92 files changed, 4464 insertions, 3096 deletions

diff --git a/src/Makefile.am b/src/Makefile.am
index 00f30adc3..4ded81891 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,11 +19,13 @@ if HAVE_EXPERIMENTAL
   social 
 #  dv (FTBFS)
 if HAVE_ABE
+if HAVE_JSON
  EXP_DIR += \
     abe \
     credential \
-    identity-attribute \
-    identity-provider 
+    reclaim-attribute \
+    reclaim 
+endif
 endif
 if HAVE_JSON
  EXP_DIR += \
diff --git a/src/arm/test_exponential_backoff.c b/src/arm/test_exponential_backoff.c
index 4a7d51bc7..f15bca2db 100644
--- a/src/arm/test_exponential_backoff.c
+++ b/src/arm/test_exponential_backoff.c
@@ -343,7 +343,10 @@ init ()
   cfg = GNUNET_CONFIGURATION_create ();
   if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg,
                                                "test_arm_api_data.conf"))
+  {
+    GNUNET_CONFIGURATION_destroy (cfg);
     return GNUNET_SYSERR;
+  }
   if (NULL == getcwd (pwd, PATH_MAX))
     return GNUNET_SYSERR;
   GNUNET_assert (0 < GNUNET_asprintf (&binary,
diff --git a/src/cadet/cadet.conf.in b/src/cadet/cadet.conf.in
index 2f4c6a6db..d1ddcb96f 100644
--- a/src/cadet/cadet.conf.in
+++ b/src/cadet/cadet.conf.in
@@ -8,7 +8,7 @@ BINARY = gnunet-service-cadet
 ACCEPT_FROM = 127.0.0.1;
 ACCEPT_FROM6 = ::1;
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-cadet.sock
-UNIX_MATCH_UID = YES
+UNIX_MATCH_UID = NO
 UNIX_MATCH_GID = YES
 
 
diff --git a/src/cadet/cadet_api.c b/src/cadet/cadet_api.c
index 980b9abbf..e2ca461a5 100644
--- a/src/cadet/cadet_api.c
+++ b/src/cadet/cadet_api.c
@@ -841,6 +841,7 @@ handle_mq_error (void *cls,
                                            h);
   GNUNET_MQ_destroy (h->mq);
   h->mq = NULL;
+  GNUNET_assert (NULL == h->reconnect_task);
   h->reconnect_task = GNUNET_SCHEDULER_add_delayed (h->reconnect_time,
                                                     &reconnect_cbk,
                                                     h);
@@ -1253,18 +1254,21 @@ GNUNET_CADET_disconnect (struct GNUNET_CADET_Handle *handle)
 void
 GNUNET_CADET_close_port (struct GNUNET_CADET_Port *p)
 {
-  struct GNUNET_CADET_PortMessage *msg;
-  struct GNUNET_MQ_Envelope *env;
-
   GNUNET_assert (GNUNET_YES ==
                  GNUNET_CONTAINER_multihashmap_remove (p->cadet->ports,
                                                        &p->id,
                                                        p));
-  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE);
-  msg->port = p->id;
-  GNUNET_MQ_send (p->cadet->mq,
-                  env);
+  if (NULL != p->cadet->mq)
+  {
+    struct GNUNET_CADET_PortMessage *msg;
+    struct GNUNET_MQ_Envelope *env;
+
+    env = GNUNET_MQ_msg (msg,
+                         GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE);
+    msg->port = p->id;
+    GNUNET_MQ_send (p->cadet->mq,
+                    env);
+  }
   GNUNET_free_non_null (p->handlers);
   GNUNET_free (p);
 }
diff --git a/src/cadet/gnunet-cadet.c b/src/cadet/gnunet-cadet.c
index d629df9b2..13b04b885 100644
--- a/src/cadet/gnunet-cadet.c
+++ b/src/cadet/gnunet-cadet.c
@@ -231,7 +231,7 @@ shutdown_task (void *cls)
   }
 }
 
-void *
+void
 mq_cb(void *cls)
 {
   listen_stdio ();
diff --git a/src/core/test_core_api_reliability.c b/src/core/test_core_api_reliability.c
index 4cc5b4bcd..c7c71f1f1 100644
--- a/src/core/test_core_api_reliability.c
+++ b/src/core/test_core_api_reliability.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -143,6 +143,8 @@ do_shutdown (void *cls)
   unsigned long long delta;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   FPRINTF (stderr,
            "\nThroughput was %llu kb/s\n",
            total_bytes * 1000000LL / 1024 / delta);
diff --git a/src/core/test_core_quota_compliance.c b/src/core/test_core_quota_compliance.c
index a15105556..caff045f0 100644
--- a/src/core/test_core_quota_compliance.c
+++ b/src/core/test_core_quota_compliance.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -227,7 +227,8 @@ measurement_stop (void *cls)
   running = GNUNET_NO;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
-
+  if (0 == delta)
+    delta = 1;
   throughput_out = total_bytes_sent * 1000000LL / delta;     /* convert to bytes/s */
   throughput_in = total_bytes_recv * 1000000LL / delta;      /* convert to bytes/s */
 
diff --git a/src/datacache/plugin_datacache_sqlite.c b/src/datacache/plugin_datacache_sqlite.c
index 4684e514c..dc4236a8b 100644
--- a/src/datacache/plugin_datacache_sqlite.c
+++ b/src/datacache/plugin_datacache_sqlite.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -749,7 +749,8 @@ libgnunet_plugin_datacache_sqlite_init (void *cls)
                 "  value BLOB NOT NULL,"
                 "  path BLOB DEFAULT '')");
   SQLITE3_EXEC (dbh, "CREATE INDEX idx_hashidx ON ds091 (key,type,expire)");
-  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_prox_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire_only ON ds091 (expire)");
   plugin = GNUNET_new (struct Plugin);
   plugin->env = env;
   plugin->dbh = dbh;
diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c
index 0ec9209da..3b658da92 100644
--- a/src/gns/gns_api.c
+++ b/src/gns/gns_api.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -232,7 +232,6 @@ reconnect (struct GNUNET_GNS_Handle *handle)
                            handle),
     GNUNET_MQ_handler_end ()
   };
-  struct GNUNET_GNS_LookupRequest *lh;
 
   GNUNET_assert (NULL == handle->mq);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -244,7 +243,9 @@ reconnect (struct GNUNET_GNS_Handle *handle)
                                       handle);
   if (NULL == handle->mq)
     return;
-  for (lh = handle->lookup_head; NULL != lh; lh = lh->next)
+  for (struct GNUNET_GNS_LookupRequest *lh = handle->lookup_head;
+       NULL != lh;
+       lh = lh->next)
     GNUNET_MQ_send_copy (handle->mq,
                          lh->env);
 }
diff --git a/src/gns/gnunet-dns2gns.c b/src/gns/gnunet-dns2gns.c
index e6e53d405..8d39e8c53 100644
--- a/src/gns/gnunet-dns2gns.c
+++ b/src/gns/gnunet-dns2gns.c
@@ -269,6 +269,7 @@ dns_result_processor (void *cls,
   }
   request->packet = GNUNET_DNSPARSER_parse ((char*)dns,
                                             r);
+  GNUNET_DNSSTUB_resolve_cancel (request->dns_lookup);
   send_response (request);
 }
 
diff --git a/src/gns/gnunet-gns.c b/src/gns/gnunet-gns.c
index 149c8a7bb..463348ed3 100644
--- a/src/gns/gnunet-gns.c
+++ b/src/gns/gnunet-gns.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -65,8 +65,9 @@ static struct GNUNET_GNS_LookupWithTldRequest *lr;
 /**
  * Global return value.
  * 0 on success (default),
- * 1 on internal failures, 2 on launch failure,
- * 3 if the name is not a GNS-supported TLD,
+ * 1 on internal failures
+ * 2 on launch failure,
+ * 4 if the name is not a GNS-supported TLD,
  */
 static int global_ret;
 
@@ -114,7 +115,7 @@ process_lookup_result (void *cls,
   lr = NULL;
   if (GNUNET_NO == was_gns)
   {
-    global_ret = 3;
+    global_ret = 4; /* not for GNS */
     GNUNET_SCHEDULER_shutdown ();
     return;
   }
@@ -183,7 +184,6 @@ run (void *cls,
     global_ret = 2;
     return;
   }
-
   GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
                                  NULL);
 
diff --git a/src/gns/nss/nss_gns.c b/src/gns/nss/nss_gns.c
index 9c9233d35..58aab47fd 100644
--- a/src/gns/nss/nss_gns.c
+++ b/src/gns/nss/nss_gns.c
@@ -54,121 +54,126 @@
  * @return a nss_status code
  */
 enum nss_status
-_nss_gns_gethostbyname2_r(
-    const char *name,
-    int af,
-    struct hostent * result,
-    char *buffer,
-    size_t buflen,
-    int *errnop,
-    int *h_errnop) {
-
-    struct userdata u;
-    enum nss_status status = NSS_STATUS_UNAVAIL;
-    int i;
-    size_t address_length, l, idx, astart;
-
-    if (af == AF_UNSPEC)
+_nss_gns_gethostbyname2_r(const char *name,
+                          int af,
+                          struct hostent *result,
+                          char *buffer,
+                          size_t buflen,
+                          int *errnop,
+                          int *h_errnop)
+{
+  struct userdata u;
+  enum nss_status status = NSS_STATUS_UNAVAIL;
+  int i;
+  size_t address_length;
+  size_t l;
+  size_t idx;
+  size_t astart;
+
+  if (af == AF_UNSPEC)
 #ifdef NSS_IPV6_ONLY
-        af = AF_INET6;
+    af = AF_INET6;
 #else
-        af = AF_INET;
+  af = AF_INET;
 #endif
 
 #ifdef NSS_IPV4_ONLY
-    if (af != AF_INET)
+  if (af != AF_INET)
 #elif NSS_IPV6_ONLY
-    if (af != AF_INET6)
+  if (af != AF_INET6)
 #else
-    if (af != AF_INET && af != AF_INET6)
+  if ( (af != AF_INET) &&
+       (af != AF_INET6) )
 #endif
-    {
-        *errnop = EINVAL;
-        *h_errnop = NO_RECOVERY;
-
-        goto finish;
-    }
-
-    address_length = af == AF_INET ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t);
-    if (buflen <
-        sizeof(char*)+    /* alias names */
-        strlen(name)+1)  {   /* official name */
-
-        *errnop = ERANGE;
-        *h_errnop = NO_RECOVERY;
-        status = NSS_STATUS_TRYAGAIN;
-
-        goto finish;
-    }
-
-    u.count = 0;
-    u.data_len = 0;
-
-    i = gns_resolve_name(af, name, &u);
-    if (-3 == i)
-      {
-        status = NSS_STATUS_NOTFOUND;
-        goto finish;
-      }
-    if (-2 == i)
-      {
-        status = NSS_STATUS_UNAVAIL;
-        goto finish;
-      }
-    if ( (-1 == i) ||
-         (u.count == 0) )
-      {
-        *errnop = ETIMEDOUT;
-        *h_errnop = HOST_NOT_FOUND;
-        status = NSS_STATUS_NOTFOUND;
-        goto finish;
-      }
-
-
-    /* Alias names */
-    *((char**) buffer) = NULL;
-    result->h_aliases = (char**) buffer;
-    idx = sizeof(char*);
-
-    /* Official name */
-    strcpy(buffer+idx, name);
-    result->h_name = buffer+idx;
-    idx += strlen(name)+1;
-
-    ALIGN(idx);
-
-    result->h_addrtype = af;
-    result->h_length = address_length;
-
-    /* Check if there's enough space for the addresses */
-    if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1)) {
-        *errnop = ERANGE;
-        *h_errnop = NO_RECOVERY;
-        status = NSS_STATUS_TRYAGAIN;
-        goto finish;
-    }
+  {
+    *errnop = EINVAL;
+    *h_errnop = NO_RECOVERY;
+
+    goto finish;
+  }
 
+  address_length = (af == AF_INET) ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t);
+  if (buflen <
+      sizeof(char*)+    /* alias names */
+      strlen(name)+1)
+  {   /* official name */
+    *errnop = ERANGE;
+    *h_errnop = NO_RECOVERY;
+    status = NSS_STATUS_TRYAGAIN;
+
+    goto finish;
+  }
+  u.count = 0;
+  u.data_len = 0;
+  i = gns_resolve_name (af,
+                        name,
+                        &u);
+  if (-3 == i)
+  {
+    status = NSS_STATUS_NOTFOUND;
+    goto finish;
+  }
+  if (-2 == i)
+  {
+    status = NSS_STATUS_UNAVAIL;
+    goto finish;
+  }
+  if ( (-1 == i) ||
+       (u.count == 0) )
+  {
+    *errnop = ETIMEDOUT;
+    *h_errnop = HOST_NOT_FOUND;
+    status = NSS_STATUS_NOTFOUND;
+    goto finish;
+  }
+  /* Alias names */
+  *((char**) buffer) = NULL;
+  result->h_aliases = (char**) buffer;
+  idx = sizeof(char*);
+
+  /* Official name */
+  strcpy (buffer+idx,
+          name);
+  result->h_name = buffer+idx;
+  idx += strlen (name)+1;
+
+  ALIGN(idx);
+
+  result->h_addrtype = af;
+  result->h_length = address_length;
+
+  /* Check if there's enough space for the addresses */
+  if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1))
+  {
+    *errnop = ERANGE;
+    *h_errnop = NO_RECOVERY;
+    status = NSS_STATUS_TRYAGAIN;
+    goto finish;
+  }
     /* Addresses */
-    astart = idx;
-    l = u.count*address_length;
-    if (0 != l)
-      memcpy(buffer+astart, &u.data, l);
-    /* address_length is a multiple of 32bits, so idx is still aligned
-     * correctly */
-    idx += l;
-
-    /* Address array address_length is always a multiple of 32bits */
-    for (i = 0; i < u.count; i++)
-        ((char**) (buffer+idx))[i] = buffer+astart+address_length*i;
-    ((char**) (buffer+idx))[i] = NULL;
-    result->h_addr_list = (char**) (buffer+idx);
-
-    status = NSS_STATUS_SUCCESS;
+  astart = idx;
+  l = u.count*address_length;
+  if (0 != l)
+    memcpy (buffer+astart,
+            &u.data,
+            l);
+  /* address_length is a multiple of 32bits, so idx is still aligned
+   * correctly */
+  idx += l;
+
+  /* Address array address_length is always a multiple of 32bits */
+  for (i = 0; i < u.count; i++)
+    ((char**) (buffer+idx))[i] = buffer+astart+address_length*i;
+  ((char**) (buffer+idx))[i] = NULL;
+  result->h_addr_list = (char**) (buffer+idx);
+
+  status = NSS_STATUS_SUCCESS;
 
 finish:
-    return status;
+  return status;
 }
 
+
 /**
  * The gethostbyname hook executed by nsswitch
  *
@@ -176,29 +181,28 @@ finish:
  * @param result the result hostent
  * @param buffer the result buffer
  * @param buflen length of the buffer
- * @param errnop idk
+ * @param errnop[out] the low-level error code to return to the application
  * @param h_errnop idk
  * @return a nss_status code
  */
 enum nss_status
-_nss_gns_gethostbyname_r (
-    const char *name,
-    struct hostent *result,
-    char *buffer,
-    size_t buflen,
-    int *errnop,
-    int *h_errnop) {
-
-    return _nss_gns_gethostbyname2_r(
-        name,
-        AF_UNSPEC,
-        result,
-        buffer,
-        buflen,
-        errnop,
-        h_errnop);
+_nss_gns_gethostbyname_r (const char *name,
+                          struct hostent *result,
+                          char *buffer,
+                          size_t buflen,
+                          int *errnop,
+                          int *h_errnop)
+{
+  return _nss_gns_gethostbyname2_r (name,
+                                    AF_UNSPEC,
+                                    result,
+                                    buffer,
+                                    buflen,
+                                    errnop,
+                                    h_errnop);
 }
 
