "token_type",
+                       json_string ("Bearer"));
+  json_object_set_new (root_json,
+                       "expires_in",
+                       json_integer (expiration_time->rel_value_us / (1000 * 1000)));
+  json_object_set_new (root_json,
+                       "id_token",
+                       json_string (id_token));
+  *token_response = json_dumps (root_json,
+                                JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root_json);
+}
+
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ()
+{
+  char* access_token_number;
+  char* access_token;
+  uint64_t random_number;
+
+  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+  GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number);
+  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
+  return access_token;
+}
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
new file mode 100644
index 000000000..7a0f45bf9
--- /dev/null
+++ b/src/reclaim/oidc_helper.h
@@ -0,0 +1,109 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.h
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+
+#ifndef JWT_H
+#define JWT_H
+
+#define JWT_ALG "alg"
+
+/* Use 512bit HMAC */
+#define JWT_ALG_VALUE "HS512"
+
+#define JWT_TYP "typ"
+
+#define JWT_TYP_VALUE "jwt"
+
+#define SERVER_ADDRESS "https://reclaim.id"
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key);
+
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce);
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce);
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response);
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ();
+
+
+#endif
diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/reclaim/plugin_gnsrecord_reclaim.c
index f0dc563dc..781b88abc 100644
--- a/src/identity-provider/plugin_gnsrecord_identity_provider.c
+++ b/src/reclaim/plugin_gnsrecord_reclaim.c
@@ -17,7 +17,7 @@
 */
 
 /**
- * @file identity-provider/plugin_gnsrecord_identity_provider.c
+ * @file reclaim/plugin_gnsrecord_reclaim.c
  * @brief gnsrecord plugin to provide the API for identity records
  * @author Martin Schanzenbach
  */
@@ -54,6 +54,8 @@ value_to_string (void *cls,
     case GNUNET_GNSRECORD_TYPE_ID_ATTR:
       return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
     case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
       return GNUNET_strndup (data, data_size);
     case GNUNET_GNSRECORD_TYPE_ABE_KEY:
     case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
@@ -113,6 +115,8 @@ string_to_value (void *cls,
                                             *data,
                                             *data_size);
     case GNUNET_GNSRECORD_TYPE_ID_TOKEN:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
       *data = GNUNET_strdup (s);
       *data_size = strlen (s);
       return GNUNET_OK;
@@ -181,6 +185,8 @@ static struct {
   { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
   { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
   { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
+  { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT },
+  { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT },
   { NULL, UINT32_MAX }
 };
 
@@ -234,7 +240,7 @@ number_to_typename (void *cls,
  * @return the exported block API
  */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_init (void *cls)
 {
   struct GNUNET_GNSRECORD_PluginFunctions *api;
 
@@ -254,7 +260,7 @@ libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
  * @return NULL
  */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_done (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_done (void *cls)
 {
   struct GNUNET_GNSRECORD_PluginFunctions *api = cls;
 
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/reclaim/plugin_reclaim_sqlite.c
index f2a8b7b54..b545a94e8 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/reclaim/plugin_reclaim_sqlite.c
@@ -17,15 +17,15 @@
   */
 
 /**
- * @file identity-provider/plugin_identity_provider_sqlite.c
+ * @file reclaim/plugin_reclaim_sqlite.c
  * @brief sqlite-based idp backend
  * @author Martin Schanzenbach
  */
 
 #include "platform.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_sq_lib.h"
 #include <sqlite3.h>
 
@@ -47,9 +47,9 @@
  * a failure of the command 'cmd' on file 'filename'
  * with the message given by strerror(errno).
  */
-#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
+#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "reclaim", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
 
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-sqlite", __VA_ARGS__)
 
 
 /**
@@ -180,12 +180,12 @@ database_setup (struct Plugin *plugin)
 
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
-                                               "identity-provider-sqlite",
+                                               "reclaim-sqlite",
                                                "FILENAME",
                                                &afsdir))
   {
     GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-                               "identity-provider-sqlite",
+                               "reclaim-sqlite",
                                "FILENAME");
     return GNUNET_SYSERR;
   }
@@ -370,9 +370,9 @@ database_shutdown (struct Plugin *plugin)
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_store_ticket (void *cls,
-                                       const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+reclaim_sqlite_store_ticket (void *cls,
+                                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct Plugin *plugin = cls;
   size_t attrs_len;
@@ -401,9 +401,9 @@ identity_provider_sqlite_store_ticket (void *cls,
     GNUNET_SQ_reset (plugin->dbh,
                      plugin->delete_ticket);
     
-    attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+    attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
     attrs_ser = GNUNET_malloc (attrs_len);
-    GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+    GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                               attrs_ser);
     struct GNUNET_SQ_QueryParam sparams[] = {
       GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
@@ -458,8 +458,8 @@ identity_provider_sqlite_store_ticket (void *cls,
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_delete_ticket (void *cls,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+reclaim_sqlite_delete_ticket (void *cls,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   struct Plugin *plugin = cls;
   int n;
@@ -521,11 +521,11 @@ identity_provider_sqlite_delete_ticket (void *cls,
 static int
 get_ticket_and_call_iterator (struct Plugin *plugin,
                               sqlite3_stmt *stmt,
-                              GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                              GNUNET_RECLAIM_TicketIterator iter,
                               void *iter_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_Ticket ticket;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
   int ret;
   int sret;
   size_t attrs_len;
@@ -552,13 +552,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
     }
     else
     {
-      attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser,
+      attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
                                           attrs_len);
       if (NULL != iter)
         iter (iter_cls,
               &ticket,
               attrs);
-      GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+      GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
       ret = GNUNET_YES;
     }
     GNUNET_SQ_cleanup_result (rs);
@@ -586,9 +586,9 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_ticket_get_attrs (void *cls,
-                                           const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                           GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+reclaim_sqlite_ticket_get_attrs (void *cls,
+                                           const struct GNUNET_RECLAIM_Ticket *ticket,
+                                           GNUNET_RECLAIM_TicketIterator iter,
                                            void *iter_cls)
 {
   struct Plugin *plugin = cls;
@@ -628,11 +628,11 @@ identity_provider_sqlite_ticket_get_attrs (void *cls,
  * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
  */
 static int
-identity_provider_sqlite_iterate_tickets (void *cls,
+reclaim_sqlite_iterate_tickets (void *cls,
                                           const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                           int audience,
                                           uint64_t offset,
-                                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                          GNUNET_RECLAIM_TicketIterator iter,
                                           void *iter_cls)
 {
   struct Plugin *plugin = cls;
@@ -680,15 +680,15 @@ identity_provider_sqlite_iterate_tickets (void *cls,
 /**
  * Entry point for the plugin.
  *
- * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*"
+ * @param cls the "struct GNUNET_RECLAIM_PluginEnvironment*"
  * @return NULL on error, otherwise the plugin context
  */
 void *
-libgnunet_plugin_identity_provider_sqlite_init (void *cls)
+libgnunet_plugin_reclaim_sqlite_init (void *cls)
 {
   static struct Plugin plugin;
   const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api;
+  struct GNUNET_RECLAIM_PluginFunctions *api;
 
   if (NULL != plugin.cfg)
     return NULL;                /* can only initialize once! */
@@ -699,12 +699,12 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
     database_shutdown (&plugin);
     return NULL;
   }
-  api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_PluginFunctions);
   api->cls = &plugin;
-  api->store_ticket = &identity_provider_sqlite_store_ticket;
-  api->delete_ticket = &identity_provider_sqlite_delete_ticket;
-  api->iterate_tickets = &identity_provider_sqlite_iterate_tickets;
-  api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs;
+  api->store_ticket = &reclaim_sqlite_store_ticket;
+  api->delete_ticket = &reclaim_sqlite_delete_ticket;
+  api->iterate_tickets = &reclaim_sqlite_iterate_tickets;
+  api->get_ticket_attributes = &reclaim_sqlite_ticket_get_attrs;
   LOG (GNUNET_ERROR_TYPE_INFO,
        _("Sqlite database running\n"));
   return api;
@@ -718,9 +718,9 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
  * @return always NULL
  */
 void *
-libgnunet_plugin_identity_provider_sqlite_done (void *cls)
+libgnunet_plugin_reclaim_sqlite_done (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_PluginFunctions *api = cls;
   struct Plugin *plugin = api->cls;
 
   database_shutdown (plugin);
@@ -731,4 +731,4 @@ libgnunet_plugin_identity_provider_sqlite_done (void *cls)
   return NULL;
 }
 
-/* end of plugin_identity_provider_sqlite.c */
+/* end of plugin_reclaim_sqlite.c */
diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index d87a345cf..24673c692 100644
--- a/src/identity-provider/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -36,9 +36,9 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "jwt.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "oidc_helper.h"
 
 /**
  * REST root namespace
@@ -68,7 +68,7 @@
 /**
  * Attribute key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 
 /**
  * Ticket key
@@ -79,7 +79,7 @@
 /**
  * Value key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 
 /**
  * State while collecting all egos
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] =
 {
   "display",
   "prompt",
-  "max_age",
   "ui_locales", 
   "response_mode",
   "id_token_hint",
@@ -230,12 +229,6 @@ struct OIDC_Variables
   char *client_id;
 
   /**
-   * GNUNET_YES if there is a delegation to 
-   * this RP or if it is a local identity
-   */
-  int is_client_trusted;
-
-  /**
    * The OIDC redirect uri
    */
   char *redirect_uri;
@@ -347,6 +340,16 @@ struct RequestHandle
   struct GNUNET_REST_RequestHandle *rest_handle;
 
   /**
+   * GNS handle
+   */
+  struct GNUNET_GNS_Handle *gns_handle;
+
+  /**
+   * GNS lookup op
+   */
+  struct GNUNET_GNS_LookupRequest *gns_op;
+
+  /**
    * Handle to NAMESTORE
    */
   struct GNUNET_NAMESTORE_Handle *namestore_handle;
@@ -359,7 +362,7 @@ struct RequestHandle
   /**
    * Attribute claim list
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
   /**
    * IDENTITY Operation
@@ -369,27 +372,27 @@ struct RequestHandle
   /**
    * Identity Provider
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
 
   /**
    * Idp Operation
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
 
   /**
    * Attribute iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
 
   /**
    * Ticket iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
 
   /**
    * A ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * Desired timeout for the lookup (default is no timeout).
@@ -422,6 +425,16 @@ struct RequestHandle
   char *tld;
 
   /**
+   * The redirect prefix
+   */
+  char *redirect_prefix;
+
+  /**
+   * The redirect suffix
+   */
+  char *redirect_suffix;
+
+  /**
    * Error response message
    */
   char *emsg;
@@ -450,8 +463,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
   struct EgoEntry *ego_entry;
   struct EgoEntry *ego_tmp;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -463,19 +476,28 @@ cleanup_handle (struct RequestHandle *handle)
   if (NULL != handle->identity_handle)
     GNUNET_IDENTITY_disconnect (handle->identity_handle);
   if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
   if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
   if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
   if (NULL != handle->url)
     GNUNET_free (handle->url);
   if (NULL != handle->tld)
     GNUNET_free (handle->tld);
+  if (NULL != handle->redirect_prefix)
+    GNUNET_free (handle->redirect_prefix);
+  if (NULL != handle->redirect_suffix)
+    GNUNET_free (handle->redirect_suffix);
   if (NULL != handle->emsg)
     GNUNET_free (handle->emsg);
   if (NULL != handle->edesc)
     GNUNET_free (handle->edesc);
+  if (NULL != handle->gns_op)
+    GNUNET_GNS_lookup_cancel (handle->gns_op);
+  if (NULL != handle->gns_handle)
+    GNUNET_GNS_disconnect (handle->gns_handle);
+
   if (NULL != handle->namestore_handle)
     GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
   if (NULL != handle->oidc)
@@ -732,6 +754,8 @@ cookie_identity_interpretation (struct RequestHandle *handle)
       {
         handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY);
         handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity);
+      } else {
+        handle->oidc->login_identity = NULL;
       }
     }
     else
@@ -753,7 +777,7 @@ login_redirection(void *cls)
   struct RequestHandle *handle = cls;
 
   if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
                                                  "address", &login_base_url) )
   {
     GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
@@ -799,11 +823,12 @@ oidc_iteration_error (void *cls)
   GNUNET_SCHEDULER_add_now (&do_error, handle);
 }
 
-static void get_client_name_result (void *cls,
-                                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                                    const char *label,
-                                    unsigned int rd_count,
-                                    const struct GNUNET_GNSRECORD_Data *rd)
+static void
+get_client_name_result (void *cls,
+                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                        const char *label,
+                        unsigned int rd_count,
+                        const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RequestHandle *handle = cls;
   struct MHD_Response *resp;
@@ -811,46 +836,33 @@ static void get_client_name_result (void *cls,
   char *redirect_uri;
   char *code_json_string;
   char *code_base64_final_string;
-  char *redirect_path;
-  char *tmp;
-  char *tmp_prefix;
-  char *prefix;
+
   ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
-                                                    sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
   //TODO change if more attributes are needed (see max_age)
-  GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
-                   ticket_str,
-                   (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
-                   (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
-                   (NULL != handle->oidc->nonce) ? "\"" : "");
+  code_json_string = OIDC_build_authz_code (&handle->priv_key,
+                                            &handle->ticket,
+                                            handle->oidc->nonce);
   code_base64_final_string = base_64_encode(code_json_string);
-  tmp = GNUNET_strdup (handle->oidc->redirect_uri);
-  redirect_path = strtok (tmp, "/");
-  redirect_path = strtok (NULL, "/");
-  redirect_path = strtok (NULL, "/");
-  tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri);
-  prefix = strrchr (tmp_prefix,
-                    (unsigned char) '.');
-  *prefix = '\0';
   GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
-                   tmp_prefix,
+                   handle->redirect_prefix,
                    handle->tld,
-                   redirect_path,
+                   handle->redirect_suffix,
                    handle->oidc->response_type,
                    code_base64_final_string, handle->oidc->state);
   resp = GNUNET_REST_create_response ("");
   MHD_add_response_header (resp, "Location", redirect_uri);
   handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
   GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
-  GNUNET_free (tmp);
-  GNUNET_free (tmp_prefix);
   GNUNET_free (redirect_uri);
   GNUNET_free (ticket_str);
   GNUNET_free (code_json_string);
   GNUNET_free (code_base64_final_string);
   return;
+
 }
 
+
 static void
 get_client_name_error (void *cls)
 {
@@ -861,32 +873,93 @@ get_client_name_error (void *cls)
   GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
 
-/**
- * Issues ticket and redirects to relying party with the authorization code as
- * parameter. Otherwise redirects with error
- */
+
 static void
-oidc_ticket_issue_cb (void* cls,
-                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+lookup_redirect_uri_result (void *cls,
+                            uint32_t rd_count,
+                            const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RequestHandle *handle = cls;
-  handle->idp_op = NULL;
-  handle->ticket = *ticket;
-  if (NULL != ticket) {
+  char *tmp;
+  char *tmp_key_str;
+  char *pos;
+  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
+
+  handle->gns_op = NULL;
+  if (0 == rd_count)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  for (int i = 0; i < rd_count; i++)
+  {
+    if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+      continue;
+    if (0 != strcmp (rd[i].data,
+                     handle->oidc->redirect_uri))
+      continue;
+    tmp = GNUNET_strdup (rd[i].data);
+    pos = strrchr (tmp,
+                   (unsigned char) '.');
+    *pos = '\0';
+    handle->redirect_prefix = GNUNET_strdup (tmp);
+    tmp_key_str = pos + 1;
+    pos = strchr (tmp_key_str,
+                  (unsigned char) '/');
+    *pos = '\0';
+    handle->redirect_suffix = GNUNET_strdup (pos + 1);
+
+    GNUNET_STRINGS_string_to_data (tmp_key_str,
+                                   strlen (tmp_key_str),
+                                   &redirect_zone,
+                                   sizeof (redirect_zone));
+
     GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
                                    &handle->priv_key,
-                                   &handle->oidc->client_pkey,
+                                   &redirect_zone,
                                    &get_client_name_error,
                                    handle,
                                    &get_client_name_result,
                                    handle);
+    GNUNET_free (tmp);
     return;
   }
   handle->emsg = GNUNET_strdup("server_error");
-  handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+  handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
   GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
 