+
 /**
  * The gethostbyaddr hook executed by nsswitch
  * We can't do this so we always return NSS_STATUS_UNAVAIL
@@ -209,23 +213,22 @@ _nss_gns_gethostbyname_r (
  * @param result the result hostent
  * @param buffer the result buffer
  * @param buflen length of the buffer
- * @param errnop idk
+ * @param errnop[out] the low-level error code to return to the application
  * @param h_errnop idk
  * @return NSS_STATUS_UNAVAIL
  */
 enum nss_status
-_nss_gns_gethostbyaddr_r(
-    const void* addr,
-    int len,
-    int af,
-    struct hostent *result,
-    char *buffer,
-    size_t buflen,
-    int *errnop,
-    int *h_errnop) {
-
-    *errnop = EINVAL;
-    *h_errnop = NO_RECOVERY;
-    //NOTE we allow to leak this into DNS so no NOTFOUND
-    return NSS_STATUS_UNAVAIL;
+_nss_gns_gethostbyaddr_r (const void* addr,
+                          int len,
+                          int af,
+                          struct hostent *result,
+                          char *buffer,
+                          size_t buflen,
+                          int *errnop,
+                          int *h_errnop)
+{
+  *errnop = EINVAL;
+  *h_errnop = NO_RECOVERY;
+  //NOTE we allow to leak this into DNS so no NOTFOUND
+  return NSS_STATUS_UNAVAIL;
 }
diff --git a/src/gns/nss/nss_gns_query.c b/src/gns/nss/nss_gns_query.c
index 094e25ed5..867ead624 100644
--- a/src/gns/nss/nss_gns_query.c
+++ b/src/gns/nss/nss_gns_query.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -48,14 +48,16 @@ gns_resolve_name (int af,
   {
     if (-1 == asprintf (&cmd,
                         "%s -t AAAA -u %s\n",
-                        "gnunet-gns -r", name))
+                        "gnunet-gns -r",
+                        name))
       return -1;
   }
   else
   {
     if (-1 == asprintf (&cmd,
                         "%s %s\n",
-                        "gnunet-gns -r -u", name))
+                        "gnunet-gns -r -u",
+                        name))
       return -1;
   }
   if (NULL == (p = popen (cmd, "r")))
@@ -63,7 +65,9 @@ gns_resolve_name (int af,
     free (cmd);
     return -1;
   }
-  while (NULL != fgets (line, sizeof(line), p))
+  while (NULL != fgets (line,
+                        sizeof(line),
+                        p))
   {
     if (u->count >= MAX_ENTRIES)
       break;
@@ -72,7 +76,9 @@ gns_resolve_name (int af,
       line[strlen(line)-1] = '\0';
       if (AF_INET == af)
       {
-        if (inet_pton(af, line, &(u->data.ipv4[u->count])))
+        if (inet_pton(af,
+                      line,
+                      &u->data.ipv4[u->count]))
         {
           u->count++;
           u->data_len += sizeof(ipv4_address_t);
@@ -86,7 +92,9 @@ gns_resolve_name (int af,
       }
       else if (AF_INET6 == af)
       {
-        if (inet_pton(af, line, &(u->data.ipv6[u->count])))
+        if (inet_pton(af,
+                      line,
+                      &u->data.ipv6[u->count]))
         {
           u->count++;
           u->data_len += sizeof(ipv6_address_t);
@@ -105,7 +113,10 @@ gns_resolve_name (int af,
   if (4 == ret)
     return -2; /* not for GNS */
   if (3 == ret)
-    return -3; /* timeout */
+    return -3; /* timeout -> not found */
+  if ( (2 == ret) || (1 == ret) )
+    return -2; /* launch failure -> service unavailable */
   return 0;
 }
+
 /* end of nss_gns_query.c */
diff --git a/src/gns/nss/nss_gns_query.h b/src/gns/nss/nss_gns_query.h
index bb04f9004..48cab4b22 100644
--- a/src/gns/nss/nss_gns_query.h
+++ b/src/gns/nss/nss_gns_query.h
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -26,25 +26,30 @@
 /* Maximum number of entries to return */
 #define MAX_ENTRIES 16
 
-typedef struct {
-    uint32_t address;
+typedef struct
+{
+  uint32_t address;
 } ipv4_address_t;
 
-typedef struct {
-    uint8_t address[16];
+
+typedef struct
+{
+  uint8_t address[16];
 } ipv6_address_t;
 
 
-struct userdata {
+struct userdata
+{
   int count;
   int data_len; /* only valid when doing reverse lookup */
   union  {
-      ipv4_address_t ipv4[MAX_ENTRIES];
-      ipv6_address_t ipv6[MAX_ENTRIES];
-      char *name[MAX_ENTRIES];
+    ipv4_address_t ipv4[MAX_ENTRIES];
+    ipv6_address_t ipv6[MAX_ENTRIES];
+    char *name[MAX_ENTRIES];
   } data;
 };
 
+
 /**
  * Wrapper function that uses gnunet-gns cli tool to resolve
  * an IPv4/6 address.
@@ -54,8 +59,9 @@ struct userdata {
  * @param u the userdata (result struct)
  * @return -1 on error else 0
  */
-int gns_resolve_name(int af,
-               const char *name,
-               struct userdata *userdata);
+int
+gns_resolve_name(int af,
+                 const char *name,
+                 struct userdata *userdata);
 
 #endif
diff --git a/src/gns/plugin_rest_gns.c b/src/gns/plugin_rest_gns.c
index 2b729db54..e76a5d116 100644
--- a/src/gns/plugin_rest_gns.c
+++ b/src/gns/plugin_rest_gns.c
@@ -281,6 +281,15 @@ gnsrecord_to_json (const struct GNUNET_GNSRECORD_Data *rd)
   return record_obj;
 }
 
+
+static void
+do_cleanup (void *cls)
+{
+  struct LookupHandle *handle = cls;
+  cleanup_handle (handle);
+}
+
+
 /**
  * Function called with the result of a GNS lookup.
  *
@@ -325,7 +334,7 @@ process_lookup_result (void *cls, uint32_t rd_count,
   resp = GNUNET_REST_create_response (result);
   handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
   GNUNET_free (result);
-  cleanup_handle (handle);
+  GNUNET_SCHEDULER_add_now (&do_cleanup, handle);
 }
 
 
diff --git a/src/gnsrecord/plugin_gnsrecord_dns.c b/src/gnsrecord/plugin_gnsrecord_dns.c
index 188afcae7..254ae15ea 100644
--- a/src/gnsrecord/plugin_gnsrecord_dns.c
+++ b/src/gnsrecord/plugin_gnsrecord_dns.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -463,7 +463,7 @@ dns_string_to_value (void *cls,
       }
       cert_size = GNUNET_STRINGS_base64_decode (certp,
                                                 strlen (certp),
-                                                &cert_data);
+                                                (void **) &cert_data);
       GNUNET_free (sdup);
       cert.cert_type = type;
       cert.cert_tag = key;
diff --git a/src/identity-provider/identity-token.conf b/src/identity-provider/identity-token.conf
deleted file mode 100644
index f29f6cdf3..000000000
--- a/src/identity-provider/identity-token.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[identity-token]
-BINARY=gnunet-service-identity-token
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c
deleted file mode 100644
index 1a984f7b5..000000000
--- a/src/identity-provider/jwt.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
-      This file is part of GNUnet
-      Copyright (C) 2010-2015 GNUnet e.V.
-
-      GNUnet is free software: you can redistribute it and/or modify it
-      under the terms of the GNU Affero General Public License as published
-      by the Free Software Foundation, either version 3 of the License,
-      or (at your option) any later version.
-
-      GNUnet is distributed in the hope that it will be useful, but
-      WITHOUT ANY WARRANTY; without even the implied warranty of
-      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-      Affero General Public License for more details.
-     
-      You should have received a copy of the GNU Affero General Public License
-      along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * @file identity-provider/jwt.c
- * @brief helper library for JSON-Web-Tokens
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include <jansson.h>
-
-
-#define JWT_ALG "alg"
-
-/*TODO is this the correct way to define new algs? */
-#define JWT_ALG_VALUE "urn:org:gnunet:jwt:alg:ecdsa:ed25519"
-
-#define JWT_TYP "typ"
-
-#define JWT_TYP_VALUE "jwt"
-
-//TODO change server address
-#define SERVER_ADDRESS "https://localhost"
-
-static char*
-create_jwt_header(void)
-{
-  json_t *root;
-  char *json_str;
-
-  root = json_object ();
-  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
-  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
-
-  json_str = json_dumps (root, JSON_INDENT(1));
-  json_decref (root);
-  return json_str;
-}
-
-/**
- * Create a JWT from attributes
- *
- * @param aud_key the public of the subject
- * @param attrs the attribute list
- * @param priv_key the key used to sign the JWT
- * @return a new base64-encoded JWT string.
- */
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
-{
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_CRYPTO_EcdsaPublicKey sub_key;
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
-  char* audience;
-  char* subject;
-  char* header;
-  char* padding;
-  char* body_str;
-  char* result;
-  char* header_base64;
-  char* body_base64;
-  char* signature_target;
-  char* signature_base64;
-  char* attr_val_str;
-  json_t* body;
-
-  //exp REQUIRED time expired from config
-  //iat REQUIRED time now
-  //auth_time only if max_age
-  //nonce only if nonce
-  // OPTIONAL acr,amr,azp
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &sub_key);
-  /* TODO maybe we should use a local identity here */
-  subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
-                                                sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
-                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  header = create_jwt_header ();
-  body = json_object ();
-  /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
-  //iss REQUIRED case sensitive server uri with https
-  json_object_set_new (body,
-                       "iss", json_string (SERVER_ADDRESS));
-  //sub REQUIRED public key identity, not exceed 255 ASCII  length
-  json_object_set_new (body,
-                       "sub", json_string (subject));
-  /* TODO what should be in here exactly? */
-  //aud REQUIRED public key client_id must be there
-  json_object_set_new (body,
-                       "aud", json_string (audience));
-  for (le = attrs->list_head; NULL != le; le = le->next)
-  {
-    /**
-     * TODO here we should have a function that
-     * calls the Attribute plugins to create a
-     * json representation for its value
-     */
-    attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
-                                                              le->claim->data,
-                                                              le->claim->data_size);
-    json_object_set_new (body,
-                         le->claim->name,
-                         json_string (attr_val_str));
-    GNUNET_free (attr_val_str);
-  }
-  body_str = json_dumps (body, JSON_INDENT(0));
-  json_decref (body);
-
-  GNUNET_STRINGS_base64_encode (header,
-                                strlen (header),
-                                &header_base64);
-  //Remove GNUNET padding of base64
-  padding = strtok(header_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-
-  GNUNET_STRINGS_base64_encode (body_str,
-                                strlen (body_str),
-                                &body_base64);
-
-  //Remove GNUNET padding of base64
-  padding = strtok(body_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-
-  GNUNET_free (subject);
-  GNUNET_free (audience);
-
-  /**
-   * TODO
-   * Creating the JWT signature. This might not be
-   * standards compliant, check.
-   */
-  GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
-
-  purpose =
-    GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-                   strlen (signature_target));
-  purpose->size =
-    htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
-  purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
-  GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
-  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
-                                             purpose,
-                                             (struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
-  {
-    GNUNET_free (signature_target);
-    GNUNET_free (body_str);
-    GNUNET_free (body_base64);
-    GNUNET_free (header_base64);
-    GNUNET_free (purpose);
-    return NULL;
-  }
-  GNUNET_STRINGS_base64_encode ((const char*)&signature,
-                                sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
-                                &signature_base64);
-  GNUNET_asprintf (&result, "%s.%s.%s",
-                   header_base64, body_base64, signature_base64);
-
-  GNUNET_free (signature_target);
-  GNUNET_free (header);
-  GNUNET_free (body_str);
-  GNUNET_free (signature_base64);
-  GNUNET_free (body_base64);
-  GNUNET_free (header_base64);
-  GNUNET_free (purpose);
-  return result;
-}
diff --git a/src/identity-provider/jwt.h b/src/identity-provider/jwt.h
deleted file mode 100644
index 072958973..000000000
--- a/src/identity-provider/jwt.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef JWT_H
-#define JWT_H
-
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key);
-
-#endif
diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf
deleted file mode 100644
index 3e4df561a..000000000
--- a/src/identity-provider/test_idp.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-@INLINE@ test_idp_defaults.conf
-
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-peer-1/
-
-[dht]
-START_ON_DEMAND = YES
-
-[rest]
-START_ON_DEMAND = YES
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog
-
-[transport]
-PLUGINS =
-
-[identity-provider]
-START_ON_DEMAND = YES
-#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog
-
-[gns]
-#PREFIX = valgrind --leak-check=full --track-origins=yes
-START_ON_DEMAND = YES
-AUTO_IMPORT_PKEY = YES
-MAX_PARALLEL_BACKGROUND_QUERIES = 10
-DEFAULT_LOOKUP_TIMEOUT = 15 s
-RECORD_PUT_INTERVAL = 1 h
-ZONE_PUBLISH_TIME_WINDOW = 1 h
-DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
-
-[identity-rest-plugin]
-address = http://localhost:8000/#/login
-psw = mysupersecretpassword
-expiration_time = 3600
diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh
deleted file mode 100755
index 598d1008c..000000000
--- a/src/identity-provider/test_idp.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-gnunet-idp -e testego -D -c test_idp.conf
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh
deleted file mode 100755
index 7f0f06dac..000000000
--- a/src/identity-provider/test_idp_attribute.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-
-#curl localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh
deleted file mode 100755
index 11f6865a4..000000000
--- a/src/identity-provider/test_idp_consume.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
-gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1
-
-if test $? != 0
-then
-  "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/tickets/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh
deleted file mode 100755
index 90487ee73..000000000
--- a/src/identity-provider/test_idp_issue.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-#gnunet-idp -e testego -D -c test_idp.conf
-gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh
deleted file mode 100755
index 7a3f5d030..000000000
--- a/src/identity-provider/test_idp_revoke.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-gnunet-identity -C alice -c test_idp.conf
-gnunet-identity -C bob -c test_idp.conf
-gnunet-identity -C eve -c test_idp.conf
-ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}')
-BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
-EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-
-gnunet-idp -e alice -E 15s -a email -V john@doe.gnu -c test_idp.conf 
-gnunet-idp -e alice -E 15s -a name -V John -c test_idp.conf
-TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}')
-#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
-TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}')
-
-#echo "Consuming $TICKET"
-#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
-gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
-
-#sleep 6
-
-gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf 2&>1 >/dev/null
-if test $? == 0
-then 
-  echo "Eve can still resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-
-gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf 2&>1 >/dev/null
-if test $? != 0
-then
-  echo "Bob cannot resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index 6b8e21806..266f5ccc3 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -371,11 +371,12 @@ handle_get_default_message (void *cls,
   struct GNUNET_MQ_Envelope *env;
   struct GNUNET_SERVICE_Client *client = cls;
   struct Ego *ego;
-  const char *name;
+  char *name;
   char *identifier;
 
 
-  name = (const char *) &gdm[1];
+  name = GNUNET_strdup ((const char *) &gdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &gdm[1], name);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received GET_DEFAULT for service `%s' from client\n",
               name);
@@ -387,6 +388,7 @@ handle_get_default_message (void *cls,
   {
     send_result_code (client, 1, gettext_noop ("no default known"));
     GNUNET_SERVICE_client_continue (client);
+    GNUNET_free (name);
     return;
   }
   for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -399,6 +401,7 @@ handle_get_default_message (void *cls,
       GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), env);
       GNUNET_SERVICE_client_continue (client);
       GNUNET_free (identifier);
+      GNUNET_free (name);
       return;
     }
   }
@@ -406,6 +409,7 @@ handle_get_default_message (void *cls,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Failed to find ego `%s'\n",
               name);
+  GNUNET_free (name);
   send_result_code (client, 1,
                     gettext_noop ("default configured, but ego unknown (internal error)"));
   GNUNET_SERVICE_client_continue (client);
@@ -477,9 +481,11 @@ handle_set_default_message (void *cls,
 {
   struct Ego *ego;
   struct GNUNET_SERVICE_Client *client = cls;
-  const char *str;
+  char *str;
+
+  str = GNUNET_strdup ((const char *) &sdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &sdm[1], str);
 
-  str = (const char *) &sdm[1];
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received SET_DEFAULT for service `%s' from client\n",
               str);
@@ -500,10 +506,12 @@ handle_set_default_message (void *cls,
                     subsystem_cfg_file);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
       return;
     }
   }
   send_result_code (client, 1, _("Unknown ego specified for service (internal error)"));
+  GNUNET_free (str);
   GNUNET_SERVICE_client_continue (client);
 }
 
@@ -585,12 +593,13 @@ handle_create_message (void *cls,
 {
   struct GNUNET_SERVICE_Client *client = cls;
   struct Ego *ego;
-  const char *str;
+  char *str;
   char *fn;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received CREATE message from client\n");
-  str = (const char *) &crm[1];
+  str = GNUNET_strdup ((const char *) &crm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &crm[1], str);
   for (ego = ego_head; NULL != ego; ego = ego->next)
   {
     if (0 == strcmp (ego->identifier,
@@ -598,6 +607,7 @@ handle_create_message (void *cls,
     {
       send_result_code (client, 1, gettext_noop ("identifier already in use for another ego"));
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
       return;
     }
   }
@@ -620,6 +630,7 @@ handle_create_message (void *cls,
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
                               "write", fn);
   GNUNET_free (fn);
+  GNUNET_free (str);
   notify_listeners (ego);
   GNUNET_SERVICE_client_continue (client);
 }
@@ -726,18 +737,22 @@ handle_rename_message (void *cls,
 {
   uint16_t old_name_len;
   struct Ego *ego;
-  const char *old_name;
-  const char *new_name;
+  char *old_name;
+  char *new_name;
   struct RenameContext rename_ctx;
   struct GNUNET_SERVICE_Client *client = cls;
   char *fn_old;
   char *fn_new;
+  const char *old_name_tmp;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received RENAME message from client\n");
   old_name_len = ntohs (rm->old_name_len);
-  old_name = (const char *) &rm[1];
-  new_name = &old_name[old_name_len];
+  old_name_tmp = (const char *) &rm[1];
+  old_name = GNUNET_strdup (old_name_tmp);
+  GNUNET_STRINGS_utf8_tolower (old_name_tmp, old_name);
+  new_name = GNUNET_strdup (&old_name_tmp[old_name_len]);
+  GNUNET_STRINGS_utf8_tolower (&old_name_tmp[old_name_len], old_name);
 
   /* check if new name is already in use */
   for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -747,6 +762,8 @@ handle_rename_message (void *cls,
     {
       send_result_code (client, 1, gettext_noop ("target name already exists"));
       GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
       return;
     }
   }
@@ -776,6 +793,8 @@ handle_rename_message (void *cls,
         GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "rename", fn_old);
       GNUNET_free (fn_old);
       GNUNET_free (fn_new);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
       notify_listeners (ego);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
@@ -785,6 +804,8 @@ handle_rename_message (void *cls,
 
   /* failed to locate old name */
   send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (old_name);
+  GNUNET_free (new_name);
   GNUNET_SERVICE_client_continue (client);
 }
 
@@ -868,13 +889,15 @@ handle_delete_message (void *cls,
                        const struct DeleteMessage *dm)
 {
   struct Ego *ego;
-  const char *name;
+  char *name;
   char *fn;
   struct GNUNET_SERVICE_Client *client = cls;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received DELETE message from client\n");
-  name = (const char *) &dm[1];
+  name = GNUNET_strdup ((const char *) &dm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &dm[1], name);
+
   for (ego = ego_head; NULL != ego; ego = ego->next)
   {
     if (0 == strcmp (ego->identifier,
@@ -901,6 +924,7 @@ handle_delete_message (void *cls,
       notify_listeners (ego);
       GNUNET_free (ego->pk);
       GNUNET_free (ego);
+      GNUNET_free (name);
       send_result_code (client, 0, NULL);
       GNUNET_SERVICE_client_continue (client);
       return;
@@ -908,6 +932,7 @@ handle_delete_message (void *cls,
   }
 
   send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (name);
   GNUNET_SERVICE_client_continue (client);
 }
 
diff --git a/src/identity/identity_api_lookup.c b/src/identity/identity_api_lookup.c
index 593a5dbb0..25aec8ede 100644
--- a/src/identity/identity_api_lookup.c
+++ b/src/identity/identity_api_lookup.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -131,6 +131,12 @@ GNUNET_IDENTITY_ego_lookup (const struct GNUNET_CONFIGURATION_Handle *cfg,
   el->identity = GNUNET_IDENTITY_connect (cfg,
                                           &identity_cb,
                                           el);
+  if (NULL == el->identity)
+  {
+    GNUNET_free (el->name);
+    GNUNET_free (el);
+    return NULL;
+  }
   return el;
 }
 
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index 52685c52e..355d75fd9 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -436,13 +436,6 @@ ego_info_response (struct GNUNET_REST_RequestHandle *con,
     json_decref (name_str);
     GNUNET_JSONAPI_document_resource_add (json_document, json_resource);
   }
-  if (0 == GNUNET_JSONAPI_document_resource_count (json_document))
-  {
-    GNUNET_JSONAPI_document_delete (json_document);
-    handle->emsg = GNUNET_strdup ("No identities found!");
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
-  }
   GNUNET_JSONAPI_document_serialize (json_document, &result_str);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
   resp = GNUNET_REST_create_response (result_str);
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 08e9dd156..41b2b1382 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -66,7 +66,7 @@ gnunetinclude_HEADERS = \
   gnunet_hello_lib.h \
   gnunet_helper_lib.h \
   gnunet_identity_service.h \
-  gnunet_identity_provider_service.h \
+  gnunet_reclaim_service.h \
   gnunet_json_lib.h \
   gnunet_jsonapi_lib.h \
   gnunet_jsonapi_util.h \
diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h
index d380c9b03..554d4488b 100644
--- a/src/include/gnunet_abe_lib.h
+++ b/src/include/gnunet_abe_lib.h
@@ -87,7 +87,7 @@ GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key,
  * Delete a CP-ABE key.
  *
  * @param key the key to delete
- * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe)
+ * @param delete_pub GNUNET_YES if the public key should also be freed (bug in gabe)
  * @return fresh private key; free using #GNUNET_free
  */
 void
diff --git a/src/include/gnunet_common.h b/src/include/gnunet_common.h
index b4bf5b0aa..1b982cc15 100644
--- a/src/include/gnunet_common.h
+++ b/src/include/gnunet_common.h
@@ -1074,7 +1074,7 @@ GNUNET_ntoh_double (double d);
  * @param tsize the target size for the resulting vector, use 0 to
  *        free the vector (then, arr will be NULL afterwards).
  */
-#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&arr, sizeof(arr[0]), &size, tsize, __FILE__, __LINE__)
+#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&(arr), sizeof((arr)[0]), &size, tsize, __FILE__, __LINE__)
 
 /**
  * @ingroup memory
@@ -1089,7 +1089,7 @@ GNUNET_ntoh_double (double d);
  *        array size
  * @param element the element that will be appended to the array
  */
-#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); arr[size-1] = element; } while(0)
+#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); (arr)[size-1] = element; } while(0)
 
 /**
  * @ingroup memory
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 0bffef212..8a591fa09 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -206,14 +206,15 @@ struct GNUNET_CRYPTO_EcdsaSignature
 
 
 /**
- * Public ECC key (always for Curve25519) encoded in a format suitable
- * for network transmission and EdDSA signatures.
+ * Public ECC key (always for curve Ed25519) encoded in a format
+ * suitable for network transmission and EdDSA signatures.
  */
 struct GNUNET_CRYPTO_EddsaPublicKey
 {
   /**
-   * Q consists of an x- and a y-value, each mod p (256 bits), given
-   * here in affine coordinates and Ed25519 standard compact format.
+   * Point Q consists of a y-value mod p (256 bits); the x-value is
+   * always positive. The point is stored in Ed25519 standard
+   * compact format.
    */
   unsigned char q_y[256 / 8];
 
@@ -725,6 +726,23 @@ GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
 
 
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac);
+
+
+/**
  * @ingroup hash
  * Calculate HMAC of a message (RFC 2104)
  *
diff --git a/src/include/gnunet_dnsparser_lib.h b/src/include/gnunet_dnsparser_lib.h
index ba1392510..0fc6ac19c 100644
--- a/src/include/gnunet_dnsparser_lib.h
+++ b/src/include/gnunet_dnsparser_lib.h
@@ -82,6 +82,7 @@
 #define GNUNET_DNSPARSER_TYPE_OPENPGPKEY 61
 #define GNUNET_DNSPARSER_TYPE_TKEY 249
 #define GNUNET_DNSPARSER_TYPE_TSIG 250
+#define GNUNET_DNSPARSER_TYPE_ALL 255
 #define GNUNET_DNSPARSER_TYPE_URI 256
 #define GNUNET_DNSPARSER_TYPE_TA 32768
 
@@ -840,6 +841,58 @@ GNUNET_DNSPARSER_parse_srv (const char *udp_payload,
                             size_t udp_payload_length,
                             size_t *off);
 
+/* ***************** low-level duplication API ******************** */
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_Record *
+GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SoaRecord *
+GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_MxRecord *
+GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SrvRecord *
+GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r);
+
+
 /* ***************** low-level deallocation API ******************** */
 
 /**
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 20846238b..693cc6cdb 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -132,6 +132,16 @@ extern "C"
 #define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551
 
 /**
+ * Record type for reclaim OIDC clients
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552
+
+/**
+ * Record type for reclaim OIDC redirect URIs
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553
+
+/**
  * Flags that can be set for a record.
  */
 enum GNUNET_GNSRECORD_Flags
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 36aa424b4..4400db7e1 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2656,35 +2656,35 @@ extern "C"
  *
  * IDENTITY PROVIDER MESSAGE TYPES
  */
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE 961
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE 962
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START 963
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP 964
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT 965
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT 966
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET 967
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT 968
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET 969
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT 970
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET 971
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT 972
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START 973
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP 974
 
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT 975
 
 /**************************************************
  *
diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_reclaim_attribute_lib.h
index eb01f7ac2..df5356d76 100644
--- a/src/include/gnunet_identity_attribute_lib.h
+++ b/src/include/gnunet_reclaim_attribute_lib.h
@@ -25,8 +25,8 @@
  * @defgroup identity-provider  Identity Provider service
  * @{
  */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H
-#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H
+#define GNUNET_RECLAIM_ATTRIBUTE_LIB_H
 
 #ifdef __cplusplus
 extern "C"
@@ -42,19 +42,19 @@ extern "C"
 /**
  * No value attribute.
  */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_NONE 0
 
 /**
  * String attribute.
  */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING 1
 
 
 
 /**
  * An attribute.
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim
 {
   /**
    * The name of the attribute. Note "name" must never be individually
@@ -86,35 +86,35 @@ struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 
 };
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList
 {
   /**
    * List head
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_head;
 
   /**
    * List tail
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_tail;
 };
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry
 {
   /**
    * DLL
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *prev;
 
   /**
    * DLL
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *next;
 
   /**
    * The attribute claim
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
 };
 
 /**
@@ -126,8 +126,8 @@ struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
  * @param data_size the attribute value size
  * @return the new attribute
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
                                      uint32_t type,
                                      const void* data,
                                      size_t data_size);
@@ -141,13 +141,13 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
  * @return the required buffer size
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                                     const char* attr_name,
                                     uint32_t type,
                                     const void* data,
@@ -162,7 +162,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
  * @return length of serialized data
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                      char *result);
 
 /**
@@ -173,8 +173,8 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
  *
  * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                             size_t data_size);
 
 
@@ -186,7 +186,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
  * @return the required buffer size
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
 
 
 
@@ -199,7 +199,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
  * @return length of serialized data
  */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                      char *result);
 
 /**
@@ -210,12 +210,12 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
  *
  * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                        size_t data_size);
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 /**
  * Convert a type name to the corresponding number
@@ -224,7 +224,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
  * @return corresponding number, UINT32_MAX on error
  */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename);
 
 /**
  * Convert human-readable version of a 'claim' of an attribute to the binary
@@ -237,7 +237,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                            const char *s,
                                            void **data,
                                            size_t *data_size);
@@ -251,7 +251,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
  * @return NULL on error, otherwise human-readable representation of the claim
  */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                            const void* data,
                                            size_t data_size);
 
@@ -262,7 +262,7 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
  * @return corresponding typestring, NULL on error
  */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type);
 
 
 #if 0                           /* keep Emacsens' auto-indent happy */
@@ -273,9 +273,9 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
 #endif
 
 
-/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */
+/* ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H */
 #endif
 
 /** @} */ /* end of group identity */
 
-/* end of gnunet_identity_attribute_lib.h */
+/* end of gnunet_reclaim_attribute_lib.h */
diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_reclaim_attribute_plugin.h
index 7c399c616..cf0bb141a 100644
--- a/src/include/gnunet_identity_attribute_plugin.h
+++ b/src/include/gnunet_reclaim_attribute_plugin.h
@@ -26,11 +26,11 @@
  * Plugin API for the idp database backend
  * @{
  */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
-#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
+#define GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -51,7 +51,7 @@ extern "C"
  * @param data_size number of bytes in @a data
  * @return NULL on error, otherwise human-readable representation of the value
  */
-typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
+typedef char * (*GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction) (void *cls,
                                                           uint32_t type,
                                                           const void *data,
                                                           size_t data_size);
@@ -69,7 +69,7 @@ typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
  * @param data_size set to number of bytes in @a data
  * @return #GNUNET_OK on success
  */
-typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
+typedef int (*GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction) (void *cls,
                                                        uint32_t type,
                                                        const char *s,
                                                        void **data,
@@ -84,7 +84,7 @@ typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
  * @param typename name to convert
  * @return corresponding number, UINT32_MAX on error
  */
-typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
+typedef uint32_t (*GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
                                                                const char *typename);
 