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
+static void
+oidc_ticket_issue_cb (void* cls,
+                      const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+  struct RequestHandle *handle = cls;
+
+  handle->idp_op = NULL;
+  handle->ticket = *ticket;
+  if (NULL == ticket)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle,
+                                      "+",
+                                      &handle->oidc->client_pkey,
+                                      GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
+                                      GNUNET_GNS_LO_DEFAULT,
+                                      &lookup_redirect_uri_result,
+                                      handle);
+
+}
+
 static void
 oidc_collect_finished_cb (void *cls)
 {
@@ -900,12 +973,12 @@ oidc_collect_finished_cb (void *cls)
     GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
     return;
   }
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp,
-                                                          &handle->priv_key,
-                                                          &handle->oidc->client_pkey,
-                                                          handle->attr_list,
-                                                          &oidc_ticket_issue_cb,
-                                                          handle);
+  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
+                                                &handle->priv_key,
+                                                &handle->oidc->client_pkey,
+                                                handle->attr_list,
+                                                &oidc_ticket_issue_cb,
+                                                handle);
 }
 
 
@@ -915,17 +988,17 @@ oidc_collect_finished_cb (void *cls)
 static void
 oidc_attr_collect (void *cls,
                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char* scope_variables;
   char* scope_variable;
   char delimiter[]=" ";
 
   if ( (NULL == attr->name) || (NULL == attr->data) )
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     return;
   }
 
@@ -941,18 +1014,18 @@ oidc_attr_collect (void *cls,
   }
   if ( NULL == scope_variable )
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     GNUNET_free(scope_variables);
     return;
   }
   GNUNET_free(scope_variables);
 
-  le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type,
-                                                   attr->data, attr->data_size);
+  le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type,
+                                                  attr->data, attr->data_size);
   GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
                               handle->attr_list->list_tail, le);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
 
 
@@ -1005,88 +1078,33 @@ login_check (void *cls)
           handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
                                                                    handle->ego_entry->ego);
           handle->resp_object = GNUNET_JSONAPI_document_new ();
-          handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+          handle->idp = GNUNET_RECLAIM_connect (cfg);
           handle->attr_list = GNUNET_new(
-                                         struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-          handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
-                                                                           handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
-                                                                           &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
+                                         struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+          handle->attr_it = GNUNET_RECLAIM_get_attributes_start (
+                                                                 handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
+                                                                 &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
           return;
         }
       }
-      handle->emsg = GNUNET_strdup("invalid_cookie");
-      handle->edesc = GNUNET_strdup(
-                                    "The cookie of the login identity is not valid");
-      GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      //handle->emsg = GNUNET_strdup("invalid_cookie");
+      //handle->edesc = GNUNET_strdup(
+      //                              "The cookie of the login identity is not valid");
+      //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      GNUNET_SCHEDULER_add_now (&login_redirection,handle);
       return;
     }
   }
 }
 
 /**
- * Searches for client_id in namestore. If found trust status stored in handle
- * Else continues to search
- *
- * @param handle the RequestHandle
- */
-static void
-namestore_iteration_callback (
-                              void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
-                              const char *rname, unsigned int rd_len,
-                              const struct GNUNET_GNSRECORD_Data *rd)
-{
-  struct RequestHandle *handle = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
-  int i;
-
-  for (i = 0; i < rd_len; i++)
-  {
-    if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
-      continue;
-
-    if ( NULL != handle->oidc->login_identity )
-    {
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (
-                                                  handle->oidc->login_identity,
-                                                  strlen (handle->oidc->login_identity),
-                                                  &login_identity_pkey);
-      GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
-                                          &current_zone_pkey);
-
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        if ( 0 == memcmp (&login_identity_pkey, &current_zone_pkey,
-                          sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-        {
-          handle->oidc->is_client_trusted = GNUNET_YES;
-        }
-      }
-    }
-    else
-    {
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        handle->oidc->is_client_trusted = GNUNET_YES;
-      }
-    }
-  }
-
-  GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it,
-                                       1);
-}
-
-
-/**
  * Iteration over all results finished, build final
  * response.
  *
  * @param cls the `struct RequestHandle`
  */
 static void
-namestore_iteration_finished (void *cls)
+build_authz_response (void *cls)
 {
   struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
@@ -1096,25 +1114,6 @@ namestore_iteration_finished (void *cls)
   int number_of_ignored_parameter, iterator;
 
 
-  handle->ego_entry = handle->ego_entry->next;
-
-  if(NULL != handle->ego_entry)
-  {
-    handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
-    handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key,
-                                                                         &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
-                                                                         &namestore_iteration_finished, handle);
-    return;
-  }
-  if (GNUNET_NO == handle->oidc->is_client_trusted)
-  {
-    handle->emsg = GNUNET_strdup("unauthorized_client");
-    handle->edesc = GNUNET_strdup("The client is not authorized to request an "
-                                  "authorization code using this method.");
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
-  }
-
   // REQUIRED value: redirect_uri
   GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                       &cache_key);
@@ -1244,8 +1243,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
   struct EgoEntry *tmp_ego;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
 
   cookie_identity_interpretation(handle);
 
@@ -1299,9 +1298,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 
   handle->ego_entry = handle->ego_head;
   handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
-  handle->oidc->is_client_trusted = GNUNET_NO;
-
-  //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config
+  //If we know this identity, translated the corresponding TLD
+  //TODO: We might want to have a reverse lookup functionality for TLDs?
   for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
   {
     priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
@@ -1311,17 +1309,10 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
                       sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
     {
       handle->tld = GNUNET_strdup (tmp_ego->identifier);
-      handle->oidc->is_client_trusted = GNUNET_YES;
       handle->ego_entry = handle->ego_tail;
     }
-  }
-
-
-  // Checks if client_id is valid:
-  handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
-                                                                       handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
-                                                                       handle, &namestore_iteration_callback, handle,
-                                                                       &namestore_iteration_finished, handle);
+  } 
+  GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
 }
 
 /**
@@ -1359,8 +1350,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
     current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
     *current_time = GNUNET_TIME_relative_to_absolute (
-                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
-                                                                                     30));
+                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+                                                                                     5));
     last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
     if (NULL != last_time)
     {
@@ -1382,37 +1373,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
   return;
 }
 
-/**
- * Responds to token url-encoded POST request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
-                const char* url,
-                void *cls)
+static int 
+check_authorization (struct RequestHandle *handle,
+                     struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
 {
-  //TODO static strings
-  struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
-  char *authorization, *credentials;
-  char delimiter[]=" ";
-  char delimiter_user_psw[]=":";
-  char *grant_type, *code;
-  char *user_psw = NULL, *client_id, *psw;
-  char *expected_psw;
+  char *authorization;
+  char *credentials;
+  char *basic_authorization;
+  char *client_id;
+  char *pass;
+  char *expected_pass;
   int client_exists = GNUNET_NO;
-  struct MHD_Response *resp;
-  char* code_output;
-  json_t *root, *ticket_string, *nonce, *max_age;
-  json_error_t error;
-  char *json_response;
 
-  /*
-   * Check Authorization
-   */
   GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
                       &cache_key);
@@ -1422,80 +1395,75 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->edesc=GNUNET_strdup("missing authorization");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
+  authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+                                                     &cache_key);
 
   //split header in "Basic" and [content]
-  credentials = strtok (authorization, delimiter);
-  if (0 != strcmp ("Basic",credentials))
+  credentials = strtok (authorization, " ");
+  if (0 != strcmp ("Basic", credentials))
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  credentials = strtok(NULL, delimiter);
+  credentials = strtok(NULL, " ");
   if (NULL == credentials)
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw);
+  GNUNET_STRINGS_base64_decode (credentials,
+                                strlen (credentials),
+                                (void**)&basic_authorization);
 
-  if ( NULL == user_psw )
+  if ( NULL == basic_authorization )
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  client_id = strtok (user_psw, delimiter_user_psw);
+  client_id = strtok (basic_authorization, ":");
   if ( NULL == client_id )
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  psw = strtok (NULL, delimiter_user_psw);
-  if (NULL == psw)
+  pass = strtok (NULL, ":");
+  if (NULL == pass)
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
 
   //check client password
   if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
-                                                 "psw", &expected_psw) )
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+                                                 "psw", &expected_pass) )
   {
-    if (0 != strcmp (expected_psw, psw))
+    if (0 != strcmp (expected_pass, pass))
     {
-      GNUNET_free_non_null(user_psw);
-      GNUNET_free(expected_psw);
+      GNUNET_free_non_null(basic_authorization);
+      GNUNET_free(expected_pass);
       handle->emsg=GNUNET_strdup("invalid_client");
       handle->response_code = MHD_HTTP_UNAUTHORIZED;
-      GNUNET_SCHEDULER_add_now (&do_error, handle);
-      return;
+      return GNUNET_SYSERR;
     }
-    GNUNET_free(expected_psw);
+    GNUNET_free(expected_pass);
   }
   else
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg = GNUNET_strdup("server_error");
     handle->edesc = GNUNET_strdup ("gnunet configuration failed");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
 
   //check client_id
@@ -1510,9 +1478,107 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   }
   if (GNUNET_NO == client_exists)
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
+    return GNUNET_SYSERR;
+  }
+  GNUNET_STRINGS_string_to_data (client_id,
+                                 strlen(client_id),
+                                 cid,
+                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+  GNUNET_free (basic_authorization);
+  return GNUNET_OK;
+}
+
+static int
+ego_exists (struct RequestHandle *handle,
+            struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+{
+  struct EgoEntry *ego_entry;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+
+  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  {
+    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+    if (0 == memcmp (&pub_key,
+                     test_key,
+                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+    {
+      break;
+    }
+  }
+  if (NULL == ego_entry)
+    return GNUNET_NO;
+  return GNUNET_YES;
+}
+
+static void
+store_ticket_reference (const struct RequestHandle *handle,
+                        const char* access_token,
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                        const struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+{
+  struct GNUNET_HashCode cache_key;
+  char *id_ticket_combination;
+  char *ticket_string;
+  char *client_id;
+
+  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
+  client_id = GNUNET_STRINGS_data_to_string_alloc (cid,
+                                                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                       sizeof (struct GNUNET_RECLAIM_Ticket));
+  GNUNET_asprintf(&id_ticket_combination,
+                  "%s;%s",
+                  client_id,
+                  ticket_string);
+  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
+                                    &cache_key,
+                                    id_ticket_combination,
+                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+
+  GNUNET_free (client_id);
+  GNUNET_free (ticket_string);
+}
+
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+                const char* url,
+                void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct GNUNET_TIME_Relative expiration_time;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; 
+  struct GNUNET_RECLAIM_Ticket *ticket;
+  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+  struct GNUNET_HashCode cache_key;
+  struct MHD_Response *resp;
+  char *grant_type;
+  char *code;
+  char *json_response;
+  char *id_token;
+  char *access_token;
+  char *jwt_secret;
+  char *nonce;
+  int i = 1;
+
+  /*
+   * Check Authorization
+   */
+  if (GNUNET_SYSERR == check_authorization (handle,
+                                            &cid))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "OIDC authorization for token endpoint failed\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
@@ -1524,27 +1590,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //TODO Do not allow multiple equal parameter names
   //REQUIRED grant_type
   GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter grant_type");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  grant_type = GNUNET_CONTAINER_multihashmap_get (
-                                                  handle->rest_handle->url_param_map, &cache_key);
+  grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+                                                  &cache_key);
 
   //REQUIRED code
   GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter code");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1557,11 +1621,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //REQUIRED redirect_uri
   GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                       &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1572,21 +1635,18 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //Check parameter grant_type == "authorization_code"
   if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg=GNUNET_strdup("unsupported_grant_type");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
   GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
-  int i = 1;
-  if ( GNUNET_SYSERR
-       == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
-                                             &cache_key,
-                                             &i,
-                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
+  if (GNUNET_SYSERR ==
+      GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+                                         &cache_key,
+                                         &i,
+                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1595,16 +1655,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   }
 
   //decode code
-  GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output);
-  root = json_loads (code_output, 0, &error);
-  GNUNET_free(code_output);
-  ticket_string = json_object_get (root, "ticket");
-  nonce = json_object_get (root, "nonce");
-  max_age = json_object_get (root, "max_age");
-
-  if(ticket_string == NULL && !json_is_string(ticket_string))
+  if(GNUNET_OK != OIDC_parse_authz_code (&cid,
+                                         code,
+                                         &ticket,
+                                         &nonce))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("invalid code");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1612,42 +1667,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
-  if ( GNUNET_OK
-       != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
-                                         strlen (json_string_value(ticket_string)),
-                                         ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
-  // this is the current client (relying party)
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
-  GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
-  if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
-
   //create jwt
-  unsigned long long int expiration_time;
-  if ( GNUNET_OK
-       != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
-                                                "expiration_time", &expiration_time) )
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time(cfg,
+                                          "reclaim-rest-plugin",
+                                          "expiration_time",
+                                          &expiration_time))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("server_error");
     handle->edesc = GNUNET_strdup ("gnunet configuration failed");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1656,118 +1682,56 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-  //aud REQUIRED public key client_id must be there
-  GNUNET_IDENTITY_ATTRIBUTE_list_add(cl,
-                                     "aud",
-                                     GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                     client_id,
-                                     strlen(client_id));
-  //exp REQUIRED time expired from config
-  struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
-                                                                           GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                                          expiration_time));
-  const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "exp",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      exp_time_string,
-                                      strlen(exp_time_string));
-  //iat REQUIRED time now
-  struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
-  const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "iat",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      time_now_string,
-                                      strlen(time_now_string));
-  //nonce only if nonce is provided
-  if ( NULL != nonce && json_is_string(nonce) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "nonce",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(nonce),
-                                        strlen(json_string_value(nonce)));
-  }
-  //auth_time only if max_age is provided
-  if ( NULL != max_age && json_is_string(max_age) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "auth_time",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(max_age),
-                                        strlen(json_string_value(max_age)));
-  }
-  //TODO OPTIONAL acr,amr,azp
 
-  struct EgoEntry *ego_entry;
-  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  //TODO OPTIONAL acr,amr,azp
+  if (GNUNET_NO == ego_exists (handle,
+                               &ticket->audience))
   {
-    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
-    if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
-    {
-      break;
-    }
+    handle->emsg = GNUNET_strdup("invalid_request");
+    handle->edesc = GNUNET_strdup("invalid code...");
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    GNUNET_free(ticket);
   }
-  if ( NULL == ego_entry )
+  if ( GNUNET_OK
+       != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+                                                 "jwt_secret", &jwt_secret) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code....");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    handle->edesc = GNUNET_strdup("No signing secret configured!");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     GNUNET_free(ticket);
     return;
   }
-  char *id_token = jwt_create_from_list(&ticket->audience,
-                                        cl,
-                                        GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
-
-  //Create random access_token
-  char* access_token_number;
-  char* access_token;
-  uint64_t random_number;
-  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
-  GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number);
-  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
-
-
-
-  //TODO OPTIONAL add refresh_token and scope
-  GNUNET_asprintf (&json_response,
-                   "{ \"access_token\" : \"%s\", "
-                   "\"token_type\" : \"Bearer\", "
-                   "\"expires_in\" : %d, "
-                   "\"id_token\" : \"%s\"}",
-                   access_token,
-                   expiration_time,
-                   id_token);
-  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
-  char *id_ticket_combination;
-  GNUNET_asprintf(&id_ticket_combination,
-                  "%s;%s",
-                  client_id,
-                  json_string_value(ticket_string));
-  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
-                                    &cache_key,
-                                    id_ticket_combination,
-                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
-
+  //TODO We should collect the attributes here. cl always empty
+  cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+  id_token = OIDC_id_token_new (&ticket->audience,
+                                &ticket->identity,
+                                cl,
+                                &expiration_time,
+                                (NULL != nonce) ? nonce : NULL,
+                                jwt_secret);
+  access_token = OIDC_access_token_new (); 
+  OIDC_build_token_response (access_token,
+                             id_token,
+                             &expiration_time,
+                             &json_response);
+
+  store_ticket_reference (handle,
+                          access_token,
+                          ticket,
+                          &cid);
   resp = GNUNET_REST_create_response (json_response);
   MHD_add_response_header (resp, "Cache-Control", "no-store");
   MHD_add_response_header (resp, "Pragma", "no-cache");
   MHD_add_response_header (resp, "Content-Type", "application/json");
   handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
-
-  GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
-  GNUNET_free(access_token_number);
+  GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl);
   GNUNET_free(access_token);
-  GNUNET_free(user_psw);
   GNUNET_free(json_response);
   GNUNET_free(ticket);
   GNUNET_free(id_token);
-  json_decref (root);
   GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
 }
 
@@ -1777,7 +1741,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_ticket (void *cls,
                 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
   char *tmp_value;
@@ -1789,9 +1753,9 @@ consume_ticket (void *cls,
     return;
   }
 
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
-                                                         attr->data,
-                                                         attr->data_size);
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+                                                        attr->data,
+                                                        attr->data_size);
 
   value = json_string (tmp_value);
 
@@ -1820,7 +1784,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   struct GNUNET_HashCode cache_key;
   char *authorization, *authorization_type, *authorization_access_token;
   char *client_ticket, *client, *ticket_str;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
 
   GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
@@ -1918,12 +1882,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     GNUNET_free(client_ticket);
     return;
   }
-  ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
+  ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket);
   if ( GNUNET_OK
        != GNUNET_STRINGS_string_to_data (ticket_str,
                                          strlen (ticket_str),
                                          ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
+                                         sizeof(struct GNUNET_RECLAIM_Ticket)))
   {
     handle->emsg = GNUNET_strdup("invalid_token");
     handle->edesc = GNUNET_strdup("The Access Token expired");
@@ -1935,15 +1899,15 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
   handle->oidc->response = json_object();
   json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (
-                                                            handle->idp,
-                                                            GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
-                                                            ticket,
-                                                            consume_ticket,
-                                                            handle);
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (
+                                                  handle->idp,
+                                                  GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
+                                                  ticket,
+                                                  consume_ticket,
+                                                  handle);
   GNUNET_free(ticket);
   GNUNET_free(authorization);
   GNUNET_free(client_ticket);
@@ -2103,6 +2067,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
   handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
                                                      &list_ego,
                                                      handle);
+  handle->gns_handle = GNUNET_GNS_connect (cfg);
   handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
   handle->timeout_task =
     GNUNET_SCHEDULER_add_delayed (handle->timeout,
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/reclaim/plugin_rest_reclaim.c
index a83163db2..38ffc4ddb 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -18,8 +18,8 @@
 /**
  * @author Martin Schanzenbach
  * @author Philippe Buschmann
- * @file identity/plugin_rest_identity.c
- * @brief GNUnet Namestore REST plugin
+ * @file reclaim/plugin_rest_reclaim.c
+ * @brief GNUnet reclaim REST plugin
  *
  */
 
@@ -36,38 +36,38 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
 
 /**
  * REST root namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
+#define GNUNET_REST_API_NS_RECLAIM "/reclaim"
 
 /**
  * Attribute namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes"
+#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes"
 
 /**
  * Ticket namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets"
+#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets"
 
 /**
  * Revoke namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke"
+#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke"
 
 /**
  * Revoke namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume"
+#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume"
 
 /**
  * Attribute key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 
 /**
  * Ticket key
@@ -78,7 +78,7 @@
 /**
  * Value key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 
 /**
  * State while collecting all egos
@@ -190,7 +190,7 @@ struct RequestHandle
   /**
    * Attribute claim list
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
   /**
    * IDENTITY Operation
@@ -200,27 +200,27 @@ struct RequestHandle
   /**
    * Identity Provider
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
 
   /**
    * Idp Operation
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
 
   /**
    * Attribute iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
 
   /**
    * Ticket iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
 
   /**
    * A ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * Desired timeout for the lookup (default is no timeout).
@@ -271,8 +271,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
   struct EgoEntry *ego_entry;
   struct EgoEntry *ego_tmp;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -284,11 +284,11 @@ cleanup_handle (struct RequestHandle *handle)
   if (NULL != handle->identity_handle)
     GNUNET_IDENTITY_disconnect (handle->identity_handle);
   if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
   if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
   if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
   if (NULL != handle->url)
     GNUNET_free (handle->url);
   if (NULL != handle->emsg)
@@ -435,7 +435,7 @@ collect_finished_cb (void *cls)
  */
 static void
 ticket_collect (void *cls,
-                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   struct GNUNET_JSONAPI_Resource *json_resource;
   struct RequestHandle *handle = cls;
@@ -474,7 +474,7 @@ ticket_collect (void *cls,
                                     value);
   GNUNET_free (tmp);
   json_decref (value);
-  GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it);
+  GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it);
 }
 
 
@@ -523,8 +523,8 @@ list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
   priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->ticket_it = GNUNET_RECLAIM_ticket_iteration_start (handle->idp,
                                                                        priv_key,
                                                                        &collect_error_cb,
                                                                        handle,
@@ -549,7 +549,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attribute;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_TIME_Relative exp;
@@ -565,14 +565,14 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n",
               handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
        strlen (handle->url))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
 
   for (ego_entry = handle->ego_head;
        NULL != ego_entry;
@@ -625,7 +625,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
   if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
-                                                       GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE))
+                                                       GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Unsupported JSON data type\n");
@@ -651,12 +651,12 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                   "value");
   value_str = json_string_value (value_json);
-  attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str,
-                                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+  attribute = GNUNET_RECLAIM_ATTRIBUTE_claim_new (name_str,
+                                                      GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
                                                       value_str,
                                                       strlen (value_str) + 1);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_attribute_store (handle->idp,
                                                              identity_priv,
                                                              attribute,
                                                              &exp,
@@ -675,7 +675,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 attr_collect (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct GNUNET_JSONAPI_Resource *json_resource;
   struct RequestHandle *handle = cls;
@@ -684,17 +684,17 @@ attr_collect (void *cls,
   
   if ((NULL == attr->name) || (NULL == attr->data))
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     return;
   }
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
               attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                                attr->name);
   GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
 
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
                                            attr->data,
                                            attr->data_size);
 
@@ -705,7 +705,7 @@ attr_collect (void *cls,
                                     value);
   json_decref (value);
   GNUNET_free(tmp_value);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
 
 
@@ -729,14 +729,14 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n",
               handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
        strlen (handle->url))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
 
   for (ego_entry = handle->ego_head;
        NULL != ego_entry;
@@ -755,8 +755,8 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
   priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp,
                                                                    priv_key,
                                                                    &collect_error_cb,
                                                                    handle,
@@ -780,7 +780,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -844,7 +844,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                 "rnd");
   identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
-                                                     "identity");
+                                                     "issuer");
   audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                      "audience");
   rnd_str = json_string_value (rnd_json);
@@ -884,8 +884,8 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
 
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_ticket_revoke (handle->idp,
                                                            identity_priv,
                                                            &ticket,
                                                            &finished_cont,
@@ -896,7 +896,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_cont (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
   struct GNUNET_JSONAPI_Resource *json_resource;
@@ -910,7 +910,7 @@ consume_cont (void *cls,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
               attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                                attr->name);
   GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
 
@@ -934,7 +934,7 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -1038,8 +1038,8 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
   handle->resp_object = GNUNET_JSONAPI_document_new ();
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
                                                             identity_priv,
                                                             &ticket,
                                                             &consume_cont,
@@ -1084,12 +1084,12 @@ init_cont (struct RequestHandle *handle)
 {
   struct GNUNET_REST_RequestHandlerError err;
   static const struct GNUNET_REST_RequestHandler handlers[] = {
-    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont},
+    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont},
     {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
-    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM,
       &options_cont},
     GNUNET_REST_HANDLER_END
   };
@@ -1202,7 +1202,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
  * @return NULL on error, otherwise the plugin context
  */
 void *
-libgnunet_plugin_rest_identity_provider_init (void *cls)
+libgnunet_plugin_rest_reclaim_init (void *cls)
 {
   static struct Plugin plugin;
   struct GNUNET_REST_Plugin *api;
@@ -1214,7 +1214,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
   plugin.cfg = cfg;
   api = GNUNET_new (struct GNUNET_REST_Plugin);
   api->cls = &plugin;
-  api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
+  api->name = GNUNET_REST_API_NS_RECLAIM;
   api->process_request = &rest_identity_process_request;
   GNUNET_asprintf (&allow_methods,
                    "%s, %s, %s, %s, %s",
@@ -1237,7 +1237,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
  * @return always NULL
  */
 void *
-libgnunet_plugin_rest_identity_provider_done (void *cls)
+libgnunet_plugin_rest_reclaim_done (void *cls)
 {
   struct GNUNET_REST_Plugin *api = cls;
   struct Plugin *plugin = api->cls;
@@ -1250,4 +1250,4 @@ libgnunet_plugin_rest_identity_provider_done (void *cls)
   return NULL;
 }
 
-/* end of plugin_rest_identity_provider.c */
+/* end of plugin_rest_reclaim.c */
diff --git a/src/identity-provider/identity-provider.conf b/src/reclaim/reclaim.conf
index cc50152a1..cf0a0dc5e 100644
--- a/src/identity-provider/identity-provider.conf
+++ b/src/reclaim/reclaim.conf
@@ -1,22 +1,23 @@
-[identity-provider]
+[reclaim]
 START_ON_DEMAND = NO
 RUN_PER_USER = YES
 #PORT = 2108
 HOSTNAME = localhost
-BINARY = gnunet-service-identity-provider
+BINARY = gnunet-service-reclaim
 ACCEPT_FROM = 127.0.0.1;
 ACCEPT_FROM6 = ::1;
-UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock
 UNIX_MATCH_UID = NO
 UNIX_MATCH_GID = YES
 TOKEN_EXPIRATION_INTERVAL = 30 m
 DATABASE = sqlite
 
-[identity-rest-plugin]
+[reclaim-rest-plugin]
 #ADDRESS = https://identity.gnu:8000#/login
 ADDRESS = https://reclaim.ui/#/login
 PSW = secret
-EXPIRATION_TIME = 3600
+JWT_SECRET = secret
+EXPIRATION_TIME = 1d
 
-[identity-provider-sqlite]
-FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db
+[reclaim-sqlite]
+FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db
diff --git a/src/identity-provider/identity_provider.h b/src/reclaim/reclaim.h
index 6a4b7769f..d2c84686d 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/reclaim/reclaim.h
@@ -18,13 +18,13 @@
 
 /**
  * @author Martin Schanzenbach
- * @file identity-provider/identity_provider.h
+ * @file reclaim/reclaim.h
  *
  * @brief Common type definitions for the identity provider
  *        service and API.
  */
-#ifndef IDENTITY_PROVIDER_H
-#define IDENTITY_PROVIDER_H
+#ifndef RECLAIM_H
+#define RECLAIM_H
 
 #include "gnunet_common.h"
 
@@ -152,7 +152,7 @@ struct AttributeIterationStartMessage
 struct AttributeIterationNextMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT
    */
   struct GNUNET_MessageHeader header;
 
@@ -170,7 +170,7 @@ struct AttributeIterationNextMessage
 struct AttributeIterationStopMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP
    */
   struct GNUNET_MessageHeader header;
 
@@ -214,7 +214,7 @@ struct TicketIterationStartMessage
 struct TicketIterationNextMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT
    */
   struct GNUNET_MessageHeader header;
 
@@ -232,7 +232,7 @@ struct TicketIterationNextMessage
 struct TicketIterationStopMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP
    */
   struct GNUNET_MessageHeader header;
 
@@ -251,7 +251,7 @@ struct TicketIterationStopMessage
 struct IssueTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET
    */
   struct GNUNET_MessageHeader header;
 
@@ -284,7 +284,7 @@ struct IssueTicketMessage
 struct RevokeTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET
    */
   struct GNUNET_MessageHeader header;
 
@@ -312,7 +312,7 @@ struct RevokeTicketMessage
 struct RevokeTicketResultMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
    */
   struct GNUNET_MessageHeader header;
 
@@ -334,7 +334,7 @@ struct RevokeTicketResultMessage
 struct TicketResultMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
    */
   struct GNUNET_MessageHeader header;
 
@@ -351,7 +351,7 @@ struct TicketResultMessage
 struct ConsumeTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET
    */
   struct GNUNET_MessageHeader header;
 
diff --git a/src/identity-provider/identity_provider_api.c b/src/reclaim/reclaim_api.c
index 772b4a244..3f1584ccd 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/reclaim/reclaim_api.c
@@ -17,8 +17,8 @@
 */
 
 /**
- * @file identity-provider/identity_provider_api.c
- * @brief api to interact with the identity provider service
+ * @file reclaim/reclaim_api.c
+ * @brief api to interact with the reclaim service
  * @author Martin Schanzenbach
  */
 #include "platform.h"
@@ -26,33 +26,33 @@
 #include "gnunet_constants.h"
 #include "gnunet_protocols.h"
 #include "gnunet_mq_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "identity_provider.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "reclaim.h"
 
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-api",__VA_ARGS__)
 
 
 /**
  * Handle for an operation with the service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation
+struct GNUNET_RECLAIM_Operation
 {
 
   /**
    * Main handle.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * We keep operations in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *next;
+  struct GNUNET_RECLAIM_Operation *next;
 
   /**
    * We keep operations in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *prev;
+  struct GNUNET_RECLAIM_Operation *prev;
 
   /**
    * Message to send to the service.
@@ -63,22 +63,22 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
   /**
    * Continuation to invoke after attribute store call
    */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus as_cb;
 
   /**
    * Attribute result callback
    */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb;
+  GNUNET_RECLAIM_AttributeResult ar_cb;
 
   /**
    * Revocation result callback
    */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus rvk_cb;
 
   /**
    * Ticket result callback
    */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
 
   /**
    * Envelope with the message for this queue entry.
@@ -100,23 +100,23 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
 /**
  * Handle for a ticket iterator operation
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator
+struct GNUNET_RECLAIM_TicketIterator
 {
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next;
+  struct GNUNET_RECLAIM_TicketIterator *next;
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev;
+  struct GNUNET_RECLAIM_TicketIterator *prev;
 
   /**
    * Main handle to access the idp.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * Function to call on completion.
@@ -131,7 +131,7 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
   /**
    * The continuation to call with the results
    */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
 
   /**
    * Closure for @e tr_cb.
@@ -165,23 +165,23 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
 /**
  * Handle for a attribute iterator operation
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
+struct GNUNET_RECLAIM_AttributeIterator
 {
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next;
+  struct GNUNET_RECLAIM_AttributeIterator *next;
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev;
+  struct GNUNET_RECLAIM_AttributeIterator *prev;
 
   /**
    * Main handle to access the idp.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * Function to call on completion.
@@ -196,7 +196,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
   /**
    * The continuation to call with the results
    */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult proc;
+  GNUNET_RECLAIM_AttributeResult proc;
 
   /**
    * Closure for @e proc.
@@ -235,7 +235,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
 /**
  * Handle for the service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle
+struct GNUNET_RECLAIM_Handle
 {
   /**
    * Configuration to use.
@@ -255,32 +255,32 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
   /**
    * Head of active operations.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_head;
+  struct GNUNET_RECLAIM_Operation *op_head;
 
   /**
    * Tail of active operations.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail;
+  struct GNUNET_RECLAIM_Operation *op_tail;
 
   /**
    * Head of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head;
+  struct GNUNET_RECLAIM_AttributeIterator *it_head;
 
   /**
    * Tail of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail;
+  struct GNUNET_RECLAIM_AttributeIterator *it_tail;
 
   /**
    * Head of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_head;
 
   /**
    * Tail of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail;
 
 
   /**
@@ -318,10 +318,10 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
 /**
  * Try again to connect to the service.
  *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
  */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+reconnect (struct GNUNET_RECLAIM_Handle *h);
 
 /**
  * Reconnect
@@ -331,7 +331,7 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
 static void
 reconnect_task (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
 
   handle->reconnect_task = NULL;
   reconnect (handle);
@@ -344,7 +344,7 @@ reconnect_task (void *cls)
  * @param handle our service
  */
 static void
-force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
+force_reconnect (struct GNUNET_RECLAIM_Handle *handle)
 {
   GNUNET_MQ_destroy (handle->mq);
   handle->mq = NULL;
@@ -362,9 +362,9 @@ force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
  * @param it entry to free
  */
 static void
-free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+free_it (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
 
   GNUNET_CONTAINER_DLL_remove (h->it_head,
                                h->it_tail,
@@ -375,7 +375,7 @@ free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
 }
 
 static void
-free_op (struct GNUNET_IDENTITY_PROVIDER_Operation* op)
+free_op (struct GNUNET_RECLAIM_Operation* op)
 {
   if (NULL == op)
     return;
@@ -397,7 +397,7 @@ static void
 mq_error_handler (void *cls,
                   enum GNUNET_MQ_Error error)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
   force_reconnect (handle);
 }
 