 
@@ -96,7 +96,7 @@ typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cl
  * @param type number of a type to convert
  * @return corresponding typestring, NULL on error
  */
-typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
+typedef const char * (*GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
                                                                    uint32_t type);
 
 
@@ -104,7 +104,7 @@ typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void
  * Each plugin is required to return a pointer to a struct of this
  * type as the return value from its entry point.
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
+struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions
 {
 
   /**
@@ -115,22 +115,22 @@ struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
   /**
    * Conversion to string.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string;
+  GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction value_to_string;
 
   /**
    * Conversion to binary.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value;
+  GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction string_to_value;
 
   /**
    * Typename to number.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
+  GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
 
   /**
    * Number to typename.
    */
-  GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
+  GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
 
 };
 
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_reclaim_plugin.h
index 2330066dd..c400af64c 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_reclaim_plugin.h
@@ -22,15 +22,15 @@
  * @file
  * Plugin API for the idp database backend
  *
- * @defgroup identity-provider-plugin  IdP service plugin API
+ * @defgroup reclaim-plugin  IdP service plugin API
  * Plugin API for the idp database backend
  * @{
  */
-#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H
-#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H
+#ifndef GNUNET_RECLAIM_PLUGIN_H
+#define GNUNET_RECLAIM_PLUGIN_H
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -47,15 +47,15 @@ extern "C"
  * @param cls closure
  * @param ticket the ticket
  */
-typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
-                                                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-             const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+typedef void (*GNUNET_RECLAIM_TicketIterator) (void *cls,
+                                                 const struct GNUNET_RECLAIM_Ticket *ticket,
+             const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 
 /**
  * @brief struct returned by the initialization function of the plugin
  */
-struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
+struct GNUNET_RECLAIM_PluginFunctions
 {
 
   /**
@@ -71,8 +71,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
    * @return #GNUNET_OK on success, else #GNUNET_SYSERR
    */
   int (*store_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-      const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
+      const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
   /**
    * Delete a ticket from the database.
@@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
    * @return #GNUNET_OK on success, else #GNUNET_SYSERR
    */
   int (*delete_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                        const struct GNUNET_RECLAIM_Ticket *ticket);
 
 
 
@@ -101,11 +101,11 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
         int audience,
                           uint64_t offset,
-                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls);
+                          GNUNET_RECLAIM_TicketIterator iter, void *iter_cls);
 
   int (*get_ticket_attributes) (void* cls,
-                                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                const struct GNUNET_RECLAIM_Ticket *ticket,
+                                GNUNET_RECLAIM_TicketIterator iter,
                                 void *iter_cls);
 };
 
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_reclaim_service.h
index 0c72556e8..7e668cd62 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_reclaim_service.h
@@ -22,11 +22,11 @@
  * @file
  * Identity provider service; implements identity provider for GNUnet
  *
- * @defgroup identity-provider  Identity Provider service
+ * @defgroup reclaim  Identity Provider service
  * @{
  */
-#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
-#define GNUNET_IDENTITY_PROVIDER_SERVICE_H
+#ifndef GNUNET_RECLAIM_SERVICE_H
+#define GNUNET_RECLAIM_SERVICE_H
 
 #ifdef __cplusplus
 extern "C"
@@ -37,27 +37,27 @@ extern "C"
 #endif
 
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 
 /**
  * Version number of GNUnet Identity Provider API.
  */
-#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
+#define GNUNET_RECLAIM_VERSION 0x00000000
 
 /**
  * Handle to access the identity service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle;
+struct GNUNET_RECLAIM_Handle;
 
 /**
  * Handle for a token.
  */
-struct GNUNET_IDENTITY_PROVIDER_Token;
+struct GNUNET_RECLAIM_Token;
 
 /**
  * The ticket
  */
-struct GNUNET_IDENTITY_PROVIDER_Ticket
+struct GNUNET_RECLAIM_Ticket
 {
   /**
    * The ticket issuer
@@ -78,7 +78,7 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket
 /**
  * Handle for an operation with the identity provider service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation;
+struct GNUNET_RECLAIM_Operation;
 
 
 /**
@@ -87,8 +87,8 @@ struct GNUNET_IDENTITY_PROVIDER_Operation;
  * @param cfg Configuration to contact the identity provider service.
  * @return handle to communicate with identity provider service
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
 
 /**
  * Continuation called to notify client about result of the
@@ -101,7 +101,7 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
  * @param emsg NULL on success, otherwise an error message
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
+(*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
                                             int32_t success,
                                             const char *emsg);
 
@@ -118,12 +118,12 @@ typedef void
  * @param cont_cls closure for @a cont
  * @return handle to abort the request
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                           const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                           void *cont_cls);
 
 
@@ -135,19 +135,19 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param attr the attribute
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
+(*GNUNET_RECLAIM_AttributeResult) (void *cls,
                                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+                                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
 
 
 
 /**
  * List all attributes for a local identity. 
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
  * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
  *
  * On error (disconnect), @a error_cb will be invoked.
  * On normal completion, @a finish_cb proc will be
@@ -166,36 +166,36 @@ typedef void
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                                void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                                void *proc_cls,
                                                GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                void *finish_cb_cls);
 
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it);
 
 
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it);
 
 
 /**
@@ -207,12 +207,12 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
  * @param ticket the ticket
  */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
-                            const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+(*GNUNET_RECLAIM_TicketCallback)(void *cls,
+                            const struct GNUNET_RECLAIM_Ticket *ticket);
 
 /**
  * Issues a ticket to another identity. The identity may use
- * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket
+ * GNUNET_RECLAIM_ticket_consume to consume the ticket
  * and retrieve the attributes specified in the AttributeList.
  *
  * @param h the identity provider to use
@@ -223,12 +223,12 @@ typedef void
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                        void *cb_cls);
 
 /**
@@ -242,11 +242,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                         void *cb_cls);
 
 
@@ -262,11 +262,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                          void *cb_cls);
 
 /**
@@ -286,12 +286,12 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                                  void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                  void *proc_cls,
                                                  GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                  void *finish_cb_cls);
@@ -313,34 +313,34 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                     const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                     GNUNET_SCHEDULER_TaskCallback error_cb,
                                                     void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                     void *proc_cls,
                                                     GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                     void *finish_cb_cls);
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it);
 
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it);
 
 /**
  * Disconnect from identity provider service.
@@ -348,7 +348,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
  * @param h identity provider service to disconnect
  */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h);
 
 
 /**
@@ -360,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
  * @param op operation to cancel
  */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op);
 
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
@@ -370,9 +370,9 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
 #endif
 
 
-/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
+/* ifndef GNUNET_RECLAIM_SERVICE_H */
 #endif
 
 /** @} */ /* end of group identity */
 
-/* end of gnunet_identity_provider_service.h */
+/* end of gnunet_reclaim_service.h */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index d7accaf2c..829f8be7e 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -151,12 +151,12 @@ extern "C"
 /**
  * Signature for the first round of distributed key generation.
  */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 22
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 21
 
 /**
  * Signature for the second round of distributed key generation.
  */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 23
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 22
 
 /**
  * Signature for cooperatice decryption.
@@ -181,7 +181,7 @@ extern "C"
 /**
  * Signature for a GNUid Ticket
  */
-#define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27
+#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN 27
 
 /**
  * Signature for a GNUnet credential
diff --git a/src/include/gnunet_strings_lib.h b/src/include/gnunet_strings_lib.h
index 1fdab93b2..c1d76ef71 100644
--- a/src/include/gnunet_strings_lib.h
+++ b/src/include/gnunet_strings_lib.h
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -339,7 +339,9 @@ GNUNET_STRINGS_string_to_data (const char *enc,
  * @return the size of the output
  */
 size_t
-GNUNET_STRINGS_base64_encode (const char *data, size_t len, char **output);
+GNUNET_STRINGS_base64_encode (const void *in,
+                              size_t len,
+                              char **output);
 
 
 /**
@@ -354,7 +356,7 @@ GNUNET_STRINGS_base64_encode (const char *data, size_t len, char **output);
 size_t
 GNUNET_STRINGS_base64_decode (const char *data,
                               size_t len,
-                              char **output);
+                              void **output);
 
 
 /**
diff --git a/src/multicast/gnunet-service-multicast.c b/src/multicast/gnunet-service-multicast.c
index 20d29b906..f8441cc2b 100644
--- a/src/multicast/gnunet-service-multicast.c
+++ b/src/multicast/gnunet-service-multicast.c
@@ -1449,17 +1449,15 @@ check_client_member_join (void *cls,
   struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1];
   uint32_t relay_count = ntohl (msg->relay_count);
 
-  if (0 == relay_count)
+  if (0 != relay_count)
   {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  if (UINT32_MAX / relay_count < sizeof (*relays)){
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                    "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
-              (unsigned long)relay_count,
-              sizeof (*relays));
-      return GNUNET_SYSERR;
+    if (UINT32_MAX / relay_count < sizeof (*relays)){
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                      "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
+                (unsigned long)relay_count,
+                sizeof (*relays));
+        return GNUNET_SYSERR;
+    }
   }
   uint32_t relay_size = relay_count * sizeof (*relays);
   struct GNUNET_MessageHeader *join_msg = NULL;
diff --git a/src/multicast/test_multicast_multipeer.c b/src/multicast/test_multicast_multipeer.c
index 3a7c6d961..7766ff875 100644
--- a/src/multicast/test_multicast_multipeer.c
+++ b/src/multicast/test_multicast_multipeer.c
@@ -160,6 +160,7 @@ notify (void *cls,
 
   *data_size = sizeof (struct pingpong_msg);
   GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
 
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Peer #%u sents ping to origin\n", mc_peer->peer);
@@ -328,6 +329,7 @@ origin_notify (void *cls,
   pp_msg->msg = PONG;
   *data_size = sizeof (struct pingpong_msg);
   GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
 
   GNUNET_log (GNUNET_ERROR_TYPE_INFO, "origin sends pong\n");
 
diff --git a/src/namestore/gnunet-zoneimport.c b/src/namestore/gnunet-zoneimport.c
index 6c89cdb05..ddc8b483a 100644
--- a/src/namestore/gnunet-zoneimport.c
+++ b/src/namestore/gnunet-zoneimport.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -456,6 +456,7 @@ build_dns_query (struct Request *req,
   char *rawp;
   struct GNUNET_DNSPARSER_Packet p;
   struct GNUNET_DNSPARSER_Query q;
+  int ret;
 
   q.name = (char *) req->hostname;
   q.type = GNUNET_DNSPARSER_TYPE_NS;
@@ -467,12 +468,14 @@ build_dns_query (struct Request *req,
   p.num_queries = 1;
   p.queries = &q;
   p.id = req->id;
-  if (GNUNET_OK !=
-      GNUNET_DNSPARSER_pack (&p,
-                             UINT16_MAX,
-                             &rawp,
-                             raw_size))
+  ret = GNUNET_DNSPARSER_pack (&p,
+                               UINT16_MAX,
+                               &rawp,
+                               raw_size);
+  if (GNUNET_OK != ret)
   {
+    if (GNUNET_NO == ret)
+      GNUNET_free (rawp);
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Failed to pack query for hostname `%s'\n",
                 req->hostname);
diff --git a/src/namestore/plugin_namestore_flat.c b/src/namestore/plugin_namestore_flat.c
index 33c48b244..e16fe91b7 100644
--- a/src/namestore/plugin_namestore_flat.c
+++ b/src/namestore/plugin_namestore_flat.c
@@ -55,7 +55,7 @@ struct FlatFileEntry
   /**
    * Entry zone
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key;
+  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
 
   /**
    * Record cound
@@ -93,7 +93,6 @@ static int
 database_setup (struct Plugin *plugin)
 {
   char *afsdir;
-  char *key;
   char *record_data;
   char *zone_private_key;
   char *record_data_b64;
@@ -104,7 +103,6 @@ database_setup (struct Plugin *plugin)
   char *record_count;
   size_t record_data_size;
   uint64_t size;
-  size_t key_len;
   struct GNUNET_HashCode hkey;
   struct GNUNET_DISK_FileHandle *fh;
   struct FlatFileEntry *entry;
@@ -232,7 +230,7 @@ database_setup (struct Plugin *plugin)
       record_data_size
         = GNUNET_STRINGS_base64_decode (record_data_b64,
                                         strlen (record_data_b64),
-                                        &record_data);
+                                        (void **) &record_data);
       entry->record_data =
         GNUNET_new_array (entry->record_count,
                           struct GNUNET_GNSRECORD_Data);
@@ -251,21 +249,34 @@ database_setup (struct Plugin *plugin)
         break;
       }
       GNUNET_free (record_data);
-      GNUNET_STRINGS_base64_decode (zone_private_key,
-                                    strlen (zone_private_key),
-                                    (char**)&entry->private_key);
-      key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
-      key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
-      GNUNET_memcpy (key,
-                     label,
-                     strlen (label));
-      GNUNET_memcpy (key+strlen(label),
-                     entry->private_key,
-                     sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
-      GNUNET_CRYPTO_hash (key,
-                          key_len,
-                          &hkey);
-      GNUNET_free (key);
+
+      {
+        struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key;
+
+        GNUNET_STRINGS_base64_decode (zone_private_key,
+                                      strlen (zone_private_key),
+                                      (void**)&private_key);
+        entry->private_key = *private_key;
+        GNUNET_free (private_key);
+      }
+
+      {
+        char *key;
+        size_t key_len;
+
+        key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
+        key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
+        GNUNET_memcpy (key,
+                       label,
+                       strlen (label));
+        GNUNET_memcpy (key+strlen(label),
+                       &entry->private_key,
+                       sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
+        GNUNET_CRYPTO_hash (key,
+                            key_len,
+                            &hkey);
+        GNUNET_free (key);
+      }
       if (GNUNET_OK !=
           GNUNET_CONTAINER_multihashmap_put (plugin->hm,
                                              &hkey,
@@ -302,7 +313,7 @@ store_and_free_entries (void *cls,
   ssize_t data_size;
 
   (void) key;
-  GNUNET_STRINGS_base64_encode ((char*)entry->private_key,
+  GNUNET_STRINGS_base64_encode (&entry->private_key,
                                 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
                                 &zone_private_key);
   data_size = GNUNET_GNSRECORD_records_get_size (entry->record_count,
@@ -353,7 +364,6 @@ store_and_free_entries (void *cls,
                           strlen (line));
 
   GNUNET_free (line);
-  GNUNET_free (entry->private_key);
   GNUNET_free (entry->label);
   GNUNET_free (entry->record_data);
   GNUNET_free (entry);
@@ -441,11 +451,10 @@ namestore_flat_store_records (void *cls,
     return GNUNET_OK;
   }
   entry = GNUNET_new (struct FlatFileEntry);
-  entry->private_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey);
   GNUNET_asprintf (&entry->label,
                    label,
                    strlen (label));
-  GNUNET_memcpy (entry->private_key,
+  GNUNET_memcpy (&entry->private_key,
                  zone_key,
                  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
   entry->rvalue = rvalue;
@@ -519,7 +528,7 @@ namestore_flat_lookup_records (void *cls,
   if (NULL != iter)
     iter (iter_cls,
           0,
-          entry->private_key,
+          &entry->private_key,
           entry->label,
           entry->record_count,
           entry->record_data);
@@ -586,7 +595,7 @@ iterate_zones (void *cls,
   if (0 == ic->limit)
     return GNUNET_NO;
   if ( (NULL != ic->zone) &&
-       (0 != memcmp (entry->private_key,
+       (0 != memcmp (&entry->private_key,
                      ic->zone,
                      sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))) )
     return GNUNET_YES;
@@ -598,7 +607,7 @@ iterate_zones (void *cls,
   }
   ic->iter (ic->iter_cls,
             ic->pos,
-            entry->private_key,
+            &entry->private_key,
             entry->label,
             entry->record_count,
             entry->record_data);
@@ -668,7 +677,7 @@ zone_to_name (void *cls,
   struct FlatFileEntry *entry = value;
 