@@ -412,8 +412,8 @@ static void
 handle_attribute_store_response (void *cls,
                               const struct AttributeStoreResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   uint32_t r_id = ntohl (msg->id);
   int res;
   const char *emsg;
@@ -448,7 +448,7 @@ handle_attribute_store_response (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -474,7 +474,7 @@ check_consume_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -483,8 +483,8 @@ static void
 handle_consume_ticket_result (void *cls,
                               const struct ConsumeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   size_t attrs_len;
   uint32_t r_id = ntohl (msg->id);
 
@@ -500,9 +500,9 @@ handle_consume_ticket_result (void *cls,
     return;
 
   {
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-    attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1],
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+    attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&msg[1],
                                         attrs_len);
     if (NULL != op->ar_cb)
     {
@@ -518,7 +518,7 @@ handle_consume_ticket_result (void *cls,
           op->ar_cb (op->cls,
                      &msg->identity,
                      le->claim);
-        GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+        GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
       }
     }
     if (NULL != op)
@@ -539,7 +539,7 @@ handle_consume_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -565,7 +565,7 @@ check_attribute_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -575,9 +575,9 @@ handle_attribute_result (void *cls,
                          const struct AttributeResultMessage *msg)
 {
   static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
+  struct GNUNET_RECLAIM_Operation *op;
   size_t attr_len;
   uint32_t r_id = ntohl (msg->id);
 
@@ -627,8 +627,8 @@ handle_attribute_result (void *cls,
   }
 
   {
-    struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
-    attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1],
+    struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
+    attr = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&msg[1],
                                                   attr_len);
     if (NULL != it)
     {
@@ -652,7 +652,7 @@ handle_attribute_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -677,7 +677,7 @@ check_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -686,10 +686,10 @@ static void
 handle_ticket_result (void *cls,
                       const struct TicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
-  const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Operation *op;
+  struct GNUNET_RECLAIM_TicketIterator *it;
+  const struct GNUNET_RECLAIM_Ticket *ticket;
   uint32_t r_id = ntohl (msg->id);
   size_t msg_len;
 
@@ -712,7 +712,7 @@ handle_ticket_result (void *cls,
       if (NULL != op->tr_cb)
         op->tr_cb (op->cls, NULL);
     } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
       if (NULL != op->tr_cb)
         op->tr_cb (op->cls, ticket);
     }
@@ -728,7 +728,7 @@ handle_ticket_result (void *cls,
       it->finish_cb (it->finish_cb_cls);
       GNUNET_free (it);
     } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
       if (NULL != it->tr_cb)
         it->tr_cb (it->cls, ticket);
     }
@@ -740,7 +740,7 @@ handle_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -749,8 +749,8 @@ static void
 handle_revoke_ticket_result (void *cls,
                              const struct RevokeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   uint32_t r_id = ntohl (msg->id);
   int32_t success;
 
@@ -785,42 +785,42 @@ handle_revoke_ticket_result (void *cls,
 /**
  * Try again to connect to the service.
  *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
  */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+reconnect (struct GNUNET_RECLAIM_Handle *h)
 {
   struct GNUNET_MQ_MessageHandler handlers[] = {
     GNUNET_MQ_hd_fixed_size (attribute_store_response,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE,
                              struct AttributeStoreResultMessage,
                              h),
     GNUNET_MQ_hd_var_size (attribute_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT,
                            struct AttributeResultMessage,
                            h),
     GNUNET_MQ_hd_var_size (ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT,
                            struct TicketResultMessage,
                            h),
     GNUNET_MQ_hd_var_size (consume_ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT,
                            struct ConsumeTicketResultMessage,
                            h),
     GNUNET_MQ_hd_fixed_size (revoke_ticket_result,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT,
                              struct RevokeTicketResultMessage,
                              h),
     GNUNET_MQ_handler_end ()
   };
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
 
   GNUNET_assert (NULL == h->mq);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Connecting to identity provider service.\n");
+       "Connecting to reclaim service.\n");
 
   h->mq = GNUNET_CLIENT_connect (h->cfg,
-                                 "identity-provider",
+                                 "reclaim",
                                  handlers,
                                  &mq_error_handler,
                                  h);
@@ -833,17 +833,17 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 
 
 /**
- * Connect to the identity provider service.
+ * Connect to the reclaim service.
  *
  * @param cfg the configuration to use
  * @return handle to use
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
-  h = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Handle);
+  h = GNUNET_new (struct GNUNET_RECLAIM_Handle);
   h->cfg = cfg;
   reconnect (h);
   if (NULL == h->mq)
@@ -864,9 +864,9 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
  * @param op operation to cancel
  */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = op->h;
+  struct GNUNET_RECLAIM_Handle *h = op->h;
 
   GNUNET_CONTAINER_DLL_remove (h->op_head,
                                h->op_tail,
@@ -881,7 +881,7 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
  * @param h handle to destroy
  */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h)
 {
   GNUNET_assert (NULL != h);
   if (NULL != h->mq)
@@ -902,7 +902,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
  * Store an attribute.  If the attribute is already present,
  * it is replaced with the new attribute.
  *
- * @param h handle to the identity provider
+ * @param h handle to the reclaim
  * @param pkey private key of the identity
  * @param attr the attribute value
  * @param exp_interval the relative expiration interval for the attribute
@@ -910,19 +910,19 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
  * @param cont_cls closure for @a cont
  * @return handle to abort the request
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                           const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                           void *cont_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct AttributeStoreMessage *sam;
   size_t attr_len;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->as_cb = cont;
   op->cls = cont_cls;
@@ -930,15 +930,15 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (attr);
   op->env = GNUNET_MQ_msg_extra (sam,
                                  attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE);
   sam->identity = *pkey;
   sam->id = htonl (op->r_id);
   sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
 
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (attr,
                                        (char*)&sam[1]);
 
   sam->attr_len = htons (attr_len);
@@ -952,11 +952,11 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 
 /**
  * List all attributes for a local identity.
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
  * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
  *
  * On error (disconnect), @a error_cb will be invoked.
  * On normal completion, @a finish_cb proc will be
@@ -975,23 +975,23 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                                void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                                void *proc_cls,
                                                GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeIterationStartMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1005,7 +1005,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
                                     h->it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = *identity;
   if (NULL == h->mq)
@@ -1018,20 +1018,20 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
 
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct AttributeIterationNextMessage *msg;
   struct GNUNET_MQ_Envelope *env;
 
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT);
   msg->id = htonl (it->r_id);
   GNUNET_MQ_send (h->mq,
                   env);
@@ -1041,21 +1041,21 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_At
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeIterationStopMessage *msg;
 
   if (NULL != h->mq)
   {
     env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP);
     msg->id = htonl (it->r_id);
     GNUNET_MQ_send (h->mq,
                     env);
@@ -1066,10 +1066,10 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
 
 /** TODO
  * Issues a ticket to another identity. The identity may use
- * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
+ * @GNUNET_RECLAIM_authorization_ticket_consume to consume the ticket
  * and retrieve the attributes specified in the AttributeList.
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param iss the issuing identity
  * @param rp the subject of the ticket (the relying party)
  * @param attrs the attributes that the relying party is given access to
@@ -1077,19 +1077,19 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                        void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct IssueTicketMessage *tim;
   size_t attr_len;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->tr_cb = cb;
   op->cls = cb_cls;
@@ -1097,15 +1097,15 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
   op->env = GNUNET_MQ_msg_extra (tim,
                                  attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET);
   tim->identity = *iss;
   tim->rp = *rp;
   tim->id = htonl (op->r_id);
 
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                                             (char*)&tim[1]);
 
   tim->attr_len = htons (attr_len);
@@ -1119,24 +1119,24 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
  * Consumes an issued ticket. The ticket is persisted
  * and used to retrieve identity information from the issuer
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the identity that is the subject of the issued ticket (the relying party)
  * @param ticket the issued ticket to consume
  * @param cb the callback to call
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                          void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct ConsumeTicketMessage *ctm;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->ar_cb = cb;
   op->cls = cb_cls;
@@ -1145,14 +1145,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
                                     h->op_tail,
                                     op);
   op->env = GNUNET_MQ_msg_extra (ctm,
-                                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET);
+                                 sizeof (const struct GNUNET_RECLAIM_Ticket),
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET);
   ctm->identity = *identity;
   ctm->id = htonl (op->r_id);
 
   GNUNET_memcpy ((char*)&ctm[1],
                  ticket,
-                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                 sizeof (const struct GNUNET_RECLAIM_Ticket));
 
   if (NULL != h->mq)
     GNUNET_MQ_send_copy (h->mq,
@@ -1166,7 +1166,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * Lists all tickets that have been issued to remote
  * identites (relying parties)
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param error_cb function to call on error (i.e. disconnect),
  *        the handle is afterwards invalid
@@ -1179,17 +1179,17 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                                  void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                  void *proc_cls,
                                                  GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                  void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
   struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStartMessage *msg;
@@ -1198,7 +1198,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
   GNUNET_CRYPTO_ecdsa_key_get_public (identity,
                                       &identity_pub);
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1211,7 +1211,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
                                     h->ticket_it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = identity_pub;
   msg->is_audience = htonl (GNUNET_NO);
@@ -1229,7 +1229,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * Lists all tickets that have been issued to remote
  * identites (relying parties)
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param error_cb function to call on error (i.e. disconnect),
  *        the handle is afterwards invalid
@@ -1242,23 +1242,23 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                     const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                     GNUNET_SCHEDULER_TaskCallback error_cb,
                                                     void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                     void *proc_cls,
                                                     GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                     void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStartMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1271,7 +1271,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
                                     h->ticket_it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = *identity;
   msg->is_audience = htonl (GNUNET_YES);
@@ -1286,20 +1286,20 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
 }
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct TicketIterationNextMessage *msg;
   struct GNUNET_MQ_Envelope *env;
 
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT);
   msg->id = htonl (it->r_id);
   GNUNET_MQ_send (h->mq,
                   env);
@@ -1309,21 +1309,21 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStopMessage *msg;
 
   if (NULL != h->mq)
   {
     env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP);
     msg->id = htonl (it->r_id);
     GNUNET_MQ_send (h->mq,
                     env);
@@ -1335,27 +1335,26 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
  * Revoked an issued ticket. The relying party will be unable to retrieve
  * updated attributes.
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param ticket the ticket to revoke
  * @param cb the callback
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                         void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
-  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_RECLAIM_Operation *op;
   struct RevokeTicketMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->rvk_cb = cb;
   op->cls = cb_cls;
@@ -1363,22 +1362,22 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  env = GNUNET_MQ_msg_extra (msg,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET);
+  op->env = GNUNET_MQ_msg_extra (msg,
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET);
   msg->id = htonl (rid);
   msg->identity = *identity;
   GNUNET_memcpy (&msg[1],
                  ticket,
-                 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
-  if (NULL == h->mq)
-    op->env = env;
-  else
+                 sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (NULL != h->mq) {
     GNUNET_MQ_send (h->mq,
-                    env);
+                    op->env);
+    op->env = NULL;
+  }
   return op;
 }
 
 
 
-/* end of identity_provider_api.c */
+/* end of reclaim_api.c */
diff --git a/src/reclaim/test_reclaim.sh b/src/reclaim/test_reclaim.sh
new file mode 100755
index 000000000..311f5382a
--- /dev/null
+++ b/src/reclaim/test_reclaim.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_attribute.sh b/src/reclaim/test_reclaim_attribute.sh
new file mode 100755
index 000000000..39bd715b7
--- /dev/null
+++ b/src/reclaim/test_reclaim_attribute.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+
+#curl localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_consume.sh b/src/reclaim/test_reclaim_consume.sh
new file mode 100755
index 000000000..36c8052d0
--- /dev/null
+++ b/src/reclaim/test_reclaim_consume.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}')
+gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf > /dev/null 2>&1
+
+if test $? != 0
+then
+  "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/tickets/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/identity-provider/test_idp_defaults.conf b/src/reclaim/test_reclaim_defaults.conf
index a9a197dea..a9a197dea 100644
--- a/src/identity-provider/test_idp_defaults.conf
+++ b/src/reclaim/test_reclaim_defaults.conf
diff --git a/src/reclaim/test_reclaim_issue.sh b/src/reclaim/test_reclaim_issue.sh
new file mode 100755
index 000000000..6a71470e1
--- /dev/null
+++ b/src/reclaim/test_reclaim_issue.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf > /dev/null 2>&1
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+#gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_revoke.sh b/src/reclaim/test_reclaim_revoke.sh
new file mode 100755
index 000000000..595752fd8
--- /dev/null
+++ b/src/reclaim/test_reclaim_revoke.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+gnunet-identity -C alice -c test_reclaim.conf
+gnunet-identity -C bob -c test_reclaim.conf
+gnunet-identity -C eve -c test_reclaim.conf
+ALICE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep alice | awk '{print $3}')
+BOB_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep bob | awk '{print $3}')
+EVE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep eve | awk '{print $3}')
+
+gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf 
+gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf
+TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}')
+#gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf
+TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}')
+
+#echo "Consuming $TICKET"
+#gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf
+gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf
+
+#sleep 6
+
+gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf 2&>1 >/dev/null
+if test $? == 0
+then 
+  echo "Eve can still resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+
+gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf 2&>1 >/dev/null
+if test $? != 0
+then
+  echo "Bob cannot resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/rest/Makefile.am b/src/rest/Makefile.am
index ebfb98024..ce0454d53 100644
--- a/src/rest/Makefile.am
+++ b/src/rest/Makefile.am
@@ -29,6 +29,18 @@ libexec_PROGRAMS = \
 EXTRA_DIST = \
  rest.conf
 
+plugin_LTLIBRARIES = libgnunet_plugin_rest_copying.la
+
+libgnunet_plugin_rest_copying_la_SOURCES = \
+  plugin_rest_copying.c
+libgnunet_plugin_rest_copying_la_LIBADD = \
+        $(top_builddir)/src/rest/libgnunetrest.la \
+  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+  $(LTLIBINTL) -lmicrohttpd
+libgnunet_plugin_rest_copying_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
 gnunet_rest_server_SOURCES = \
  gnunet-rest-server.c
 
diff --git a/src/rest/plugin_rest_copying.c b/src/rest/plugin_rest_copying.c
new file mode 100644
index 000000000..668dc5d38
--- /dev/null
+++ b/src/rest/plugin_rest_copying.c
@@ -0,0 +1,231 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2018 GNUnet e.V.
+
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+  
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file gns/plugin_rest_copying.c
+ * @brief REST plugin that serves licensing information.
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include <gnunet_rest_lib.h>
+
+#define GNUNET_REST_API_NS_COPYING "/copying"
+
+#define GNUNET_REST_COPYING_TEXT "GNU Affero General Public License version 3 or later. See also: <http://www.gnu.org/licenses/>"
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+struct RequestHandle
+{
+  /**
+   * Handle to rest request
+   */
+  struct GNUNET_REST_RequestHandle *rest_handle;
+
+  /**
+   * The plugin result processor
+   */
+  GNUNET_REST_ResultProcessor proc;
+
+  /**
+   * The closure of the result processor
+   */
+  void *proc_cls;
+
+  /**
+   * HTTP response code
+   */
+  int response_code;
+
+};
+
+
+/**
+ * Cleanup request handle.
+ *
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cleaning up\n");
+  GNUNET_free (handle);
+}
+
+
+/**
+ * Task run on shutdown.  Cleans up everything.
+ *
+ * @param cls unused
+ * @param tc scheduler context
+ */
+static void
+do_error (void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+
+  resp = GNUNET_REST_create_response (NULL);
+  handle->proc (handle->proc_cls, resp, handle->response_code);
+  cleanup_handle (handle);
+}
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+get_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+
+  resp = GNUNET_REST_create_response (GNUNET_REST_COPYING_TEXT);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+
+  resp = GNUNET_REST_create_response (NULL);
+  MHD_add_response_header (resp,
+                           "Access-Control-Allow-Methods",
+                           MHD_HTTP_METHOD_GET);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+
+
+/**
+ * Function processing the REST call
+ *
+ * @param method HTTP method
+ * @param url URL of the HTTP request
+ * @param data body of the HTTP request (optional)
+ * @param data_size length of the body
+ * @param proc callback function for the result
+ * @param proc_cls closure for @a proc
+ * @return #GNUNET_OK if request accepted
+ */
+static void
+rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle,
+                              GNUNET_REST_ResultProcessor proc,
+                              void *proc_cls)
+{
+  static const struct GNUNET_REST_RequestHandler handlers[] = {
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_COPYING, &get_cont},
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_COPYING, &options_cont},
+    GNUNET_REST_HANDLER_END
+  };
+  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+  struct GNUNET_REST_RequestHandlerError err;
+
+  handle->proc_cls = proc_cls;
+  handle->proc = proc;
+  handle->rest_handle = conndata_handle;
+
+  if (GNUNET_NO == GNUNET_REST_handle_request (conndata_handle,
+                                               handlers,
+                                               &err,
+                                               handle))
+  {
+    handle->response_code = err.error_code;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+  }
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*"
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_copying_init (void *cls)
+{
+  static struct Plugin plugin;
+  cfg = cls;
+  struct GNUNET_REST_Plugin *api;
+
+  if (NULL != plugin.cfg)
+    return NULL;                /* can only initialize once! */
+  memset (&plugin, 0, sizeof (struct Plugin));
+  plugin.cfg = cfg;
+  api = GNUNET_new (struct GNUNET_REST_Plugin);
+  api->cls = &plugin;
+  api->name = GNUNET_REST_API_NS_COPYING;
+  api->process_request = &rest_copying_process_request;
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              _("COPYING REST API initialized\n"));
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_copying_done (void *cls)
+{
+  struct GNUNET_REST_Plugin *api = cls;
+  struct Plugin *plugin = api->cls;
+
+  plugin->cfg = NULL;
+  GNUNET_free (api);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "COPYING REST plugin is finished\n");
+  return NULL;
+}
+
+/* end of plugin_rest_copying.c */
diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c
index 16f23e86c..49714872f 100644
--- a/src/rps/gnunet-rps-profiler.c
+++ b/src/rps/gnunet-rps-profiler.c
@@ -49,7 +49,11 @@ static unsigned bits_needed;
 /**
  * How long do we run the test?
  */
-//#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)
+static struct GNUNET_TIME_Relative duration;
+
+/**
+ * When do we do a hard shutdown?
+ */
 static struct GNUNET_TIME_Relative timeout;
 
 
@@ -446,6 +450,10 @@ struct RPSPeer
    * @brief statistics values
    */
   uint64_t stats[STAT_TYPE_MAX];
+  /**
+   * @brief Handle for the statistics get request
+   */
+  struct GNUNET_STATISTICS_GetHandle *h_stat_get[STAT_TYPE_MAX];
 };
 
 /**
@@ -489,15 +497,16 @@ static unsigned int view_sizes;
 static int ok;
 
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the task that runs after the test to collect results
  */
 static struct GNUNET_SCHEDULER_Task *post_test_task;
 
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the shutdown task
  */
 static struct GNUNET_SCHEDULER_Task *shutdown_task;
 
+
 /**
  * Identifier for the churn task that runs periodically
  */
@@ -874,6 +883,75 @@ static int check_statistics_collect_completed ()
   return GNUNET_YES;
 }
 
+static void
+rps_disconnect_adapter (void *cls,
+                        void *op_result);
+
+static void
+cancel_pending_req (struct PendingRequest *pending_req)
+{
+  struct RPSPeer *rps_peer;
+
+  rps_peer = pending_req->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
+                               rps_peer->pending_req_tail,
+                               pending_req);
+  rps_peer->num_pending_reqs--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling pending rps get request\n");
+  GNUNET_SCHEDULER_cancel (pending_req->request_task);
+  GNUNET_free (pending_req);
+}
+
+static void
+cancel_request (struct PendingReply *pending_rep)
+{
+  struct RPSPeer *rps_peer;
+
+  rps_peer = pending_rep->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
+                               rps_peer->pending_rep_tail,
+                               pending_rep);
+  rps_peer->num_pending_reps--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling rps get reply\n");
+  GNUNET_RPS_request_cancel (pending_rep->req_handle);
+  GNUNET_free (pending_rep);
+}
+
+void
+clean_peer (unsigned peer_index)
+{
+  struct PendingRequest *pending_req;
+
+  while (NULL != (pending_req = rps_peers[peer_index].pending_req_head))
+  {
+    cancel_pending_req (pending_req);
+  }
+  pending_req = rps_peers[peer_index].pending_req_head;
+  rps_disconnect_adapter (&rps_peers[peer_index],
+                          &rps_peers[peer_index].rps_handle);
+  for (unsigned stat_type = STAT_TYPE_ROUNDS;
+       stat_type < STAT_TYPE_MAX;
+       stat_type++)
+  {
+    if (NULL != rps_peers[peer_index].h_stat_get[stat_type])
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "(%u) did not yet receive stat value for `%s'\n",
+                  rps_peers[peer_index].index,
+                  stat_type_2_str (stat_type));
+      GNUNET_STATISTICS_get_cancel (
+          rps_peers[peer_index].h_stat_get[stat_type]);
+    }
+  }
+  if (NULL != rps_peers[peer_index].op)
+  {
+    GNUNET_TESTBED_operation_done (rps_peers[peer_index].op);
+    rps_peers[peer_index].op = NULL;
+  }
+}
+
 /**
  * Task run on timeout to shut everything down.
  */
@@ -881,35 +959,55 @@ static void
 shutdown_op (void *cls)
 {
   unsigned int i;
+  struct OpListEntry *entry;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Shutdown task scheduled, going down.\n");
   in_shutdown = GNUNET_YES;
+
+  if (NULL != shutdown_task)
+  {
+    GNUNET_SCHEDULER_cancel (shutdown_task);
+    shutdown_task = NULL;
+  }
   if (NULL != post_test_task)
   {
     GNUNET_SCHEDULER_cancel (post_test_task);
+    post_test_task = NULL;
   }
   if (NULL != churn_task)
   {
     GNUNET_SCHEDULER_cancel (churn_task);
     churn_task = NULL;
   }
+  entry = oplist_head;
+  while (NULL != (entry = oplist_head))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Operation still pending on shutdown (%u)\n",
+                entry->index);
+    GNUNET_TESTBED_operation_done (entry->op);
+    GNUNET_CONTAINER_DLL_remove (oplist_head, oplist_tail, entry);
+    GNUNET_free (entry);
+  }
   for (i = 0; i < num_peers; i++)
   {
-    if (NULL != rps_peers[i].rps_handle)
-    {
-      GNUNET_RPS_disconnect (rps_peers[i].rps_handle);
-    }
-    if (NULL != rps_peers[i].op)
-    {
-      GNUNET_TESTBED_operation_done (rps_peers[i].op);
-    }
+    clean_peer (i);
   }
 }
 
+static void
+trigger_shutdown (void *cls)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Shutdown was triggerd by timeout, going down.\n");
+  shutdown_task = NULL;
+  GNUNET_SCHEDULER_shutdown ();
+}
+
 
 /**
- * Task run on timeout to collect statistics and potentially shut down.
+ * Task run after #duration to collect statistics and potentially shut down.
  */
 static void
 post_test_op (void *cls)
@@ -919,7 +1017,7 @@ post_test_op (void *cls)
   post_test_task = NULL;
   post_test = GNUNET_YES;
   GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-              "Post test task scheduled, going down.\n");
+              "Post test task scheduled.\n");
   if (NULL != churn_task)
   {
     GNUNET_SCHEDULER_cancel (churn_task);
@@ -943,7 +1041,7 @@ post_test_op (void *cls)
       GNUNET_YES == check_statistics_collect_completed())
   {
     GNUNET_SCHEDULER_cancel (shutdown_task);
-    shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL);
+    shutdown_task = NULL;
     GNUNET_SCHEDULER_shutdown ();
   }
 }
@@ -1030,9 +1128,9 @@ info_cb (void *cb_cls,
  */
 static void
 rps_connect_complete_cb (void *cls,
-                         struct GNUNET_TESTBED_Operation *op,
-                         void *ca_result,
-                         const char *emsg)
+                         struct GNUNET_TESTBED_Operation *op,
+                         void *ca_result,
+                         const char *emsg)
 {
   struct RPSPeer *rps_peer = cls;
   struct GNUNET_RPS_Handle *rps = ca_result;
@@ -1057,7 +1155,9 @@ rps_connect_complete_cb (void *cls,
     return;
   }
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Started client successfully\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Started client successfully (%u)\n",
+              rps_peer->index);
 
   cur_test_run.main_test (rps_peer);
 }
@@ -1075,7 +1175,7 @@ rps_connect_complete_cb (void *cls,
  */
 static void *
 rps_connect_adapter (void *cls,
-                                 const struct GNUNET_CONFIGURATION_Handle *cfg)
+                     const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   struct GNUNET_RPS_Handle *h;
 
@@ -1167,15 +1267,26 @@ stat_complete_cb (void *cls, struct GNUNET_TESTBED_Operation *op,
  */
 static void
 rps_disconnect_adapter (void *cls,
-                                          void *op_result)
+                        void *op_result)
 {
   struct RPSPeer *peer = cls;
   struct GNUNET_RPS_Handle *h = op_result;
+  struct PendingReply *pending_rep;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "disconnect_adapter (%u)\n",
+              peer->index);
   GNUNET_assert (NULL != peer);
-  GNUNET_RPS_disconnect (h);
-  peer->rps_handle = NULL;
+  if (NULL != peer->rps_handle)
+  {
+    while (NULL != (pending_rep = peer->pending_rep_head))
+    {
+      cancel_request (pending_rep);
+    }
+    GNUNET_assert (h == peer->rps_handle);
+    GNUNET_RPS_disconnect (h);
+    peer->rps_handle = NULL;
+  }
 }
 
 
@@ -1219,13 +1330,15 @@ default_reply_handle (void *cls,
     rps_peer->num_recv_ids++;
   }
 
-  if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit)
+  if (GNUNET_YES != post_test) return;
+  if (HAVE_QUICK_QUIT != cur_test_run.have_quick_quit) return;
+  if (0 == evaluate())
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before timeout\n");
-    GNUNET_assert (NULL != post_test_task);
-    GNUNET_SCHEDULER_cancel (post_test_task);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Test succeeded before end of duration\n");
+    if (NULL != post_test_task) GNUNET_SCHEDULER_cancel (post_test_task);
     post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL);
-    GNUNET_assert (NULL!= post_test_task);
+    GNUNET_assert (NULL != post_test_task);
   }
 }
 
@@ -1239,13 +1352,13 @@ request_peers (void *cls)
   struct RPSPeer *rps_peer;
   struct PendingReply *pending_rep;
 
-  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test)
-    return;
   rps_peer = pending_req->rps_peer;
   GNUNET_assert (1 <= rps_peer->num_pending_reqs);
   GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
                                rps_peer->pending_req_tail,
                                pending_req);
+  rps_peer->num_pending_reqs--;
+  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) return;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Requesting one peer\n");
   pending_rep = GNUNET_new (struct PendingReply);
@@ -1258,39 +1371,6 @@ request_peers (void *cls)
                                     rps_peer->pending_rep_tail,
                                     pending_rep);
   rps_peer->num_pending_reps++;
-  rps_peer->num_pending_reqs--;
-}
-
-static void
-cancel_pending_req (struct PendingRequest *pending_req)
-{
-  struct RPSPeer *rps_peer;
-
-  rps_peer = pending_req->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
-                               rps_peer->pending_req_tail,
-                               pending_req);
-  rps_peer->num_pending_reqs--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling pending request\n");
-  GNUNET_SCHEDULER_cancel (pending_req->request_task);
-  GNUNET_free (pending_req);
-}
-
-static void
-cancel_request (struct PendingReply *pending_rep)
-{
-  struct RPSPeer *rps_peer;
-
-  rps_peer = pending_rep->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
-                               rps_peer->pending_rep_tail,
-                               pending_rep);
-  rps_peer->num_pending_reps--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling request\n");
-  GNUNET_RPS_request_cancel (pending_rep->req_handle);
-  GNUNET_free (pending_rep);
 }
 
 
@@ -2261,12 +2341,6 @@ void write_final_stats (void){
          stat_type < STAT_TYPE_MAX;
          stat_type++)
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                 "Add to sum (%" PRIu64 ") %" PRIu64 " of stat type %u - %s\n",
-                  sums[stat_type],
-                  rps_peers[i].stats[stat_type],
-                  stat_type,
-                  stat_type_2_str (stat_type));
       sums[stat_type] += rps_peers[i].stats[stat_type];
     }
   }
@@ -2312,6 +2386,8 @@ post_test_shutdown_ready_cb (void *cls,
 {
   struct STATcls *stat_cls = (struct STATcls *) cls;
   struct RPSPeer *rps_peer = stat_cls->rps_peer;
+
+  rps_peer->h_stat_get[stat_cls->stat_type] = NULL;
   if (GNUNET_OK == success)
   {
     /* set flag that we we got the value */
@@ -2363,6 +2439,7 @@ stat_iterator (void *cls,
 {
   const struct STATcls *stat_cls = (const struct STATcls *) cls;
   struct RPSPeer *rps_peer = (struct RPSPeer *) stat_cls->rps_peer;
+
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got stat value: %s - %" PRIu64 "\n",
       //stat_type_2_str (stat_cls->stat_type),
       name,
@@ -2455,12 +2532,13 @@ void post_profiler (struct RPSPeer *rps_peer)
       stat_cls->stat_type = stat_type;
       rps_peer->file_name_stats =
         store_prefix_file_name (rps_peer->peer_id, "stats");
-      GNUNET_STATISTICS_get (rps_peer->stats_h,
-                             "rps",
-                             stat_type_2_str (stat_type),
-                             post_test_shutdown_ready_cb,
-                             stat_iterator,
-                             (struct STATcls *) stat_cls);
+      rps_peer->h_stat_get[stat_type] = GNUNET_STATISTICS_get (
+          rps_peer->stats_h,
+          "rps",
+          stat_type_2_str (stat_type),
+          post_test_shutdown_ready_cb,
+          stat_iterator,
+          (struct STATcls *) stat_cls);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
           "Requested statistics for %s (peer %" PRIu32 ")\n",
           stat_type_2_str (stat_type),
@@ -2555,6 +2633,8 @@ test_run (void *cls,
     /* Connect all peers to statistics service */
     if (COLLECT_STATISTICS == cur_test_run.have_collect_statistics)
     {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                 "Connecting to statistics service\n");
       rps_peers[i].stat_op =
         GNUNET_TESTBED_service_connect (NULL,
                                         peers[i],
@@ -2569,11 +2649,12 @@ test_run (void *cls,
 
   if (NULL != churn_task)
     GNUNET_SCHEDULER_cancel (churn_task);
-  post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL);
-  timeout = GNUNET_TIME_relative_multiply (timeout, 1 + (0.1 * num_peers));
-  shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
-  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL);
-
+  post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000);
+  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout,
+                                                &trigger_shutdown,
+                                                NULL);
+  GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
 }
 
 
@@ -2609,7 +2690,7 @@ run (void *cls,
   if (0 == cur_test_run.num_requests) cur_test_run.num_requests = 5;
   //cur_test_run.have_churn = HAVE_CHURN;
   cur_test_run.have_churn = HAVE_NO_CHURN;
-  cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
+  cur_test_run.have_quick_quit = HAVE_QUICK_QUIT;
   cur_test_run.have_collect_statistics = COLLECT_STATISTICS;
   cur_test_run.stat_collect_flags = BIT(STAT_TYPE_ROUNDS) |
                                     BIT(STAT_TYPE_BLOCKS) |
@@ -2632,10 +2713,38 @@ run (void *cls,
   /* 'Clean' directory */
   (void) GNUNET_DISK_directory_remove ("/tmp/rps/");
   GNUNET_DISK_directory_create ("/tmp/rps/");
-  if (0 == timeout.rel_value_us)
+  if (0 == duration.rel_value_us)
   {
-    timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+    if (0 == timeout.rel_value_us)
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               (90 * 1.2) +
+                                                 (0.01 * num_peers));
+    }
+    else
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                                (timeout.rel_value_us/1000000)
+                                                  * 0.75);
+    }
   }
+  else
+  {
+    if (0 == timeout.rel_value_us)
+    {
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               ((duration.rel_value_us/1000000)
+                                                  * 1.2) + (0.01 * num_peers));
+    }
+  }
+  GNUNET_assert (duration.rel_value_us < timeout.rel_value_us);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "duration is %lus\n",
+              duration.rel_value_us/1000000);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "timeout is %lus\n",
+              timeout.rel_value_us/1000000);
 
   /* Compute number of bits for representing largest peer id */
   for (bits_needed = 1; (1 << bits_needed) < num_peers; bits_needed++)
@@ -2685,6 +2794,12 @@ main (int argc, char *argv[])
                                gettext_noop ("number of peers to start"),
                                &num_peers),
 