   (void) key;
-  if (0 != memcmp (entry->private_key,
+  if (0 != memcmp (&entry->private_key,
                    ztn->zone,
                    sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
     return GNUNET_YES;
@@ -683,7 +692,7 @@ zone_to_name (void *cls,
     {
       ztn->iter (ztn->iter_cls,
                  0,
-                 entry->private_key,
+                 &entry->private_key,
                  entry->label,
                  entry->record_count,
                  entry->record_data);
diff --git a/src/psyc/Makefile.am b/src/psyc/Makefile.am
index 26db608f3..d5c797f52 100644
--- a/src/psyc/Makefile.am
+++ b/src/psyc/Makefile.am
@@ -48,8 +48,8 @@ gnunet_service_psyc_CFLAGS = $(AM_CFLAGS)
 
 
 if HAVE_TESTING
-check_PROGRAMS = \
- test_psyc2
+#check_PROGRAMS = \
+# test_psyc2
 # test_psyc
 endif
 
diff --git a/src/identity-attribute/Makefile.am b/src/reclaim-attribute/Makefile.am
index 2c73a443e..7db2925b1 100644
--- a/src/identity-attribute/Makefile.am
+++ b/src/reclaim-attribute/Makefile.am
@@ -17,28 +17,28 @@ if USE_COVERAGE
 endif
 
 lib_LTLIBRARIES = \
-  libgnunetidentityattribute.la
+  libgnunetreclaimattribute.la
 
-libgnunetidentityattribute_la_SOURCES = \
-  identity_attribute.c
-libgnunetidentityattribute_la_LIBADD = \
+libgnunetreclaimattribute_la_SOURCES = \
+  reclaim_attribute.c
+libgnunetreclaimattribute_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(GN_LIBINTL)
-libgnunetidentityattribute_la_LDFLAGS = \
+libgnunetreclaimattribute_la_LDFLAGS = \
   $(GN_LIB_LDFLAGS) $(WINFLAGS) \
   -version-info 0:0:0
 
 
 plugin_LTLIBRARIES = \
-  libgnunet_plugin_identity_attribute_gnuid.la
+  libgnunet_plugin_reclaim_attribute_gnuid.la
 
 
-libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \
-  plugin_identity_attribute_gnuid.c
-libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_SOURCES = \
+  plugin_reclaim_attribute_gnuid.c
+libgnunet_plugin_reclaim_attribute_gnuid_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LTLIBINTL)
-libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 
diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
index c09b167f5..48afc0732 100644
--- a/src/identity-attribute/plugin_identity_attribute_gnuid.c
+++ b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
@@ -17,7 +17,7 @@
 */
 
 /**
- * @file identity-attribute/plugin_identity_attribute_gnuid.c
+ * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c
  * @brief identity attribute plugin to provide the API for fundamental 
  *                 attribute types.
  *
@@ -25,7 +25,7 @@
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 #include <inttypes.h>
 
 
@@ -47,7 +47,7 @@ gnuid_value_to_string (void *cls,
 
   switch (type)
   {
-  case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+  case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
     return GNUNET_strndup (data, data_size);
   default:
     return NULL;
@@ -78,7 +78,7 @@ gnuid_string_to_value (void *cls,
   switch (type)
   {
 
-    case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+    case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
       *data = GNUNET_strdup (s);
       *data_size = strlen (s);
       return GNUNET_OK;
@@ -96,7 +96,7 @@ static struct {
   const char *name;
   uint32_t number;
 } gnuid_name_map[] = {
-  { "STRING",  GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING },
+  { "STRING",  GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING },
   { NULL, UINT32_MAX }
 };
 
@@ -151,11 +151,11 @@ gnuid_number_to_typename (void *cls,
  * @return the exported block API
  */
 void *
-libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_init (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
 
-  api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions);
   api->value_to_string = &gnuid_value_to_string;
   api->string_to_value = &gnuid_string_to_value;
   api->typename_to_number = &gnuid_typename_to_number;
@@ -171,12 +171,12 @@ libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
  * @return NULL
  */
 void *
-libgnunet_plugin_identity_attribute_gnuid_done (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_done (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = cls;
 
   GNUNET_free (api);
   return NULL;
 }
 
-/* end of plugin_identity_attribute_type_gnuid.c */
+/* end of plugin_reclaim_attribute_type_gnuid.c */
diff --git a/src/identity-attribute/identity_attribute.c b/src/reclaim-attribute/reclaim_attribute.c
index 7d47c46a7..1ffa9618f 100644
--- a/src/identity-attribute/identity_attribute.c
+++ b/src/reclaim-attribute/reclaim_attribute.c
@@ -17,14 +17,14 @@
  */
 
 /**
- * @file identity-attribute/identity_attribute.c
+ * @file reclaim-attribute/reclaim_attribute.c
  * @brief helper library to manage identity attributes
  * @author Martin Schanzenbach
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "identity_attribute.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "reclaim_attribute.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 
 /**
  * Handle for a plugin
@@ -39,7 +39,7 @@ struct Plugin
   /**
    * Plugin API
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
 };
 
 /**
@@ -65,7 +65,7 @@ add_plugin (void* cls,
             const char *library_name,
             void *lib_ret)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = lib_ret;
   struct Plugin *plugin;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -86,7 +86,7 @@ init()
   if (GNUNET_YES == initialized)
     return;
   initialized = GNUNET_YES;
-  GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL,
+  GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attribute_", NULL,
                           &add_plugin, NULL);
 }
 
@@ -97,7 +97,7 @@ init()
  * @return corresponding number, UINT32_MAX on error
  */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename)
 {
   unsigned int i;
   struct Plugin *plugin;
@@ -121,7 +121,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
  * @return corresponding typestring, NULL on error
  */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type)
 {
   unsigned int i;
   struct Plugin *plugin;
@@ -149,7 +149,7 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
  * @return #GNUNET_OK on success
  */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                            const char *s,
                                            void **data,
                                            size_t *data_size)
@@ -180,7 +180,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
  * @return NULL on error, otherwise human-readable representation of the claim
  */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                            const void* data,
                                            size_t data_size)
 {
@@ -210,31 +210,35 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
  * @param data_size the attribute value size
  * @return the new attribute
  */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
                uint32_t type,
                const void* data,
                size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
   char *write_ptr;
+  char *attr_name_tmp = GNUNET_strdup (attr_name);
 
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) +
-                        strlen (attr_name) + 1 +
+  GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp);
+
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) +
+                        strlen (attr_name_tmp) + 1 +
                         data_size);
   attr->type = type;
   attr->data_size = data_size;
   attr->version = 0;
   write_ptr = (char*)&attr[1];
   GNUNET_memcpy (write_ptr,
-                 attr_name,
-                 strlen (attr_name) + 1);
+                 attr_name_tmp,
+                 strlen (attr_name_tmp) + 1);
   attr->name = write_ptr;
   write_ptr += strlen (attr->name) + 1;
   GNUNET_memcpy (write_ptr,
                  data,
                  data_size);
   attr->data = write_ptr;
+  GNUNET_free (attr_name_tmp);
   return attr;
 }
 
@@ -249,15 +253,15 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
  * @return
  */
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *claim_list,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *claim_list,
                                     const char* attr_name,
                                     uint32_t type,
                                     const void* data,
                                     size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
                                                type,
                                                data,
                                                data_size);
@@ -267,20 +271,20 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
-    len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    len += GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
   return len; 
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                           char *result)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t len;
   size_t total_len;
   char* write_ptr;
@@ -289,7 +293,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
   total_len = 0;
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim,
+    len = GNUNET_RECLAIM_ATTRIBUTE_serialize (le->claim,
                                write_ptr);
     total_len += len;
     write_ptr += len;
@@ -297,49 +301,49 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
   return total_len;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   size_t attr_len;
   const char* read_ptr;
 
   if (data_size < sizeof (struct Attribute))
     return NULL;
   
-  attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   read_ptr = data;
   while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
   {
 
-    le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-    le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr,
+    le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+    le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (read_ptr,
                                            data_size - (read_ptr - data));
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Deserialized attribute %s\n", le->claim->name);
     GNUNET_CONTAINER_DLL_insert (attrs->list_head,
                                  attrs->list_tail,
                                  le);
-    attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
     read_ptr += attr_len;
   }
   return attrs;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *result_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *result;
 
-  result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  result = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   for (le = attrs->list_head; NULL != le; le = le->next)
   {
-    result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-    result_le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (le->claim->name,
+    result_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+    result_le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (le->claim->name,
                                                      le->claim->type,
                                                      le->claim->data,
                                                      le->claim->data_size);
@@ -352,10 +356,10 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 
 
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *tmp_le;
 
   for (le = attrs->list_head; NULL != le;)
   {
@@ -369,7 +373,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimLi
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   return sizeof (struct Attribute) 
     + strlen (attr->name)
@@ -377,7 +381,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
 }
 
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                      char *result)
 {
   size_t data_len_ser;
@@ -403,11 +407,11 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
   return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
 }
 
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                        size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
   struct Attribute *attr_ser;
   size_t data_len;
   size_t name_len;
@@ -419,7 +423,7 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
   attr_ser = (struct Attribute*)data;
   data_len = ntohs (attr_ser->data_size);
   name_len = ntohs (attr_ser->name_len);
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim)
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim)
                         + data_len + name_len + 1);
   attr->type = ntohs (attr_ser->attribute_type);
   attr->version = ntohl (attr_ser->attribute_version);
@@ -441,4 +445,4 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
 
 }
 
-/* end of identity_attribute.c */
+/* end of reclaim_attribute.c */
diff --git a/src/identity-attribute/identity_attribute.h b/src/reclaim-attribute/reclaim_attribute.h
index 2346dcde1..746d32980 100644
--- a/src/identity-attribute/identity_attribute.h
+++ b/src/reclaim-attribute/reclaim_attribute.h
@@ -17,14 +17,14 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file identity-attribute/identity_attribute.h
- * @brief GNUnet Identity attributes
+ * @file reclaim-attribute/reclaim_attribute.h
+ * @brief GNUnet reclaim identity attributes
  *
  */
-#ifndef IDENTITY_ATTRIBUTE_H
-#define IDENTITY_ATTRIBUTE_H
+#ifndef RECLAIM_ATTRIBUTE_H
+#define RECLAIM_ATTRIBUTE_H
 
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 
 struct Attribute
 {
diff --git a/src/identity-provider/.gitignore b/src/reclaim/.gitignore
index ef77fccdc..ef77fccdc 100644
--- a/src/identity-provider/.gitignore
+++ b/src/reclaim/.gitignore
diff --git a/src/identity-provider/Makefile.am b/src/reclaim/Makefile.am
index 2eb699542..2ee43d21a 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -13,12 +13,12 @@ if USE_COVERAGE
 endif
 
 if HAVE_SQLITE
-SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la
+SQLITE_PLUGIN = libgnunet_plugin_reclaim_sqlite.la
 endif
 
 EXTRA_DIST = \
-  test_idp_defaults.conf \
-        test_idp.conf \
+  test_reclaim_defaults.conf \
+        test_reclaim.conf \
         $(check_SCRIPTS)
 
 pkgcfgdir= $(pkgdatadir)/config.d/
@@ -26,46 +26,46 @@ pkgcfgdir= $(pkgdatadir)/config.d/
 libexecdir= $(pkglibdir)/libexec/
 
 pkgcfg_DATA = \
-  identity-provider.conf
+  reclaim.conf
 
 lib_LTLIBRARIES = \
-  libgnunetidentityprovider.la
+  libgnunetreclaim.la
 plugin_LTLIBRARIES = \
-        libgnunet_plugin_rest_identity_provider.la \
+        libgnunet_plugin_rest_reclaim.la \
         libgnunet_plugin_rest_openid_connect.la \
-  libgnunet_plugin_gnsrecord_identity_provider.la \
+  libgnunet_plugin_gnsrecord_reclaim.la \
         $(SQLITE_PLUGIN)
 
 bin_PROGRAMS = \
- gnunet-idp
+ gnunet-reclaim
 
 libexec_PROGRAMS = \
- gnunet-service-identity-provider
+ gnunet-service-reclaim
 
-libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \
-  plugin_gnsrecord_identity_provider.c
-libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \
+libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \
+  plugin_gnsrecord_reclaim.c
+libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
   $(LTLIBINTL)
-libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
-libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \
-  plugin_identity_provider_sqlite.c
-libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \
-  libgnunetidentityprovider.la  \
+libgnunet_plugin_reclaim_sqlite_la_SOURCES = \
+  plugin_reclaim_sqlite.c
+libgnunet_plugin_reclaim_sqlite_la_LIBADD = \
+  libgnunetreclaim.la  \
   $(top_builddir)/src/sq/libgnunetsq.la \
   $(top_builddir)/src/statistics/libgnunetstatistics.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
   $(LTLIBINTL)
-libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
+libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 
 
-gnunet_service_identity_provider_SOURCES = \
- gnunet-service-identity-provider.c
-gnunet_service_identity_provider_LDADD = \
+gnunet_service_reclaim_SOURCES = \
+ gnunet-service-reclaim.c
+gnunet_service_reclaim_LDADD = \
  $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(top_builddir)/src/namestore/libgnunetnamestore.la \
@@ -73,66 +73,67 @@ gnunet_service_identity_provider_LDADD = \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
  $(top_builddir)/src/abe/libgnunetabe.la \
  $(top_builddir)/src/credential/libgnunetcredential.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- libgnunetidentityprovider.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ libgnunetreclaim.la \
  $(top_builddir)/src/gns/libgnunetgns.la \
  $(GN_LIBINTL)
 
-libgnunetidentityprovider_la_SOURCES = \
- identity_provider_api.c \
- identity_provider.h
-libgnunetidentityprovider_la_LIBADD = \
+libgnunetreclaim_la_SOURCES = \
+ reclaim_api.c \
+ reclaim.h
+libgnunetreclaim_la_LIBADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
         $(GN_LIBINTL) $(XLIB)
-libgnunetidentityprovider_la_LDFLAGS = \
+libgnunetreclaim_la_LDFLAGS = \
         $(GN_LIB_LDFLAGS)  $(WINFLAGS) \
         -version-info 0:0:0
 