+    GNUNET_GETOPT_option_relative_time ('d',
+                                        "duration",
+                                        "DURATION",
+                                        gettext_noop ("duration of the profiling"),
+                                        &duration),
+
     GNUNET_GETOPT_option_relative_time ('t',
                                         "timeout",
                                         "TIMEOUT",
@@ -2732,7 +2847,6 @@ main (int argc, char *argv[])
   GNUNET_free (rps_peers);
   GNUNET_free (rps_peer_ids);
   GNUNET_CONTAINER_multipeermap_destroy (peer_map);
-  printf ("test -1\n");
   return ret_value;
 }
 
diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c
index 5a75ac55a..21963ee42 100644
--- a/src/rps/gnunet-service-rps.c
+++ b/src/rps/gnunet-service-rps.c
@@ -68,6 +68,7 @@ static struct GNUNET_STATISTICS_Handle *stats;
  */
 static struct GNUNET_PeerIdentity own_identity;
 
+static int in_shutdown = GNUNET_NO;
 
 /**
  * @brief Port used for cadet.
@@ -97,11 +98,6 @@ static struct GNUNET_HashCode port;
 #define unset_peer_flag(peer_ctx, mask) ((peer_ctx->peer_flags) &= ~(mask))
 
 /**
- * Set a channel flag of given channel context.
- */
-#define set_channel_flag(channel_flags, mask) ((*channel_flags) |= (mask))
-
-/**
  * Get channel flag of given channel context.
  */
 #define check_channel_flag_set(channel_flags, mask)\
@@ -164,6 +160,11 @@ struct PendingMessage
 };
 
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx;
+
+/**
  * Struct used to keep track of other peer's status
  *
  * This is stored in a multipeermap.
@@ -181,22 +182,12 @@ struct PeerContext
   /**
    * Channel open to client.
    */
-  struct GNUNET_CADET_Channel *send_channel;
-
-  /**
-   * Flags to the sending channel
-   */
-  uint32_t *send_channel_flags;
+  struct ChannelCtx *send_channel_ctx;
 
   /**
    * Channel open from client.
    */
-  struct GNUNET_CADET_Channel *recv_channel; // unneeded?
-
-  /**
-   * Flags to the receiving channel
-   */
-  uint32_t *recv_channel_flags;
+  struct ChannelCtx *recv_channel_ctx;
 
   /**
    * Array of pending operations on this peer.
@@ -242,6 +233,11 @@ struct PeerContext
   struct PendingMessage *pending_messages_tail;
 
   /**
+   * @brief Task to destroy this context.
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+
+  /**
    * This is pobably followed by 'statistical' data (when we first saw
    * it, how did we get its ID, how many pushes (in a timeinterval),
    * ...)
@@ -265,6 +261,33 @@ struct PeersIteratorCls
 };
 
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx
+{
+  /**
+   * @brief Meant to be used in a DLL
+   */
+  struct ChannelCtx *next;
+  struct ChannelCtx *prev;
+
+  /**
+   * @brief The channel itself
+   */
+  struct GNUNET_CADET_Channel *channel;
+
+  /**
+   * @brief The peer context associated with the channel
+   */
+  struct PeerContext *peer_ctx;
+
+  /**
+   * @brief Scheduled task that will destroy this context
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+};
+
+/**
  * @brief Hashmap of valid peers.
  */
 static struct GNUNET_CONTAINER_MultiPeerMap *valid_peers;
@@ -332,8 +355,6 @@ create_peer_ctx (const struct GNUNET_PeerIdentity *peer)
 
   ctx = GNUNET_new (struct PeerContext);
   ctx->peer_id = *peer;
-  ctx->send_channel_flags = GNUNET_new (uint32_t);
-  ctx->recv_channel_flags = GNUNET_new (uint32_t);
   ret = GNUNET_CONTAINER_multipeermap_put (peer_map, peer, ctx,
       GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
   GNUNET_assert (GNUNET_OK == ret);
@@ -387,8 +408,8 @@ Peers_check_connected (const struct GNUNET_PeerIdentity *peer)
   /* Get the context */
   peer_ctx = get_peer_ctx (peer);
   /* If we have no channel to this peer we don't know whether it's online */
-  if ( (NULL == peer_ctx->send_channel) &&
-       (NULL == peer_ctx->recv_channel) )
+  if ( (NULL == peer_ctx->send_channel_ctx) &&
+       (NULL == peer_ctx->recv_channel_ctx) )
   {
     Peers_unset_peer_flag (peer, Peers_ONLINE);
     return GNUNET_NO;
@@ -575,6 +596,24 @@ handle_peer_pull_reply (void *cls,
 
 /* End declaration of handlers */
 
+/**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx);
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx);
+
 
 /**
  * @brief Get the channel of a peer. If not existing, create.
@@ -610,16 +649,17 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
 
 
   peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "Trying to establish channel to peer %s\n",
          GNUNET_i2s (peer));
     ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
     *ctx_peer = *peer;
-    peer_ctx->send_channel =
+    peer_ctx->send_channel_ctx = add_channel_ctx (peer_ctx);
+    peer_ctx->send_channel_ctx->channel =
       GNUNET_CADET_channel_create (cadet_handle,
-                                   (struct GNUNET_PeerIdentity *) ctx_peer, /* context */
+                                   peer_ctx->send_channel_ctx, /* context */
                                    peer,
                                    &port,
                                    GNUNET_CADET_OPTION_RELIABLE,
@@ -627,8 +667,9 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
                                    cleanup_destroyed_channel, /* Disconnect handler */
                                    cadet_handlers);
   }
-  GNUNET_assert (NULL != peer_ctx->send_channel);
-  return peer_ctx->send_channel;
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx);
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx->channel);
+  return peer_ctx->send_channel_ctx->channel;
 }
 
 
@@ -1045,12 +1086,10 @@ restore_valid_peers ()
  */
 void
 Peers_initialise (char* fn_valid_peers,
-                  struct GNUNET_CADET_Handle *cadet_h,
-                  const struct GNUNET_PeerIdentity *own_id)
+                  struct GNUNET_CADET_Handle *cadet_h)
 {
   filename_valid_peers = GNUNET_strdup (fn_valid_peers);
   cadet_handle = cadet_h;
-  own_identity = *own_id;
   peer_map = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
   valid_peers = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
   restore_valid_peers ();
@@ -1136,14 +1175,12 @@ Peers_get_valid_peers (PeersIterator iterator,
  * @param peer the new #GNUNET_PeerIdentity
  *
  * @return #GNUNET_YES if peer was inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
- *                     peer was #own_identity)
+ *         #GNUNET_NO  otherwise
  */
 int
 Peers_insert_peer (const struct GNUNET_PeerIdentity *peer)
 {
-  if ( (GNUNET_YES == Peers_check_peer_known (peer)) ||
-       (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) )
+  if (GNUNET_YES == Peers_check_peer_known (peer))
   {
     return GNUNET_NO; /* We already know this peer - nothing to do */
   }
@@ -1161,8 +1198,7 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
  *
  * @param peer the peer whose liveliness is to be checked
  * @return #GNUNET_YES if peer had to be inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
- *                     peer was #own_identity)
+ *         #GNUNET_NO  otherwise
  */
 int
 Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
@@ -1170,13 +1206,10 @@ Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
   struct PeerContext *peer_ctx;
   int ret;
 
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
   ret = Peers_insert_peer (peer);
   peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE))
+  if ( (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) &&
+       (NULL == peer_ctx->liveliness_check_pending) )
   {
     check_peer_live (peer_ctx);
   }
@@ -1208,7 +1241,7 @@ Peers_check_removable (const struct GNUNET_PeerIdentity *peer)
   }
 
   peer_ctx = get_peer_ctx (peer);
-  if ( (NULL != peer_ctx->recv_channel) ||
+  if ( (NULL != peer_ctx->recv_channel_ctx) ||
        (NULL != peer_ctx->pending_messages_head) ||
        (GNUNET_NO == check_peer_flag_set (peer_ctx, Peers_PULL_REPLY_PENDING)) )
   {
@@ -1224,6 +1257,46 @@ Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
 int
 Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags);
 
+static void
+destroy_peer (void *cls)
+{
+  struct PeerContext *peer_ctx = cls;
+
+  GNUNET_assert (NULL != peer_ctx);
+  peer_ctx->destruction_task = NULL;
+  Peers_remove_peer (&peer_ctx->peer_id);
+}
+
+static void
+destroy_channel (void *cls);
+
+
+static void
+schedule_channel_destruction (struct ChannelCtx *channel_ctx)
+{
+  GNUNET_assert (NULL != channel_ctx);
+  if (NULL != channel_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    channel_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx);
+  }
+}
+
+
+static void
+schedule_peer_destruction (struct PeerContext *peer_ctx)
+{
+  GNUNET_assert (NULL != peer_ctx);
+  if (NULL != peer_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    peer_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx);
+  }
+}
+
+
 /**
  * @brief Remove peer
  *
@@ -1235,7 +1308,8 @@ int
 Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
 {
   struct PeerContext *peer_ctx;
-  uint32_t *channel_flag;
+
+  GNUNET_assert (NULL != peer_map);
 
   if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer))
   {
@@ -1249,7 +1323,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
        GNUNET_i2s (&peer_ctx->peer_id));
   Peers_unset_peer_flag (peer, Peers_ONLINE);
 
+  /* Clear list of pending operations */
+  // TODO this probably leaks memory
+  //      ('only' the cls to the function. Not sure what to do with it)
   GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0);
+
+  /* Remove all pending messages */
   while (NULL != peer_ctx->pending_messages_head)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -1261,10 +1340,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
                      peer_ctx->liveliness_check_pending,
                      sizeof (struct PendingMessage))) )
       {
+        // TODO this may leak memory
         peer_ctx->liveliness_check_pending = NULL;
       }
     remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES);
   }
+
   /* If we are still waiting for notification whether this peer is live
    * cancel the according task */
   if (NULL != peer_ctx->liveliness_check_pending)
@@ -1277,28 +1358,40 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
     remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
     peer_ctx->liveliness_check_pending = NULL;
   }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-  if (NULL != peer_ctx->send_channel &&
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+
+
+  /* Do we still have to wait for destruction of channels
+   * or issue the destruction? */
+  if (NULL != peer_ctx->send_channel_ctx &&
+      NULL != peer_ctx->send_channel_ctx->destruction_task
+      )
   {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Destroying send channel\n");
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
   }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
-  if (NULL != peer_ctx->recv_channel &&
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+  if (NULL != peer_ctx->recv_channel_ctx &&
+      NULL != peer_ctx->recv_channel_ctx->destruction_task)
   {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Destroying recv channel\n");
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-    peer_ctx->recv_channel = NULL;
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
+  }
+  if (NULL != peer_ctx->recv_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->recv_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
+  }
+  if (NULL != peer_ctx->send_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
   }
 
-  GNUNET_free (peer_ctx->send_channel_flags);
-  GNUNET_free (peer_ctx->recv_channel_flags);
+  if (NULL != peer_ctx->destruction_task)
+  {
+    GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task);
+  }
 
   if (GNUNET_YES != GNUNET_CONTAINER_multipeermap_remove_all (peer_map, &peer_ctx->peer_id))
   {
@@ -1308,7 +1401,6 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
   return GNUNET_YES;
 }
 
-
 /**
  * @brief set flags on a given peer.
  *
@@ -1364,77 +1456,6 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
   return check_peer_flag_set (peer_ctx, flags);
 }
 
-
-/**
- * @brief set flags on a given channel.
- *
- * @param channel the channel to set flags on
- * @param flags the flags
- */
-void
-Peers_set_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  set_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief unset flags on a given channel.
- *
- * @param channel the channel to unset flags on
- * @param flags the flags
- */
-void
-Peers_unset_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  unset_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief Check whether flags on a channel are set.
- *
- * @param channel the channel to check the flag of
- * @param flags the flags to check
- *
- * @return #GNUNET_YES if all given flags are set
- *         #GNUNET_NO  otherwise
- */
-int
-Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  return check_channel_flag_set (channel_flags, flags);
-}
-
-/**
- * @brief Get the flags for the channel in @a role for @a peer.
- *
- * @param peer Peer to get the channel flags for.
- * @param role Role of channel to get flags for
- *
- * @return The flags.
- */
-uint32_t *
-Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
-                        enum Peers_ChannelRole role)
-{
-  const struct PeerContext *peer_ctx;
-
-  peer_ctx = get_peer_ctx (peer);
-  if (Peers_CHANNEL_ROLE_SENDING == role)
-  {
-    return peer_ctx->send_channel_flags;
-  }
-  else if (Peers_CHANNEL_ROLE_RECEIVING == role)
-  {
-    return peer_ctx->recv_channel_flags;
-  }
-  else
-  {
-    GNUNET_assert (0);
-  }
-}
-
 /**
  * @brief Check whether we have information about the given peer.
  *
@@ -1505,7 +1526,7 @@ Peers_check_peer_send_intention (const struct GNUNET_PeerIdentity *peer)
   const struct PeerContext *peer_ctx;
 
   peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->recv_channel)
+  if (NULL != peer_ctx->recv_channel_ctx)
   {
     return GNUNET_YES;
   }
@@ -1530,6 +1551,7 @@ Peers_handle_inbound_channel (void *cls,
 {
   struct PeerContext *peer_ctx;
   struct GNUNET_PeerIdentity *ctx_peer;
+  struct ChannelCtx *channel_ctx;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
       "New channel was established to us (Peer %s).\n",
@@ -1540,19 +1562,22 @@ Peers_handle_inbound_channel (void *cls,
   set_peer_live (peer_ctx);
   ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
   *ctx_peer = *initiator;
+  channel_ctx = add_channel_ctx (peer_ctx);
+  channel_ctx->channel = channel;
   /* We only accept one incoming channel per peer */
   if (GNUNET_YES == Peers_check_peer_send_intention (initiator))
   {
-    set_channel_flag (peer_ctx->recv_channel_flags,
-                      Peers_CHANNEL_ESTABLISHED_TWICE);
-    //GNUNET_CADET_channel_destroy (channel);
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-    peer_ctx->recv_channel = channel;
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+        "Already got one receive channel. Destroying old one.\n");
+    GNUNET_break_op (0);
+    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel);
+    remove_channel_ctx (peer_ctx->recv_channel_ctx);
+    peer_ctx->recv_channel_ctx = channel_ctx;
     /* return the channel context */
-    return ctx_peer;
+    return channel_ctx;
   }
-  peer_ctx->recv_channel = channel;
-  return ctx_peer;
+  peer_ctx->recv_channel_ctx = channel_ctx;
+  return channel_ctx;
 }
 
 
@@ -1574,7 +1599,7 @@ Peers_check_sending_channel_exists (const struct GNUNET_PeerIdentity *peer)
     return GNUNET_NO;
   }
   peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
   {
     return GNUNET_NO;
   }
@@ -1607,12 +1632,14 @@ Peers_check_channel_role (const struct GNUNET_PeerIdentity *peer,
   }
   peer_ctx = get_peer_ctx (peer);
   if ( (Peers_CHANNEL_ROLE_SENDING == role) &&
-       (channel == peer_ctx->send_channel) )
+       (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
   {
     return GNUNET_YES;
   }
   if ( (Peers_CHANNEL_ROLE_RECEIVING == role) &&
-       (channel == peer_ctx->recv_channel) )
+       (NULL != peer_ctx->recv_channel_ctx) &&
+       (channel == peer_ctx->recv_channel_ctx->channel) )
   {
     return GNUNET_YES;
   }
@@ -1642,18 +1669,29 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer)
     return GNUNET_NO;
   }
   peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->send_channel)
+  if (NULL != peer_ctx->send_channel_ctx)
   {
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN);
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
     (void) Peers_check_connected (peer);
     return GNUNET_YES;
   }
   return GNUNET_NO;
 }
 
+static void
+destroy_channel (void *cls)
+{
+  struct ChannelCtx *channel_ctx = cls;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+
+  GNUNET_assert (channel_ctx == peer_ctx->send_channel_ctx ||
+                 channel_ctx == peer_ctx->recv_channel_ctx);
+
+  channel_ctx->destruction_task = NULL;
+  GNUNET_CADET_channel_destroy (channel_ctx->channel);
+  remove_channel_ctx (peer_ctx->send_channel_ctx);
+}
+
 /**
  * This is called when a channel is destroyed.
  *
@@ -1664,9 +1702,9 @@ void
 Peers_cleanup_destroyed_channel (void *cls,
                                  const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
-  struct PeerContext *peer_ctx;
-  uint32_t *channel_flag;
+  struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
 
   if (GNUNET_NO == Peers_check_peer_known (peer))
   {/* We don't want to implicitly create a context that we're about to kill */
@@ -1675,71 +1713,34 @@ Peers_cleanup_destroyed_channel (void *cls,
        GNUNET_i2s (peer));
     return;
   }
-  peer_ctx = get_peer_ctx (peer);
 
   /* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY
    * flag will be set. In this case simply make sure that the channels are
    * cleaned. */
-  /* FIXME This distinction seems to be redundant */
-  if (Peers_check_peer_flag (peer, Peers_TO_DESTROY))
-  {/* We initiatad the destruction of this particular peer */
+  /* The distinction seems to be redundant */
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Peer is NOT in the process of being destroyed\n");
+  if ( (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
+  { /* Something (but us) killd the channel - clean up peer */
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is in the process of being destroyed\n");
-    if (channel == peer_ctx->send_channel)
-    {
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    else if (channel == peer_ctx->recv_channel)
-    {
-      peer_ctx->recv_channel = NULL;
-    }
-
-    if (NULL != peer_ctx->send_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-      channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING);
-      Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING);
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    if (NULL != peer_ctx->recv_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-      channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_RECEIVING);
-      Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING);
-      peer_ctx->recv_channel = NULL;
-    }
-    /* Set the #Peers_ONLINE flag accordingly */
-    (void) Peers_check_connected (peer);
-    return;
+        "send channel (%s) was destroyed - cleaning up\n",
+        GNUNET_i2s (peer));
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
   }
-
-  else
-  { /* We did not initiate the destruction of this peer */
+  else if ( (NULL != peer_ctx->recv_channel_ctx) &&
+       (channel == peer_ctx->recv_channel_ctx->channel) )
+  { /* Other peer doesn't want to send us messages anymore */
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is NOT in the process of being destroyed\n");
-    if (channel == peer_ctx->send_channel)
-    { /* Something (but us) killd the channel - clean up peer */
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-          "send channel (%s) was destroyed - cleaning up\n",
-          GNUNET_i2s (peer));
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    else if (channel == peer_ctx->recv_channel)
-    { /* Other peer doesn't want to send us messages anymore */
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Peer %s destroyed recv channel - cleaning up channel\n",
-           GNUNET_i2s (peer));
-      peer_ctx->recv_channel = NULL;
-    }
-    else
-    {
-      LOG (GNUNET_ERROR_TYPE_WARNING,
-           "unknown channel (%s) was destroyed\n",
-           GNUNET_i2s (peer));
-    }
+         "Peer %s destroyed recv channel - cleaning up channel\n",
+         GNUNET_i2s (peer));
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "unknown channel (%s) was destroyed\n",
+         GNUNET_i2s (peer));
   }
   (void) Peers_check_connected (peer);
 }
@@ -1791,10 +1792,6 @@ Peers_schedule_operation (const struct GNUNET_PeerIdentity *peer,
   struct PeerPendingOp pending_op;
   struct PeerContext *peer_ctx;
 
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
   GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
 
   //TODO if LIVE/ONLINE execute immediately
@@ -1828,7 +1825,7 @@ Peers_get_recv_channel (const struct GNUNET_PeerIdentity *peer)
 
   GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
   peer_ctx = get_peer_ctx (peer);
-  return peer_ctx->recv_channel;
+  return peer_ctx->recv_channel_ctx->channel;
 }
 /***********************************************************************
  * /Old gnunet-service-rps_peers.c
@@ -2489,6 +2486,9 @@ send_pull_reply (const struct GNUNET_PeerIdentity *peer_id,
 
   Peers_send_message (peer_id, ev, "PULL REPLY");
   GNUNET_STATISTICS_update(stats, "# pull reply send issued", 1, GNUNET_NO);
+  // TODO check with send intention: as send_channel is used/opened we indicate
+  // a sending intention without intending it.
+  // -> clean peer afterwards?
 }
 
 
@@ -2621,7 +2621,7 @@ remove_peer (const struct GNUNET_PeerIdentity *peer)
   CustomPeerMap_remove_peer (push_map, peer);
   RPS_sampler_reinitialise_by_value (prot_sampler, peer);
   RPS_sampler_reinitialise_by_value (client_sampler, peer);
-  Peers_remove_peer (peer);
+  schedule_peer_destruction (get_peer_ctx (peer));
 }
 
 
@@ -2665,6 +2665,58 @@ clean_peer (const struct GNUNET_PeerIdentity *peer)
 }
 
 /**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx)
+{
+  struct ChannelCtx *channel_ctx;
+  channel_ctx = GNUNET_new (struct ChannelCtx);
+  channel_ctx->peer_ctx = peer_ctx;
+  return channel_ctx;
+}
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx)
+{
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+  if (NULL != channel_ctx->destruction_task)
+  {
+    GNUNET_SCHEDULER_cancel (channel_ctx->destruction_task);
+  }
+  GNUNET_free (channel_ctx);
+
+  if (channel_ctx == peer_ctx->send_channel_ctx)
+  {
+    peer_ctx->send_channel_ctx = NULL;
+    peer_ctx->mq = NULL;
+  }
+  else if (channel_ctx == peer_ctx->recv_channel_ctx)
+  {
+    peer_ctx->recv_channel_ctx = NULL;
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Trying to remove channel_ctx that is not associated with a peer\n");
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\trecv: %p\n", peer_ctx->recv_channel_ctx);
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\tsend: %p\n", peer_ctx->send_channel_ctx);
+    GNUNET_assert (0);
+  }
+}
+
+/**
  * @brief This is called when a channel is destroyed.
  *
  * Removes peer completely from our knowledge if the send_channel was destroyed
@@ -2680,8 +2732,8 @@ static void
 cleanup_destroyed_channel (void *cls,
                            const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
-  uint32_t *channel_flag;
+  struct ChannelCtx *channel_ctx = cls;
+  struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   struct PeerContext *peer_ctx;
 
   GNUNET_assert (NULL != peer);
@@ -2691,94 +2743,26 @@ cleanup_destroyed_channel (void *cls,
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "channel (%s) without associated context was destroyed\n",
          GNUNET_i2s (peer));
-    GNUNET_free (peer);
+    remove_channel_ctx (channel_ctx);
     return;
   }
 
   peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of recv-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_DESTROING);
-  } else if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of send-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_DESTROING);
-  } else {
-    LOG (GNUNET_ERROR_TYPE_ERROR,
-        "Channel to be destroyed has is neither sending nor receiving role\n");
-  }
 
-  if (GNUNET_YES == Peers_check_peer_flag (peer, Peers_TO_DESTROY))
-  { /* We are in the middle of removing that peer from our knowledge. In this
-       case simply make sure that the channels are cleaned. */
-    Peers_cleanup_destroyed_channel (cls, channel);
-    to_file (file_name_view_log,
-             "-%s\t(cleanup channel, ourself)",
-             GNUNET_i2s_full (peer));
-    GNUNET_free (peer);
-    return;
-  }
+  // What should be done here:
+  //  * cleanup everything related to the channel
+  //    * memory
+  //  * remove peer if necessary
 
-  if (GNUNET_YES ==
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
-  { /* Channel used for sending was destroyed */
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> cleaning send channel -> clean context
-     *  - other peer -> peer probably went down -> remove
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-    if (GNUNET_YES == Peers_check_channel_flag (channel_flag, Peers_CHANNEL_CLEAN))
-    { /* We are about to clean the sending channel. Clean the respective
-       * context */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer destroyed our sending channel that it is supposed to keep
-       * open. It probably went down. Remove it from our knowledge. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      remove_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
-  }
-  else if (GNUNET_YES ==
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  { /* Channel used for receiving was destroyed */
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> peer tried to establish channel twice -> clean context
-     *  - other peer -> peer doesn't want to send us data -> clean
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
-    if (GNUNET_YES ==
-        Peers_check_channel_flag (channel_flag, Peers_CHANNEL_ESTABLISHED_TWICE))
-    { /* Other peer tried to establish a channel to us twice. We do not accept
-       * that. Clean the context. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer doesn't want to send us data anymore. We are free to clean
-       * it. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      clean_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
+  if (peer_ctx->recv_channel_ctx == channel_ctx)
+  {
+    remove_channel_ctx (channel_ctx);
   }
-  else
+  else if (peer_ctx->send_channel_ctx == channel_ctx)
   {
-    LOG (GNUNET_ERROR_TYPE_WARNING,
-        "Destroyed channel is neither sending nor receiving channel\n");
+    remove_channel_ctx (channel_ctx);
+    remove_peer (&peer_ctx->peer_id);
   }
-  GNUNET_free (peer);
 }
 
 /***********************************************************************
@@ -3037,8 +3021,6 @@ handle_client_seed (void *cls,
 
   num_peers = ntohl (msg->num_peers);
   peers = (struct GNUNET_PeerIdentity *) &msg[1];
-  //peers = GNUNET_new_array (num_peers, struct GNUNET_PeerIdentity);
-  //GNUNET_memcpy (peers, &msg[1], num_peers * sizeof (struct GNUNET_PeerIdentity));
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Client seeded peers:\n");
@@ -3053,9 +3035,6 @@ handle_client_seed (void *cls,
 
     got_peer (&peers[i]);
   }
-
-  ////GNUNET_free (peers);
-
   GNUNET_SERVICE_client_continue (cli_ctx->client);
 }
 
@@ -3173,11 +3152,12 @@ static void
 handle_peer_check (void *cls,
                    const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer));
 
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 /**
@@ -3193,7 +3173,8 @@ static void
 handle_peer_push (void *cls,
                   const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
 
   // (check the proof of work (?))
 
@@ -3238,7 +3219,7 @@ handle_peer_push (void *cls,
   CustomPeerMap_put (push_map, peer);
 
   GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 
@@ -3254,7 +3235,8 @@ static void
 handle_peer_pull_request (void *cls,
                           const struct GNUNET_MessageHeader *msg)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   const struct GNUNET_PeerIdentity *view_array;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer));
@@ -3277,7 +3259,7 @@ handle_peer_pull_request (void *cls,
   #endif /* ENABLE_MALICIOUS */
 
   GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
   view_array = View_get_as_array ();
   send_pull_reply (peer, view_array, View_size ());
 }
@@ -3317,7 +3299,8 @@ check_peer_pull_reply (void *cls,
   if (GNUNET_YES != Peers_check_peer_flag (sender, Peers_PULL_REPLY_PENDING))
   {
     LOG (GNUNET_ERROR_TYPE_WARNING,
-        "Received a pull reply from a peer we didn't request one from!\n");
+        "Received a pull reply from a peer (%s) we didn't request one from!\n",
+        GNUNET_i2s (sender));
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
@@ -3334,8 +3317,9 @@ static void
 handle_peer_pull_reply (void *cls,
                         const struct GNUNET_RPS_P2P_PullReplyMessage *msg)
 {
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id;
   const struct GNUNET_PeerIdentity *peers;
-  struct GNUNET_PeerIdentity *sender = cls;
   uint32_t i;
 #ifdef ENABLE_MALICIOUS
   struct AttackedPeer *tmp_att_peer;
@@ -3373,9 +3357,7 @@ handle_peer_pull_reply (void *cls,
       if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (att_peer_set,
                                                                &peers[i])
           && GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (mal_peer_set,
-                                                                  &peers[i])
-          && 0 != GNUNET_CRYPTO_cmp_peer_identity (&peers[i],
-                                                   &own_identity))
+                                                                  &peers[i]))
       {
         tmp_att_peer = GNUNET_new (struct AttackedPeer);
         tmp_att_peer->peer_id = peers[i];
@@ -3387,21 +3369,17 @@ handle_peer_pull_reply (void *cls,
       continue;
     }
     #endif /* ENABLE_MALICIOUS */
-    if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity,
-                                              &peers[i]))
-    {
-      /* Make sure we 'know' about this peer */
-      (void) Peers_insert_peer (&peers[i]);
+    /* Make sure we 'know' about this peer */
+    (void) Peers_insert_peer (&peers[i]);
 
-      if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
-      {
-        CustomPeerMap_put (pull_map, &peers[i]);
-      }
-      else
-      {
-        Peers_schedule_operation (&peers[i], insert_in_pull_map);
-        (void) Peers_issue_peer_liveliness_check (&peers[i]);
-      }
+    if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
+    {
+      CustomPeerMap_put (pull_map, &peers[i]);
+    }
+    else
+    {
+      Peers_schedule_operation (&peers[i], insert_in_pull_map);
+      (void) Peers_issue_peer_liveliness_check (&peers[i]);
     }
   }
 
@@ -3409,7 +3387,7 @@ handle_peer_pull_reply (void *cls,
   clean_peer (sender);
 
   GNUNET_break_op (Peers_check_peer_known (sender));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (sender));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 
@@ -3836,10 +3814,8 @@ do_round (void *cls)
     for (i = 0; i < a_peers; i++)
     {
       peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer)) // TODO
-      { // FIXME if this fails schedule/loop this for later
-        send_push (&peer);
-      }
+      // FIXME if this fails schedule/loop this for later
+      send_push (&peer);
     }
 
     /* Send PULL requests */
@@ -3857,8 +3833,7 @@ do_round (void *cls)
     for (i = first_border; i < second_border; i++)
     {
       peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer) &&
-          GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) // TODO
+      if ( GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING))
       { // FIXME if this fails schedule/loop this for later
         send_pull_request (&peer);
       }
@@ -3955,7 +3930,6 @@ do_round (void *cls)
                "-%s",
                GNUNET_i2s_full (&peers_to_clean[i]));
       clean_peer (&peers_to_clean[i]);
-      //peer_destroy_channel_send (sender);
     }
 
     GNUNET_array_grow (peers_to_clean, peers_to_clean_size, 0);
@@ -4011,7 +3985,6 @@ do_round (void *cls)
          GNUNET_i2s (update_peer));
     insert_in_sampler (NULL, update_peer);
     clean_peer (update_peer); /* This cleans only if it is not in the view */
-    //peer_destroy_channel_send (sender);
   }
 
   for (i = 0; i < CustomPeerMap_size (pull_map); i++)
@@ -4022,7 +3995,6 @@ do_round (void *cls)
     insert_in_sampler (NULL, CustomPeerMap_get_peer_by_index (pull_map, i));
     /* This cleans only if it is not in the view */
     clean_peer (CustomPeerMap_get_peer_by_index (pull_map, i));
-    //peer_destroy_channel_send (sender);
   }
 
 
@@ -4125,6 +4097,8 @@ shutdown_task (void *cls)
   struct ClientContext *client_ctx;
   struct ReplyCls *reply_cls;
 
+  in_shutdown = GNUNET_YES;
+
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "RPS is going down\n");
 
@@ -4369,10 +4343,17 @@ run (void *cls,
                                        NULL, /* WindowSize handler */
                                        cleanup_destroyed_channel, /* Disconnect handler */
                                        cadet_handlers);
+  if (NULL == cadet_port)
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Cadet port `%s' is already in use.\n",
+        GNUNET_APPLICATION_PORT_RPS);
+    GNUNET_assert (0);
+  }
 
 
   peerinfo_handle = GNUNET_PEERINFO_connect (cfg);
-  Peers_initialise (fn_valid_peers, cadet_handle, &own_identity);
+  Peers_initialise (fn_valid_peers, cadet_handle);
   GNUNET_free (fn_valid_peers);
 
   /* Initialise sampler */
diff --git a/src/rps/gnunet-service-rps_custommap.c b/src/rps/gnunet-service-rps_custommap.c
index 42507655b..9e003eb39 100644
--- a/src/rps/gnunet-service-rps_custommap.c
+++ b/src/rps/gnunet-service-rps_custommap.c
@@ -213,7 +213,7 @@ CustomPeerMap_remove_peer (const struct CustomPeerMap *c_peer_map,
     GNUNET_assert (NULL != last_index);
     GNUNET_assert (CustomPeerMap_size (c_peer_map) == *last_index);
     GNUNET_CONTAINER_multihashmap32_put (c_peer_map->hash_map, *index, last_p,
-        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST);
+        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
     GNUNET_CONTAINER_multihashmap32_remove_all (c_peer_map->hash_map, *last_index);
     *last_index = *index;
   }
diff --git a/src/rps/rps-test_util.c b/src/rps/rps-test_util.c
index d47e4952f..08fe96097 100644
--- a/src/rps/rps-test_util.c
+++ b/src/rps/rps-test_util.c
@@ -31,6 +31,17 @@
 
 #define LOG(kind, ...) GNUNET_log_from(kind,"rps-test_util",__VA_ARGS__)
 