-libgnunet_plugin_rest_identity_provider_la_SOURCES = \
-  plugin_rest_identity_provider.c \
-        jwt.c
-libgnunet_plugin_rest_identity_provider_la_LIBADD = \
+libgnunet_plugin_rest_reclaim_la_SOURCES = \
+  plugin_rest_reclaim.c
+libgnunet_plugin_rest_reclaim_la_LIBADD = \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/rest/libgnunetrest.la \
         $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson -lmicrohttpd
-libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_rest_reclaim_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
 libgnunet_plugin_rest_openid_connect_la_SOURCES = \
   plugin_rest_openid_connect.c \
-        jwt.c
+        oidc_helper.c
 libgnunet_plugin_rest_openid_connect_la_LIBADD = \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/rest/libgnunetrest.la \
         $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
+        $(top_builddir)/src/gns/libgnunetgns.la \
+        $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
   $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
   $(LTLIBINTL) -ljansson -lmicrohttpd
 libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
-gnunet_idp_SOURCES = \
- gnunet-idp.c
-gnunet_idp_LDADD = \
+gnunet_reclaim_SOURCES = \
+ gnunet-reclaim.c
+gnunet_reclaim_LDADD = \
   $(top_builddir)/src/util/libgnunetutil.la \
         $(top_builddir)/src/namestore/libgnunetnamestore.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
         $(top_builddir)/src/identity/libgnunetidentity.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
   $(GN_LIBINTL)
 
 check_SCRIPTS = \
-        test_idp_attribute.sh \
-        test_idp_issue.sh \
-        test_idp_consume.sh \
-  test_idp_revoke.sh
+        test_reclaim_attribute.sh \
+        test_reclaim_issue.sh \
+        test_reclaim_consume.sh \
+  test_reclaim_revoke.sh
 
 if ENABLE_TEST_RUN
  AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
diff --git a/src/identity-provider/gnunet-idp.c b/src/reclaim/gnunet-reclaim.c
index 79e4f8d27..677e9f49f 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/reclaim/gnunet-reclaim.c
@@ -17,7 +17,7 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-idp.c
+ * @file src/reclaim/gnunet-reclaim.c
  * @brief Identity Provider utility
  *
  */
@@ -25,7 +25,7 @@
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include "gnunet_namestore_service.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_signatures.h"
 
@@ -85,19 +85,19 @@ static char* ego_name;
 static struct GNUNET_IDENTITY_Handle *identity_handle;
 
 /**
- * IdP handle
+ * reclaim handle
  */
-static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle;
+static struct GNUNET_RECLAIM_Handle *reclaim_handle;
 
 /**
- * IdP operation
+ * reclaim operation
  */
-static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+static struct GNUNET_RECLAIM_Operation *reclaim_op;
 
 /**
  * Attribute iterator
  */
-static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator;
+static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator;
 
 /**
  * Master ABE key
@@ -117,12 +117,12 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
 /**
  * Ticket to consume
  */
-static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+static struct GNUNET_RECLAIM_Ticket ticket;
 
 /**
  * Attribute list
  */
-static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+static struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
 /**
  * Attribute expiration interval
@@ -134,17 +134,28 @@ static struct GNUNET_TIME_Relative exp_interval;
  */
 static struct GNUNET_SCHEDULER_Task *timeout;
 
+/**
+ * Cleanup task
+ */
+static struct GNUNET_SCHEDULER_Task *cleanup_task;
+
+/**
+ * Claim to store
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
+
 static void
 do_cleanup(void *cls)
 {
+  cleanup_task = NULL;
   if (NULL != timeout)
     GNUNET_SCHEDULER_cancel (timeout);
-  if (NULL != idp_op)
-    GNUNET_IDENTITY_PROVIDER_cancel (idp_op);
+  if (NULL != reclaim_op)
+    GNUNET_RECLAIM_cancel (reclaim_op);
   if (NULL != attr_iterator)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator);
-  if (NULL != idp_handle)
-    GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle);
+    GNUNET_RECLAIM_get_attributes_stop (attr_iterator);
+  if (NULL != reclaim_handle)
+    GNUNET_RECLAIM_disconnect (reclaim_handle);
   if (NULL != identity_handle)
     GNUNET_IDENTITY_disconnect (identity_handle);
   if (NULL != abe_key)
@@ -155,18 +166,18 @@ do_cleanup(void *cls)
 
 static void
 ticket_issue_cb (void* cls,
-                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                 const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   char* ticket_str;
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (NULL != ticket) {
     ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
-                                                      sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                      sizeof (struct GNUNET_RECLAIM_Ticket));
     printf("%s\n",
            ticket_str);
     GNUNET_free (ticket_str);
   }
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
@@ -174,24 +185,26 @@ store_attr_cont (void *cls,
                  int32_t success,
                  const char*emsg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (GNUNET_SYSERR == success) {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "%s\n", emsg);
+    fprintf (stderr,
+             "%s\n", emsg);
   }
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
 process_attrs (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   char *value_str;
+  const char* attr_type;
+
   if (NULL == identity)
   {
-    idp_op = NULL;
-    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+    reclaim_op = NULL;
+    cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
     return;
   }
   if (NULL == attr)
@@ -199,11 +212,12 @@ process_attrs (void *cls,
     ret = 1;
     return;
   }
-  value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
-                                                     attr->data,
-                                                     attr->data_size);
-  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-              "%s: %s\n", attr->name, value_str);
+  value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+                                                        attr->data,
+                                                        attr->data_size);
+  attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type);
+  fprintf (stdout,
+           "%s: %s [%s,v%u]\n", attr->name, value_str, attr_type, attr->version);
 }
 
 
@@ -211,9 +225,9 @@ static void
 iter_error (void *cls)
 {
   attr_iterator = NULL;
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "Failed to iterate over attributes\n");
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  fprintf (stderr,
+           "Failed to iterate over attributes\n");
+  cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
@@ -221,28 +235,28 @@ timeout_task (void *cls)
 {
   timeout = NULL;
   ret = 1;
-  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-              "Timeout\n");
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  fprintf (stderr,
+           "Timeout\n");
+  if (NULL == cleanup_task)
+    cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
 process_rvk (void *cls, int success, const char* msg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
   if (GNUNET_OK != success)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Revocation failed.\n");
+    fprintf (stderr,
+             "Revocation failed.\n");
     ret = 1;
   }
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
 iter_finished (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
   char *data;
   size_t data_size;
   int type;
@@ -250,27 +264,27 @@ iter_finished (void *cls)
   attr_iterator = NULL;
   if (list)
   {
-    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+    cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
     return;
   }
 
   if (issue_attrs)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
-                                                    pkey,
-                                                    &rp_key,
-                                                    attr_list,
-                                                    &ticket_issue_cb,
-                                                    NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle,
+                                              pkey,
+                                              &rp_key,
+                                              attr_list,
+                                              &ticket_issue_cb,
+                                              NULL);
     return;
   }
   if (consume_ticket)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
-                                                      pkey,
-                                                      &ticket,
-                                                      &process_attrs,
-                                                      NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle,
+                                                pkey,
+                                                &ticket,
+                                                &process_attrs,
+                                                NULL);
     timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
                                             &timeout_task,
                                             NULL);
@@ -278,82 +292,112 @@ iter_finished (void *cls)
   }
   if (revoke_ticket)
   {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
-                                                     pkey,
-                                                     &ticket,
-                                                     &process_rvk,
-                                                     NULL);
+    reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle,
+                                               pkey,
+                                               &ticket,
+                                               &process_rvk,
+                                               NULL);
     return;
   }
   if (attr_name)
   {
     if (NULL == type_str)
-      type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING;
+      type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING;
     else
-      type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str);
-
-    GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type,
-                                                                               attr_value,
-                                                                               (void**)&data,
-                                                                               &data_size));
-    claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
-                                                 type,
-                                                 data,
-                                                 data_size);
-    idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
-                                                       pkey,
-                                                       claim,
-                                                       &exp_interval,
-                                                       &store_attr_cont,
-                                                       NULL);
+      type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str);
+
+    GNUNET_assert (GNUNET_SYSERR != GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type,
+                                                                              attr_value,
+                                                                              (void**)&data,
+                                                                              &data_size));
+    if (NULL != claim)
+    {
+      claim->type = type;
+      claim->data = data;
+      claim->data_size = data_size;
+    }
+    else
+    {
+      claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
+                                                  type,
+                                                  data,
+                                                  data_size);
+    }
+    reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle,
+                                                 pkey,
+                                                 claim,
+                                                 &exp_interval,
+                                                 &store_attr_cont,
+                                                 NULL);
+    GNUNET_free (data);
+    GNUNET_free (claim);
     return;
   }
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
 iter_cb (void *cls,
          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char *attrs_tmp;
   char *attr_str;
+  const char *attr_type;
 
-  if (issue_attrs)
+  if ((NULL != attr_name) && (NULL != claim))
+  {
+    if (0 == strcasecmp (attr_name, attr->name))
+    {
+      claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+                                                            attr->type,
+                                                            attr->data,
+                                                            attr->data_size);
+    }
+  }
+  else if (issue_attrs)
   {
     attrs_tmp = GNUNET_strdup (issue_attrs);
     attr_str = strtok (attrs_tmp, ",");
     while (NULL != attr_str) {
-      if (0 != strcmp (attr_str, attr->name)) {
+      if (0 != strcasecmp (attr_str, attr->name)) {
         attr_str = strtok (NULL, ",");
         continue;
       }
-      le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-      le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
-                                                       attr->type,
-                                                       attr->data,
-                                                       attr->data_size);
+      le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+      le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+                                                      attr->type,
+                                                      attr->data,
+                                                      attr->data_size);
+      le->claim->version = attr->version;
       GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
                                    attr_list->list_tail,
                                    le);
       break;
     }
     GNUNET_free (attrs_tmp);
-  } else if (list) {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "%s: %s\n", attr->name, (char*)attr->data);
+  } 
+  else if (list)
+  {
+    attr_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+                                                         attr->data,
+                                                         attr->data_size);
+    attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type);
+    fprintf (stdout,
+             "%s: %s [%s,v%u]\n", attr->name, attr_str, attr_type, attr->version);
   }
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator);
+  GNUNET_RECLAIM_get_attributes_next (attr_iterator);
 }
 
 static void
-ego_iter_finished (void *cls)
+start_get_attributes ()
 {
   if (NULL == pkey)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Ego %s not found\n", ego_name);
+    fprintf (stderr,
+             "Ego %s not found\n", ego_name);
+    cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
     return;
   }
 
@@ -365,24 +409,23 @@ ego_iter_finished (void *cls)
     GNUNET_STRINGS_string_to_data (consume_ticket,
                                    strlen (consume_ticket),
                                    &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
   if (NULL != revoke_ticket)
     GNUNET_STRINGS_string_to_data (revoke_ticket,
                                    strlen (revoke_ticket),
                                    &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
-
-
-  attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
 
-  attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
-                                                                 pkey,
-                                                                 &iter_error,
-                                                                 NULL,
-                                                                 &iter_cb,
-                                                                 NULL,
-                                                                 &iter_finished,
-                                                                 NULL);
+  attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+  claim = NULL;
+  attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle,
+                                                       pkey,
+                                                       &iter_error,
+                                                       NULL,
+                                                       &iter_cb,
+                                                       NULL,
+                                                       &iter_finished,
+                                                       NULL);
 
 
 }
@@ -398,7 +441,7 @@ ego_cb (void *cls,
   if (NULL == name) {
     if (GNUNET_YES == init) {
       init = GNUNET_NO;
-      GNUNET_SCHEDULER_add_now (&ego_iter_finished, NULL);
+      start_get_attributes();
     }
     return;
   }
@@ -418,28 +461,28 @@ run (void *cls,
   if (NULL == ego_name)
   {
     ret = 1;
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                _("Ego is required\n"));
+    fprintf (stderr,
+             _("Ego is required\n"));
     return;
   }
 
   if ( (NULL == attr_value) && (NULL != attr_name) )
   {
     ret = 1;
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                _("Attribute value missing!\n"));
+    fprintf (stderr,
+             _("Attribute value missing!\n"));
     return;
   }
 
   if ( (NULL == rp) && (NULL != issue_attrs) )
   {
     ret = 1;
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                _("Requesting party key is required!\n"));
+    fprintf (stderr,
+             _("Requesting party key is required!\n"));
     return;
   }
 
-  idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c);
+  reclaim_handle = GNUNET_RECLAIM_connect (c);
   //Get Ego
   identity_handle = GNUNET_IDENTITY_connect (c,
                                              &ego_cb,
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/reclaim/gnunet-service-reclaim.c
index c53e72477..3321a79d8 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/reclaim/gnunet-service-reclaim.c
@@ -17,8 +17,8 @@
    */
 /**
  * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-service-identity-provider.c
- * @brief Identity Token Service
+ * @file src/reclaim/gnunet-service-reclaim.c
+ * @brief reclaim Service
  *
  */
 #include "platform.h"
@@ -32,10 +32,10 @@
 #include "gnunet_credential_service.h"
 #include "gnunet_statistics_service.h"
 #include "gnunet_gns_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_signatures.h"
-#include "identity_provider.h"
+#include "reclaim.h"
 
 /**
  * First pass state
@@ -65,7 +65,7 @@ static struct GNUNET_IDENTITY_Handle *identity_handle;
 /**
  * Database handle
  */
-static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database;
+static struct GNUNET_RECLAIM_PluginFunctions *TKT_database;
 
 /**
  * Name of DB plugin
@@ -396,7 +396,7 @@ struct AttributeStoreHandle
   /**
    * The attribute to store
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
 
   /**
    * The attribute expiration interval
@@ -433,7 +433,7 @@ struct ConsumeTicketHandle
   /**
    * Ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * LookupRequest
@@ -473,7 +473,7 @@ struct ConsumeTicketHandle
   /**
    * Attributes
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
   
   /**
    * Lookup time
@@ -535,12 +535,12 @@ struct TicketRevocationHandle
   /**
    * Attributes to reissue
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Attributes to revoke
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *rvk_attrs;
 
   /**
    * Issuer Key
@@ -550,7 +550,7 @@ struct TicketRevocationHandle
   /**
    * Ticket to issue
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * QueueEntry
@@ -603,7 +603,7 @@ struct TicketIssueHandle
   /**
    * Attributes to issue
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
 
   /**
    * Issuer Key
@@ -613,7 +613,7 @@ struct TicketIssueHandle
   /**
    * Ticket to issue
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * QueueEntry
@@ -861,7 +861,7 @@ static void
 cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 {
   if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
   if (NULL != handle->ns_qe)
     GNUNET_NAMESTORE_cancel (handle->ns_qe);
   GNUNET_free (handle);
@@ -871,12 +871,12 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 static void
 send_ticket_result (struct IdpClient *client,
                     uint32_t r_id,
-                    const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                    const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                    const struct GNUNET_RECLAIM_Ticket *ticket,
+                    const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketResultMessage *irm;
   struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf;
+  struct GNUNET_RECLAIM_Ticket *ticket_buf;
 