+#define B2B_PAT "%c%c%c%c%c%c%c%c"
+#define B2B(byte)  \
+  (byte & 0x80 ? '1' : '0'), \
+  (byte & 0x40 ? '1' : '0'), \
+  (byte & 0x20 ? '1' : '0'), \
+  (byte & 0x10 ? '1' : '0'), \
+  (byte & 0x08 ? '1' : '0'), \
+  (byte & 0x04 ? '1' : '0'), \
+  (byte & 0x02 ? '1' : '0'), \
+  (byte & 0x01 ? '1' : '0')
+
 #ifndef TO_FILE
 #define TO_FILE
 #endif /* TO_FILE */
@@ -155,6 +166,9 @@ to_file_raw (const char *file_name, const char *buf, size_t size_buf)
 
     return;
   }
+  LOG (GNUNET_ERROR_TYPE_WARNING,
+       "Wrote %u bytes raw.\n",
+       size_written);
   if (GNUNET_YES != GNUNET_DISK_file_close (f))
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "Unable to close file\n");
@@ -180,6 +194,8 @@ to_file_raw_unaligned (const char *file_name,
   //  num_bits_buf_unaligned = bits_needed % 8;
   //  return;
   //}
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Was asked to write %u bits\n", bits_needed);
 
   char buf_write[size_buf + 1];
   const unsigned bytes_iter = (0 != bits_needed % 8?
@@ -187,6 +203,14 @@ to_file_raw_unaligned (const char *file_name,
                                bits_needed/8);
   // TODO what if no iteration happens?
   unsigned size_buf_write = 0;
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "num_bits_buf_unaligned: %u\n",
+       num_bits_buf_unaligned);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "ua args: size_buf: %u, bits_needed: %u -> iter: %u\n",
+       size_buf,
+       bits_needed,
+       bytes_iter);
   buf_write[0] = buf_unaligned;
   /* Iterate over input bytes */
   for (unsigned i = 0; i < bytes_iter; i++)
@@ -227,17 +251,57 @@ to_file_raw_unaligned (const char *file_name,
     {
       num_bits_needed_iter = 8;
     }
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed in this iteration: %u\n",
+         num_bits_needed_iter);
     mask_bits_needed_iter = ((char) 1 << num_bits_needed_iter) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask needed bits (current iter): "B2B_PAT"\n",
+         B2B(mask_bits_needed_iter));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "Unaligned byte: "B2B_PAT" (%u bits)\n",
+         B2B(buf_unaligned),
+         num_bits_buf_unaligned);
     byte_input = buf[i];
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "next whole input byte: "B2B_PAT"\n",
+         B2B(byte_input));
     byte_input &= mask_bits_needed_iter;
     num_bits_to_align = 8 - num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "input byte, needed bits: "B2B_PAT"\n",
+         B2B(byte_input));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed to align unaligned bit: %u\n",
+         num_bits_to_align);
     num_bits_to_move  = min (num_bits_to_align, num_bits_needed_iter);
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits of new byte to move: %u\n",
+         num_bits_to_move);
     mask_input_to_move = ((char) 1 << num_bits_to_move) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask of bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(mask_input_to_move));
     bits_to_move = byte_input & mask_input_to_move;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "masked bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(bits_to_move));
     distance_shift_bits = num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "distance needed to shift bits to their correct spot: %u\n",
+         distance_shift_bits);
     bits_moving = bits_to_move << distance_shift_bits;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "shifted, masked bits of new byte being moved: "B2B_PAT"\n",
+         B2B(bits_moving));
     byte_to_fill = buf_unaligned | bits_moving;
-    if (num_bits_buf_unaligned + num_bits_needed_iter > 8)
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "byte being filled: "B2B_PAT"\n",
+         B2B(byte_to_fill));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "pending bytes: %u\n",
+         num_bits_buf_unaligned + num_bits_needed_iter);
+    if (num_bits_buf_unaligned + num_bits_needed_iter >= 8)
     {
       /* buf_unaligned was aligned by filling
        * -> can be written to storage */
@@ -246,10 +310,22 @@ to_file_raw_unaligned (const char *file_name,
 
       /* store the leftover, unaligned bits in buffer */
       mask_input_leftover = mask_bits_needed_iter & (~ mask_input_to_move);
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "mask of leftover bits of new byte: "B2B_PAT"\n",
+           B2B(mask_input_leftover));
       byte_input_leftover = byte_input & mask_input_leftover;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "masked, leftover bits of new byte: "B2B_PAT"\n",
+           B2B(byte_input_leftover));
       num_bits_leftover = num_bits_needed_iter - num_bits_to_move;
-      num_bits_discard = 8 - num_bits_needed_iter;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "number of unaligned bits left: %u\n",
+           num_bits_leftover);
+      //num_bits_discard = 8 - num_bits_needed_iter;
       byte_unaligned_new = byte_input_leftover >> num_bits_to_move;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "new unaligned byte: "B2B_PAT"\n",
+           B2B(byte_unaligned_new));
       buf_unaligned = byte_unaligned_new;
       num_bits_buf_unaligned = num_bits_leftover % 8;
     }
diff --git a/src/transport/test_quota_compliance.c b/src/transport/test_quota_compliance.c
index 0ef3c864a..cd93ff855 100644
--- a/src/transport/test_quota_compliance.c
+++ b/src/transport/test_quota_compliance.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -65,6 +65,8 @@ report ()
   unsigned long long datarate;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   datarate = (total_bytes_recv * 1000 * 1000) / delta;
 
   FPRINTF (stderr,
diff --git a/src/transport/test_transport_api_reliability.c b/src/transport/test_transport_api_reliability.c
index 86e2a7e9d..c6e77bae0 100644
--- a/src/transport/test_transport_api_reliability.c
+++ b/src/transport/test_transport_api_reliability.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -174,6 +174,8 @@ custom_shutdown (void *cls)
 
   /* Calculcate statistics   */
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   rate = (1000LL* 1000ll * total_bytes) / (1024 * delta);
   FPRINTF (stderr,
            "\nThroughput was %llu KiBytes/s\n",
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 8410b7835..fe1f58df7 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
 
 /**
  * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
  *
  * @param key secret key
+ * @param key_len secret key length
  * @param plaintext input plaintext
  * @param plaintext_len length of @a plaintext
  * @param hmac where to store the hmac
  */
 void
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
                     const void *plaintext, size_t plaintext_len,
                     struct GNUNET_HashCode *hmac)
 {
@@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
   {
     gcry_md_reset (md);
   }
-  gcry_md_setkey (md, key->key, sizeof (key->key));
+  gcry_md_setkey (md, key, key_len);
   gcry_md_write (md, plaintext, plaintext_len);
   mc = gcry_md_read (md, GCRY_MD_SHA512);
   GNUNET_assert (NULL != mc);
@@ -399,6 +402,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
 
 
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac)
+{
+  GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+                          plaintext, plaintext_len,
+                          hmac);
+}
+
+
+/**
  * Context for cummulative hashing.
  */
 struct GNUNET_HashContext
diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c
index 6fb6d657f..24f1b18cf 100644
--- a/src/util/dnsparser.c
+++ b/src/util/dnsparser.c
@@ -959,7 +959,7 @@ GNUNET_DNSPARSER_builder_add_name (char *dst,
       GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                   "Invalid DNS name `%s': label with %u characters encountered\n",
                   name,
-                  len);
+                  (unsigned int) len);
       goto fail; /* label too long or empty */
     }
     dst[pos++] = (char) (uint8_t) len;
diff --git a/src/util/scheduler.c b/src/util/scheduler.c
index 93d133d1b..5d3836639 100644
--- a/src/util/scheduler.c
+++ b/src/util/scheduler.c
@@ -965,8 +965,6 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task)
 
   /* scheduler must be running */
   GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert ( (NULL != active_task) ||
-      (GNUNET_NO == task->lifeness) );
   is_fd_task = (NULL != task->fds);
   if (is_fd_task)
   {
@@ -1056,9 +1054,9 @@ GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback tas
 {
   struct GNUNET_SCHEDULER_Task *t;
 
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
-  GNUNET_assert ((NULL != active_task) ||
-                 (GNUNET_SCHEDULER_REASON_STARTUP == reason));
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->read_fd = -1;
   t->write_fd = -1;
@@ -1099,7 +1097,8 @@ GNUNET_SCHEDULER_add_at_with_priority (struct GNUNET_TIME_Absolute at,
   struct GNUNET_SCHEDULER_Task *pos;
   struct GNUNET_SCHEDULER_Task *prev;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->callback = task;
@@ -1286,7 +1285,8 @@ GNUNET_SCHEDULER_add_shutdown (GNUNET_SCHEDULER_TaskCallback task,
 {
   struct GNUNET_SCHEDULER_Task *t;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->callback = task;
@@ -1403,7 +1403,8 @@ add_without_sets (struct GNUNET_TIME_Relative delay,
 {
   struct GNUNET_SCHEDULER_Task *t;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   init_fd_info (t,
@@ -1832,7 +1833,6 @@ GNUNET_SCHEDULER_add_select (enum GNUNET_SCHEDULER_Priority prio,
 
   /* scheduler must be running */
   GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert (NULL != active_task);
   GNUNET_assert (NULL != task);
   int no_rs = (NULL == rs);
   int no_ws = (NULL == ws);
@@ -2022,99 +2022,109 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
     if (timeout.abs_value_us > now.abs_value_us)
     {
       /**
-       * The driver called this function before the current timeout was
-       * reached (and no FD tasks are ready). This can happen in the
-       * rare case when the system time is changed while the driver is
-       * waiting for the timeout, so we handle this gracefully. It might
-       * also be a programming error in the driver though.
+       * The event loop called this function before the current timeout was
+       * reached (and no FD tasks are ready). This is acceptable if
+       *
+       * - the system time was changed while the driver was waiting for
+       *   the timeout
+       * - an external event loop called GNUnet API functions outside of
+       *   the callbacks called in GNUNET_SCHEDULER_do_work and thus 
+       *   wasn't notified about the new timeout
+       *
+       * It might also mean we are busy-waiting because of a programming
+       * error in the external event loop.
        */
       LOG (GNUNET_ERROR_TYPE_DEBUG,
            "GNUNET_SCHEDULER_do_work did not find any ready "
            "tasks and timeout has not been reached yet.\n");
-      return GNUNET_NO;
     }
-    /**
-     * the current timeout was reached but no ready tasks were found,
-     * internal scheduler error!
-     */
-    GNUNET_assert (0);
-  }
-
-  /* find out which task priority level we are going to
-     process this time */
-  max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
-  GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
-  /* yes, p>0 is correct, 0 is "KEEP" which should
-   * always be an empty queue (see assertion)! */
-  for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
-  {
-    pos = ready_head[p];
-    if (NULL != pos)
-      break;
+    else
+    {
+      /**
+       * the current timeout was reached but no ready tasks were found,
+       * internal scheduler error!
+       */
+      GNUNET_assert (0);
+    }
   }
-  GNUNET_assert (NULL != pos);        /* ready_count wrong? */
-
-  /* process all tasks at this priority level, then yield */
-  while (NULL != (pos = ready_head[p]))
+  else
   {
-    GNUNET_CONTAINER_DLL_remove (ready_head[p],
-         ready_tail[p],
-         pos);
-    ready_count--;
-    current_priority = pos->priority;
-    current_lifeness = pos->lifeness;
-    active_task = pos;
-#if PROFILE_DELAYS
-    if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
-        DELAY_THRESHOLD.rel_value_us)
+    /* find out which task priority level we are going to
+       process this time */
+    max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
+    GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
+    /* yes, p>0 is correct, 0 is "KEEP" which should
+     * always be an empty queue (see assertion)! */
+    for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
     {
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Task %p took %s to be scheduled\n",
-           pos,
-           GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
-                                                   GNUNET_YES));
+      pos = ready_head[p];
+      if (NULL != pos)
+        break;
     }
-#endif
-    tc.reason = pos->reason;
-    GNUNET_NETWORK_fdset_zero (sh->rs);
-    GNUNET_NETWORK_fdset_zero (sh->ws);
-    // FIXME: do we have to remove FdInfos from fds if they are not ready?
-    tc.fds_len = pos->fds_len;
-    tc.fds = pos->fds;
-    for (unsigned int i = 0; i != pos->fds_len; ++i)
+    GNUNET_assert (NULL != pos);        /* ready_count wrong? */
+
+    /* process all tasks at this priority level, then yield */
+    while (NULL != (pos = ready_head[p]))
     {
-      struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
-      if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+      GNUNET_CONTAINER_DLL_remove (ready_head[p],
+           ready_tail[p],
+           pos);
+      ready_count--;
+      current_priority = pos->priority;
+      current_lifeness = pos->lifeness;
+      active_task = pos;
+#if PROFILE_DELAYS
+      if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
+          DELAY_THRESHOLD.rel_value_us)
       {
-        GNUNET_NETWORK_fdset_set_native (sh->rs,
-                                         fdi->sock);
+        LOG (GNUNET_ERROR_TYPE_DEBUG,
+             "Task %p took %s to be scheduled\n",
+             pos,
+             GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
+                                                     GNUNET_YES));
       }
-      if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+#endif
+      tc.reason = pos->reason;
+      GNUNET_NETWORK_fdset_zero (sh->rs);
+      GNUNET_NETWORK_fdset_zero (sh->ws);
+      // FIXME: do we have to remove FdInfos from fds if they are not ready?
+      tc.fds_len = pos->fds_len;
+      tc.fds = pos->fds;
+      for (unsigned int i = 0; i != pos->fds_len; ++i)
       {
-        GNUNET_NETWORK_fdset_set_native (sh->ws,
-                                         fdi->sock);
+        struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
+        if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->rs,
+                                           fdi->sock);
+        }
+        if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->ws,
+                                           fdi->sock);
+        }
       }
-    }
-    tc.read_ready = sh->rs;
-    tc.write_ready = sh->ws;
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Running task %p\n",
-         pos);
-    GNUNET_assert (NULL != pos->callback);
-    pos->callback (pos->callback_cls);
-    if (NULL != pos->fds)
-    {
-      int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
-      if (GNUNET_OK != del_result)
+      tc.read_ready = sh->rs;
+      tc.write_ready = sh->ws;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "Running task %p\n",
+           pos);
+      GNUNET_assert (NULL != pos->callback);
+      pos->callback (pos->callback_cls);
+      if (NULL != pos->fds)
       {
-        LOG (GNUNET_ERROR_TYPE_ERROR,
-           "driver could not delete task %p\n", pos);
-        GNUNET_assert (0);
+        int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
+        if (GNUNET_OK != del_result)
+        {
+          LOG (GNUNET_ERROR_TYPE_ERROR,
+             "driver could not delete task %p\n", pos);
+          GNUNET_assert (0);
+        }
       }
+      active_task = NULL;
+      dump_backtrace (pos);
+      destroy_task (pos);
     }
-    active_task = NULL;
-    dump_backtrace (pos);
-    destroy_task (pos);
   }
   shutdown_if_no_lifeness ();
   if (0 == ready_count)
@@ -2164,12 +2174,12 @@ struct GNUNET_SCHEDULER_Handle *
 GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
 {
   struct GNUNET_SCHEDULER_Handle *sh;
-  struct GNUNET_SCHEDULER_Task tsk;
   const struct GNUNET_DISK_FileHandle *pr;
 
-  /* general set-up */
-  GNUNET_assert (NULL == active_task);
+  /* scheduler must not be running */
+  GNUNET_assert (NULL == scheduler_driver);
   GNUNET_assert (NULL == shutdown_pipe_handle);
+  /* general set-up */
   sh = GNUNET_new (struct GNUNET_SCHEDULER_Handle);
   shutdown_pipe_handle = GNUNET_DISK_pipe (GNUNET_NO,
                                            GNUNET_NO,
@@ -2204,10 +2214,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
   /* Setup initial tasks */
   current_priority = GNUNET_SCHEDULER_PRIORITY_DEFAULT;
   current_lifeness = GNUNET_NO;
-  memset (&tsk,
-          0,
-          sizeof (tsk));
-  active_task = &tsk;
   install_parent_control_task =
     GNUNET_SCHEDULER_add_now (&install_parent_control_handler,
                               NULL);
@@ -2217,7 +2223,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
                                     &shutdown_pipe_cb,
                                     NULL);
   current_lifeness = GNUNET_YES;
-  active_task = NULL;
   scheduler_driver->set_wakeup (scheduler_driver->cls,
                                 get_timeout ());
   /* begin main event loop */