   /* store ticket in DB */
   if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
@@ -889,9 +889,9 @@ send_ticket_result (struct IdpClient *client,
   }
 
   env = GNUNET_MQ_msg_extra (irm,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
-  ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1];
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
+                             GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
+  ticket_buf = (struct GNUNET_RECLAIM_Ticket *)&irm[1];
   *ticket_buf = *ticket;
   irm->id = htonl (r_id);
   GNUNET_MQ_send (client->mq,
@@ -927,14 +927,14 @@ store_ticket_issue_cont (void *cls,
 
 
 int
-serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                        const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+serialize_abe_keyinfo2 (const struct GNUNET_RECLAIM_Ticket *ticket,
+                        const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                         const struct GNUNET_ABE_AbeKey *rp_key,
                         struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
                         char **result)
 {
   struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char *enc_keyinfo;
   char *serialized_key;
   char *buf;
@@ -1009,7 +1009,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                   struct GNUNET_ABE_AbeMasterKey *abe_key)
 {
   struct TicketIssueHandle *ih = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_ABE_AbeKey *rp_key;
@@ -1101,7 +1101,7 @@ handle_issue_ticket_message (void *cls,
 
   ih = GNUNET_new (struct TicketIssueHandle);
   attrs_len = ntohs (im->attr_len);
-  ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
+  ih->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
   ih->r_id = ntohl (im->id);
   ih->client = idp;
   ih->identity = im->identity;
@@ -1132,9 +1132,9 @@ static void
 cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh)
 {
   if (NULL != rh->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->attrs);
   if (NULL != rh->rvk_attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->rvk_attrs);
   if (NULL != rh->abe_key)
     GNUNET_ABE_cpabe_delete_master_key (rh->abe_key);
   if (NULL != rh->ns_qe)
@@ -1157,9 +1157,12 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
 {
   struct GNUNET_MQ_Envelope *env;
   struct RevokeTicketResultMessage *trm;
+  
+  GNUNET_break(TKT_database->delete_ticket (TKT_database->cls,
+                                            &rh->ticket));
 
   env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT);
   trm->id = htonl (rh->r_id);
   trm->success = htonl (success);
   GNUNET_MQ_send (rh->client->mq,
@@ -1179,8 +1182,8 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
  */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 
 static void
 revocation_reissue_tickets (struct TicketRevocationHandle *rh);
@@ -1206,9 +1209,6 @@ reissue_ticket_cont (void *cls,
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
                 "Unknown Error\n");
     send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1226,12 +1226,12 @@ reissue_ticket_cont (void *cls,
  */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le_rollover;
   struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
   struct GNUNET_GNSRECORD_Data code_record[1];
   struct GNUNET_ABE_AbeKey *rp_key;
@@ -1258,9 +1258,18 @@ ticket_reissue_proc (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Do not reissue for this identity.!\n");
-
-    rh->offset++;
-    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
+    label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd,
+                                                 sizeof (uint64_t));
+    //Delete record
+    rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                                &rh->identity,
+                                                label,
+                                                0,
+                                                NULL,
+                                                &reissue_ticket_cont,
+                                                rh);
+
+    GNUNET_free (label);
     return;
   }
 
@@ -1374,9 +1383,6 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
   if (GNUNET_NO == ret)
   {
     send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1391,10 +1397,8 @@ check_attr_error (void *cls)
   struct TicketRevocationHandle *rh = cls;
   GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
               "Unable to check for existing attribute\n");
+  rh->ns_qe = NULL;
   send_revocation_finished (rh, GNUNET_SYSERR);
-  GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
   cleanup_revoke_ticket_handle (rh);
 }
 
@@ -1426,17 +1430,18 @@ check_attr_cb (void *cls,
   char* policy;
   uint32_t attr_ver;
 
+  rh->ns_qe = NULL;
   if (1 != rd_count) {
     GNUNET_SCHEDULER_add_now (&reenc_next_attribute,
                               rh);
     return;
   }
 
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
   buf = GNUNET_malloc (buf_size);
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
-                                       buf);
   rh->attrs->list_head->claim->version++;
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
+                                       buf);
   GNUNET_asprintf (&policy, "%s_%lu",
                    rh->attrs->list_head->claim->name,
                    rh->attrs->list_head->claim->version);
@@ -1458,9 +1463,6 @@ check_attr_cb (void *cls,
                 policy);
     GNUNET_free (policy);
     send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   }
@@ -1525,8 +1527,9 @@ attr_reenc_cont (void *cls,
                  const char *emsg)
 {
   struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
 
+  rh->ns_qe = NULL;
   if (GNUNET_SYSERR == success)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -1558,12 +1561,12 @@ attr_reenc_cont (void *cls,
 
 static void
 process_attributes_to_update (void *cls,
-                              const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                              const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                              const struct GNUNET_RECLAIM_Ticket *ticket,
+                              const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketRevocationHandle *rh = cls;
 
-  rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs);
+  rh->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_dup (attrs);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Revocation Phase I: Collecting attributes\n");
   /* Reencrypt all attributes with new key */
@@ -1571,9 +1574,6 @@ process_attributes_to_update (void *cls,
   {
     /* No attributes to reencrypt */
     send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
     cleanup_revoke_ticket_handle (rh);
     return;
   } else {
@@ -1621,11 +1621,11 @@ handle_revoke_ticket_message (void *cls,
 {
   struct TicketRevocationHandle *rh;
   struct IdpClient *idp = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
 
   rh = GNUNET_new (struct TicketRevocationHandle);
-  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
-  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  ticket = (struct GNUNET_RECLAIM_Ticket*)&rm[1];
+  rh->rvk_attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   rh->ticket = *ticket;
   rh->r_id = ntohl (rm->id);
   rh->client = idp;
@@ -1667,7 +1667,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
     GNUNET_ABE_cpabe_delete_key (handle->key,
                                  GNUNET_YES);
   if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
   GNUNET_free (handle);
 }
 
@@ -1698,7 +1698,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   struct ConsumeTicketHandle *handle = parallel_lookup->handle;
   struct ConsumeTicketResultMessage *crm;
   struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le;
   struct GNUNET_TIME_Absolute decrypt_duration;
   char *data;
   char *data_tmp;
@@ -1741,8 +1741,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                 1,
                                 GNUNET_YES);
 
-      attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-      attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data,
+      attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+      attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (data,
                                                               attr_len);
       attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
       GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
@@ -1766,15 +1766,15 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
   }
 
   GNUNET_SCHEDULER_cancel (handle->kill_task);
-  attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs);
+  attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (handle->attrs);
   env = GNUNET_MQ_msg_extra (crm,
                              attrs_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT);
   crm->id = htonl (handle->r_id);
   crm->attrs_len = htons (attrs_len);
   crm->identity = handle->ticket.identity;
   data_tmp = (char *) &crm[1];
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (handle->attrs,
                                             data_tmp);
   GNUNET_MQ_send (handle->client->mq, env);
   GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
@@ -1805,7 +1805,7 @@ abort_parallel_lookups2 (void *cls)
     lu = tmp;
   }
   env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (handle->r_id);
   arm->attr_len = htons (0);
   GNUNET_MQ_send (handle->client->mq, env);
@@ -1918,10 +1918,10 @@ handle_consume_ticket_message (void *cls,
   ch->r_id = ntohl (cm->id);
   ch->client = idp;
   ch->identity = cm->identity;
-  ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  ch->attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
   GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
                                       &ch->identity_pub);
-  ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
+  ch->ticket = *((struct GNUNET_RECLAIM_Ticket*)&cm[1]);
   rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
                                                    sizeof (uint64_t));
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1967,7 +1967,7 @@ attr_store_cont (void *cls,
   struct AttributeStoreHandle *as_handle = cls;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeStoreResultMessage *acr_msg;
-  
+
   as_handle->ns_qe = NULL;
   GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
                                as_handle->client->store_op_tail,
@@ -1986,7 +1986,7 @@ attr_store_cont (void *cls,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Sending ATTRIBUTE_STORE_RESPONSE message\n");
   env = GNUNET_MQ_msg (acr_msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE);
   acr_msg->id = htonl (as_handle->r_id);
   acr_msg->op_result = htonl (GNUNET_OK);
   GNUNET_MQ_send (as_handle->client->mq,
@@ -2009,10 +2009,10 @@ attr_store_task (void *cls)
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Storing attribute\n");
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (as_handle->claim);
   buf = GNUNET_malloc (buf_size);
 
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (as_handle->claim,
                                        buf);
 
   GNUNET_asprintf (&policy,
@@ -2111,7 +2111,7 @@ handle_attribute_store_message (void *cls,
   data_len = ntohs (sam->attr_len);
 
   as_handle = GNUNET_new (struct AttributeStoreHandle);
-  as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1],
+  as_handle->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&sam[1],
                                                             data_len);
 
   as_handle->r_id = ntohl (sam->id);
@@ -2158,7 +2158,7 @@ attr_iter_finished (void *cls)
   struct AttributeResultMessage *arm;
 
   env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (ai->request_id);
   arm->attr_len = htons (0);
   GNUNET_MQ_send (ai->client->mq, env);
@@ -2189,14 +2189,14 @@ attr_iter_cb (void *cls,
   if (rd_count != 1)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
 
   if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
   attr_ver = ntohl(*((uint32_t*)rd->data));
@@ -2213,7 +2213,7 @@ attr_iter_cb (void *cls,
   if (GNUNET_SYSERR == msg_extra_len)
   {
     GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
     return;
   }
 
@@ -2224,7 +2224,7 @@ attr_iter_cb (void *cls,
               "Found attribute: %s\n", label);
   env = GNUNET_MQ_msg_extra (arm,
                              msg_extra_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
   arm->id = htonl (ai->request_id);
   arm->attr_len = htons (msg_extra_len);
   GNUNET_CRYPTO_ecdsa_key_get_public (zone,
@@ -2264,7 +2264,7 @@ iterate_next_after_abe_bootstrap (void *cls,
   struct AttributeIterator *ai = cls;
   ai->abe_key = abe_key;
   GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                       1);
+                                       1);
 }
 
 
@@ -2406,8 +2406,8 @@ cleanup_ticket_iter_handle (struct TicketIteration *ti)
  */
 static void
 ticket_iterate_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct TicketIterationProcResult *proc = cls;
 
@@ -2467,7 +2467,7 @@ run_ticket_iteration_round (struct TicketIteration *ti)
   }
   /* send empty response to indicate end of list */
   env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
   trm->id = htonl (ti->r_id);
   GNUNET_MQ_send (ti->client->mq,
                   env);
@@ -2572,7 +2572,7 @@ run (void *cls,
   char *database;
   cfg = c;
 
-  stats = GNUNET_STATISTICS_create ("identity-provider", cfg);
+  stats = GNUNET_STATISTICS_create ("reclaim", cfg);
 
   //Connect to identity and namestore services
   ns_handle = GNUNET_NAMESTORE_connect (cfg);
@@ -2597,13 +2597,13 @@ run (void *cls,
   /* Loading DB plugin */
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
-                                             "identity-provider",
+                                             "reclaim",
                                              "database",
                                              &database))
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "No database backend configured\n");
   GNUNET_asprintf (&db_lib_name,
-                   "libgnunet_plugin_identity_provider_%s",
+                   "libgnunet_plugin_reclaim_%s",
                    database);
   TKT_database = GNUNET_PLUGIN_load (db_lib_name,
                                      (void *) cfg);
@@ -2619,7 +2619,7 @@ run (void *cls,
 
   if (GNUNET_OK ==
       GNUNET_CONFIGURATION_get_value_time (cfg,
-                                           "identity-provider",
+                                           "reclaim",
                                            "TOKEN_EXPIRATION_INTERVAL",
                                            &token_expiration_interval))
   {
@@ -2736,51 +2736,51 @@ client_connect_cb (void *cls,
  * Define "main" method using service macro.
  */
 GNUNET_SERVICE_MAIN
-("identity-provider",
+("reclaim",
  GNUNET_SERVICE_OPTION_NONE,
  &run,
  &client_connect_cb,
  &client_disconnect_cb,
  NULL,
  GNUNET_MQ_hd_var_size (attribute_store_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE,
                         struct AttributeStoreMessage,
                         NULL),
  GNUNET_MQ_hd_fixed_size (iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START,
                           struct AttributeIterationStartMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT,
                           struct AttributeIterationNextMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP,
                           struct AttributeIterationStopMessage,
                           NULL),
  GNUNET_MQ_hd_var_size (issue_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET,
                         struct IssueTicketMessage,
                         NULL),
  GNUNET_MQ_hd_var_size (consume_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET,
                         struct ConsumeTicketMessage,
                         NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START,
                           struct TicketIterationStartMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT,
                           struct TicketIterationNextMessage,
                           NULL),
  GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP,
                           struct TicketIterationStopMessage,
                           NULL),
  GNUNET_MQ_hd_var_size (revoke_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET,
                         struct RevokeTicketMessage,
                         NULL),
  GNUNET_MQ_handler_end());
-/* end of gnunet-service-identity-provider.c */
+/* end of gnunet-service-reclaim.c */
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/src/reclaim/jwt.c
@@ -0,0 +1 @@
+
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
new file mode 100644
index 000000000..1e9e64fec
--- /dev/null
+++ b/src/reclaim/oidc_helper.c
@@ -0,0 +1,440 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.c
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "oidc_helper.h"
+
+static char*
+create_jwt_header(void)
+{
+  json_t *root;
+  char *json_str;
+
+  root = json_object ();
+  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
+
+  json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root);
+  return json_str;
+}
+
+static void
+replace_char(char* str, char find, char replace){
+  char *current_pos = strchr(str,find);
+  while (current_pos){
+    *current_pos = replace;
+    current_pos = strchr(current_pos,find);
+  }
+}
+
+//RFC4648
+static void
+fix_base64(char* str) {
+  char *padding;
+  //First, remove trailing padding '='
+  padding = strtok(str, "=");
+  while (NULL != padding)
+    padding = strtok(NULL, "=");
+
+  //Replace + with -
+  replace_char (str, '+', '-');
+
+  //Replace / with _
+  replace_char (str, '/', '_');
+
+}
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key)
+{
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_HashCode signature;
+  struct GNUNET_TIME_Absolute exp_time;
+  struct GNUNET_TIME_Absolute time_now;
+  char* audience;
+  char* subject;
+  char* header;
+  char* body_str;
+  char* result;
+  char* header_base64;
+  char* body_base64;
+  char* signature_target;
+  char* signature_base64;
+  char* attr_val_str;
+  json_t* body;
+
+  //iat REQUIRED time now
+  time_now = GNUNET_TIME_absolute_get();
+  //exp REQUIRED time expired from config
+  exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
+  //auth_time only if max_age
+  //nonce only if nonce
+  // OPTIONAL acr,amr,azp
+  subject = GNUNET_STRINGS_data_to_string_alloc (sub_key,
+                                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  header = create_jwt_header ();
+  body = json_object ();
+
+  //iss REQUIRED case sensitive server uri with https
+  //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid)
+  json_object_set_new (body,
+                       "iss", json_string (SERVER_ADDRESS));
+  //sub REQUIRED public key identity, not exceed 255 ASCII  length
+  json_object_set_new (body,
+                       "sub", json_string (subject));
+  //aud REQUIRED public key client_id must be there
+  json_object_set_new (body,
+                       "aud", json_string (audience));
+  //iat
+  json_object_set_new (body,
+                       "iat", json_integer (time_now.abs_value_us / (1000*1000)));
+  //exp
+  json_object_set_new (body,
+                       "exp", json_integer (exp_time.abs_value_us / (1000*1000)));
+  //nbf
+  json_object_set_new (body,
+                       "nbf", json_integer (time_now.abs_value_us / (1000*1000)));
+  //nonce
+  if (NULL != nonce)
+    json_object_set_new (body,
+                         "nonce", json_string (nonce));
+
+  for (le = attrs->list_head; NULL != le; le = le->next)
+  {
+    attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
+                                                             le->claim->data,
+                                                             le->claim->data_size);
+    json_object_set_new (body,
+                         le->claim->name,
+                         json_string (attr_val_str));
+    GNUNET_free (attr_val_str);
+  }
+  body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (body);
+
+  GNUNET_STRINGS_base64_encode (header,
+                                strlen (header),
+                                &header_base64);
+  fix_base64(header_base64);
+
+  GNUNET_STRINGS_base64_encode (body_str,
+                                strlen (body_str),
+                                &body_base64);
+  fix_base64(body_base64);
+
+  GNUNET_free (subject);
+  GNUNET_free (audience);
+
+  /**
+   * Creating the JWT signature. This might not be
+   * standards compliant, check.
+   */
+  GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+  GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature);
+  GNUNET_STRINGS_base64_encode ((const char*)&signature,
+                                sizeof (struct GNUNET_HashCode),
+                                &signature_base64);
+  fix_base64(signature_base64);
+
+  GNUNET_asprintf (&result, "%s.%s.%s",
+                   header_base64, body_base64, signature_base64);
+
+  GNUNET_free (signature_target);
+  GNUNET_free (header);
+  GNUNET_free (body_str);
+  GNUNET_free (signature_base64);
+  GNUNET_free (body_base64);
+  GNUNET_free (header_base64);
+  return result;
+}
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce)
+{
+  char *ticket_str;
+  json_t *code_json;
+  char *signature_payload;
+  char *signature_str;
+  char *authz_code;
+  size_t signature_payload_len;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce)
+    signature_payload_len += strlen (nonce);
+
+  signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload;
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  memcpy (&purpose[1],
+          ticket,
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (NULL != nonce)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce,
+            strlen (nonce));
+  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer,
+                                                 purpose,
+                                                 &signature))
+  {
+    GNUNET_free (signature_payload);
+    return NULL;
+  }
+  signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature,
+                                                       sizeof (signature));
+  ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
+
+  code_json = json_object ();
+  json_object_set_new (code_json,
+                       "ticket",
+                       json_string (ticket_str));
+  if (NULL != nonce)
+    json_object_set_new (code_json,
+                         "nonce",
+                         json_string (nonce));
+  json_object_set_new (code_json,
+                       "signature",
+                       json_string (signature_str));
+  authz_code = json_dumps (code_json,
+                           JSON_INDENT(0) | JSON_COMPACT);
+  GNUNET_free (signature_payload);
+  GNUNET_free (signature_str);
+  GNUNET_free (ticket_str);
+  json_decref (code_json);
+  return authz_code;
+}
+
+
+
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce)
+{
+  json_error_t error;
+  json_t *code_json;
+  json_t *ticket_json;
+  json_t *nonce_json;
+  json_t *signature_json;
+  const char *ticket_str;
+  const char *signature_str;
+  const char *nonce_str;
+  char *code_output;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  size_t signature_payload_len;
+
+  code_output = NULL; 
+  GNUNET_STRINGS_base64_decode (code,
+                                strlen(code),
+                                (void**)&code_output);
+  code_json = json_loads (code_output, 0 , &error);
+  GNUNET_free (code_output);
+  ticket_json = json_object_get (code_json, "ticket");
+  nonce_json = json_object_get (code_json, "nonce");
+  signature_json = json_object_get (code_json, "signature");
+  *ticket = NULL;
+  *nonce = NULL;
+
+  if ((NULL == ticket_json || !json_is_string (ticket_json)) ||
+      (NULL == signature_json || !json_is_string (signature_json)))
+  {
+    json_decref (code_json);
+    return GNUNET_SYSERR;
+  }
+  ticket_str = json_string_value (ticket_json);
+  signature_str = json_string_value (signature_json);
+  nonce_str = NULL;
+  if (NULL != nonce_json)
+    nonce_str = json_string_value (nonce_json);
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce_str)
+    signature_payload_len += strlen (nonce_str);
+  purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                           signature_payload_len);
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str,
+                                                  strlen (ticket_str),
+                                                  &purpose[1],
+                                                  sizeof (struct GNUNET_RECLAIM_Ticket)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse ticket!\n");
+    return GNUNET_SYSERR;
+  }
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str,
+                                                  strlen (signature_str),
+                                                  &signature,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse signature!\n");
+    return GNUNET_SYSERR;
+  }
+  *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
+  memcpy (*ticket,
+          &purpose[1],
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (0 != memcmp (audience,
+                   &(*ticket)->audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Audience in ticket does not match client!\n");
+    return GNUNET_SYSERR;
+
+  }
+  if (NULL != nonce_str)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce_str,
+            strlen (nonce_str));
+  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+                                               purpose,
+                                               &signature,
+                                               &(*ticket)->identity))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Signature of authZ code invalid!\n");
+    return GNUNET_SYSERR;
+  }
+  *nonce = GNUNET_strdup (nonce_str);
+  return GNUNET_OK;
+}
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response)
+{
+  json_t *root_json;
+
+  root_json = json_object ();
+
+  GNUNET_assert (NULL != access_token);
+  GNUNET_assert (NULL != id_token);
+  GNUNET_assert (NULL != expiration_time);
+  json_object_set_new (root_json,
+                       "access_token",
+                       json_string (access_token));
+  json_object_set_new (root_json,
+                       "token_type",
+                       json_string ("Bearer"));
+  json_object_set_new (root_json,
+                       "expires_in",
+                       json_integer (expiration_time->rel_value_us / (1000 * 1000)));
+  json_object_set_new (root_json,
+                       "id_token",
+                       json_string (id_token));
+  *token_response = json_dumps (root_json,
+                                JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root_json);
+}
+
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ()
+{
+  char* access_token_number;
+  char* access_token;
+  uint64_t random_number;
+
+  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+  GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number);
+  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
+  return access_token;
+}
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
new file mode 100644
index 000000000..7a0f45bf9
--- /dev/null
+++ b/src/reclaim/oidc_helper.h
@@ -0,0 +1,109 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.h
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+
+#ifndef JWT_H
+#define JWT_H
+
+#define JWT_ALG "alg"
+
+/* Use 512bit HMAC */
+#define JWT_ALG_VALUE "HS512"
+
+#define JWT_TYP "typ"
+
+#define JWT_TYP_VALUE "jwt"
+
+#define SERVER_ADDRESS "https://reclaim.id"
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key);
+
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce);
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce);
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response);
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ();
+
+
+#endif
diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/reclaim/plugin_gnsrecord_reclaim.c
index f0dc563dc..781b88abc 100644
--- a/src/identity-provider/plugin_gnsrecord_identity_provider.c
+++ b/src/reclaim/plugin_gnsrecord_reclaim.c
@@ -17,7 +17,7 @@
 */
 
 /**
- * @file identity-provider/plugin_gnsrecord_identity_provider.c
+ * @file reclaim/plugin_gnsrecord_reclaim.c
  * @brief gnsrecord plugin to provide the API for identity records
  * @author Martin Schanzenbach
  */
@@ -54,6 +54,8 @@ value_to_string (void *cls,
     case GNUNET_GNSRECORD_TYPE_ID_ATTR:
       return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
     case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
       return GNUNET_strndup (data, data_size);
     case GNUNET_GNSRECORD_TYPE_ABE_KEY:
     case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
@@ -113,6 +115,8 @@ string_to_value (void *cls,
                                             *data,
                                             *data_size);
     case GNUNET_GNSRECORD_TYPE_ID_TOKEN:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
       *data = GNUNET_strdup (s);
       *data_size = strlen (s);
       return GNUNET_OK;
@@ -181,6 +185,8 @@ static struct {
   { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
   { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
   { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
+  { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT },
+  { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT },
   { NULL, UINT32_MAX }
 };
 
@@ -234,7 +240,7 @@ number_to_typename (void *cls,
  * @return the exported block API
  */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_init (void *cls)
 {
   struct GNUNET_GNSRECORD_PluginFunctions *api;
 
@@ -254,7 +260,7 @@ libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
  * @return NULL
  */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_done (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_done (void *cls)
 {
   struct GNUNET_GNSRECORD_PluginFunctions *api = cls;
 
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/reclaim/plugin_reclaim_sqlite.c
index f2a8b7b54..b545a94e8 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/reclaim/plugin_reclaim_sqlite.c
@@ -17,15 +17,15 @@
   */
 
 /**
- * @file identity-provider/plugin_identity_provider_sqlite.c
+ * @file reclaim/plugin_reclaim_sqlite.c
  * @brief sqlite-based idp backend
  * @author Martin Schanzenbach
  */
 
 #include "platform.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_sq_lib.h"
 #include <sqlite3.h>
 
@@ -47,9 +47,9 @@
  * a failure of the command 'cmd' on file 'filename'
  * with the message given by strerror(errno).
  */
-#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
+#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "reclaim", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
 
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-sqlite", __VA_ARGS__)
 
 
 /**
@@ -180,12 +180,12 @@ database_setup (struct Plugin *plugin)
 
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
-                                               "identity-provider-sqlite",
+                                               "reclaim-sqlite",
                                                "FILENAME",
                                                &afsdir))
   {
     GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-                               "identity-provider-sqlite",
+                               "reclaim-sqlite",
                                "FILENAME");
     return GNUNET_SYSERR;
   }
@@ -370,9 +370,9 @@ database_shutdown (struct Plugin *plugin)
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_store_ticket (void *cls,
-                                       const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+reclaim_sqlite_store_ticket (void *cls,
+                                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
   struct Plugin *plugin = cls;
   size_t attrs_len;
@@ -401,9 +401,9 @@ identity_provider_sqlite_store_ticket (void *cls,
     GNUNET_SQ_reset (plugin->dbh,
                      plugin->delete_ticket);
     
-    attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+    attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
     attrs_ser = GNUNET_malloc (attrs_len);
-    GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+    GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                               attrs_ser);
     struct GNUNET_SQ_QueryParam sparams[] = {
       GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
@@ -458,8 +458,8 @@ identity_provider_sqlite_store_ticket (void *cls,
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_delete_ticket (void *cls,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+reclaim_sqlite_delete_ticket (void *cls,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   struct Plugin *plugin = cls;
   int n;
@@ -521,11 +521,11 @@ identity_provider_sqlite_delete_ticket (void *cls,
 static int
 get_ticket_and_call_iterator (struct Plugin *plugin,
                               sqlite3_stmt *stmt,
-                              GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                              GNUNET_RECLAIM_TicketIterator iter,
                               void *iter_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_Ticket ticket;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
   int ret;
   int sret;
   size_t attrs_len;
@@ -552,13 +552,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
     }
     else
     {
-      attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser,
+      attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
                                           attrs_len);
       if (NULL != iter)
         iter (iter_cls,
               &ticket,
               attrs);
-      GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+      GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
       ret = GNUNET_YES;
     }
     GNUNET_SQ_cleanup_result (rs);
@@ -586,9 +586,9 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
  * @return #GNUNET_OK on success, else #GNUNET_SYSERR
  */
 static int
-identity_provider_sqlite_ticket_get_attrs (void *cls,
-                                           const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                           GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+reclaim_sqlite_ticket_get_attrs (void *cls,
+                                           const struct GNUNET_RECLAIM_Ticket *ticket,
+                                           GNUNET_RECLAIM_TicketIterator iter,
                                            void *iter_cls)
 {
   struct Plugin *plugin = cls;
@@ -628,11 +628,11 @@ identity_provider_sqlite_ticket_get_attrs (void *cls,
  * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
  */
 static int
-identity_provider_sqlite_iterate_tickets (void *cls,
+reclaim_sqlite_iterate_tickets (void *cls,
                                           const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                           int audience,
                                           uint64_t offset,
-                                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                          GNUNET_RECLAIM_TicketIterator iter,
                                           void *iter_cls)
 {
   struct Plugin *plugin = cls;
@@ -680,15 +680,15 @@ identity_provider_sqlite_iterate_tickets (void *cls,
 /**
  * Entry point for the plugin.
  *
- * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*"
+ * @param cls the "struct GNUNET_RECLAIM_PluginEnvironment*"
  * @return NULL on error, otherwise the plugin context
  */
 void *
-libgnunet_plugin_identity_provider_sqlite_init (void *cls)
+libgnunet_plugin_reclaim_sqlite_init (void *cls)
 {
   static struct Plugin plugin;
   const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api;
+  struct GNUNET_RECLAIM_PluginFunctions *api;
 
   if (NULL != plugin.cfg)
     return NULL;                /* can only initialize once! */
@@ -699,12 +699,12 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
     database_shutdown (&plugin);
     return NULL;
   }
-  api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_PluginFunctions);
   api->cls = &plugin;
-  api->store_ticket = &identity_provider_sqlite_store_ticket;
-  api->delete_ticket = &identity_provider_sqlite_delete_ticket;
-  api->iterate_tickets = &identity_provider_sqlite_iterate_tickets;
-  api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs;
+  api->store_ticket = &reclaim_sqlite_store_ticket;
+  api->delete_ticket = &reclaim_sqlite_delete_ticket;
+  api->iterate_tickets = &reclaim_sqlite_iterate_tickets;
+  api->get_ticket_attributes = &reclaim_sqlite_ticket_get_attrs;
   LOG (GNUNET_ERROR_TYPE_INFO,
        _("Sqlite database running\n"));
   return api;
@@ -718,9 +718,9 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
  * @return always NULL
  */
 void *
-libgnunet_plugin_identity_provider_sqlite_done (void *cls)
+libgnunet_plugin_reclaim_sqlite_done (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_PluginFunctions *api = cls;
   struct Plugin *plugin = api->cls;
 
   database_shutdown (plugin);
@@ -731,4 +731,4 @@ libgnunet_plugin_identity_provider_sqlite_done (void *cls)
   return NULL;
 }
 
-/* end of plugin_identity_provider_sqlite.c */
+/* end of plugin_reclaim_sqlite.c */
diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index d87a345cf..24673c692 100644
--- a/src/identity-provider/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -36,9 +36,9 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "jwt.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "oidc_helper.h"
 
 /**
  * REST root namespace
@@ -68,7 +68,7 @@
 /**
  * Attribute key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 
 /**
  * Ticket key
@@ -79,7 +79,7 @@
 /**
  * Value key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 
 /**
  * State while collecting all egos
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] =
 {
   "display",
   "prompt",
-  "max_age",
   "ui_locales", 
   "response_mode",
   "id_token_hint",
@@ -230,12 +229,6 @@ struct OIDC_Variables
   char *client_id;
 
   /**
-   * GNUNET_YES if there is a delegation to 
-   * this RP or if it is a local identity
-   */
-  int is_client_trusted;
-
-  /**
    * The OIDC redirect uri
    */
   char *redirect_uri;
@@ -347,6 +340,16 @@ struct RequestHandle
   struct GNUNET_REST_RequestHandle *rest_handle;
 
   /**
+   * GNS handle
+   */
+  struct GNUNET_GNS_Handle *gns_handle;
+
+  /**
+   * GNS lookup op
+   */
+  struct GNUNET_GNS_LookupRequest *gns_op;
+
+  /**
    * Handle to NAMESTORE
    */
   struct GNUNET_NAMESTORE_Handle *namestore_handle;
@@ -359,7 +362,7 @@ struct RequestHandle
   /**
    * Attribute claim list
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
   /**
    * IDENTITY Operation
@@ -369,27 +372,27 @@ struct RequestHandle
   /**
    * Identity Provider
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
 
   /**
    * Idp Operation
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
 
   /**
    * Attribute iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
 
   /**
    * Ticket iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
 
   /**
    * A ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * Desired timeout for the lookup (default is no timeout).
@@ -422,6 +425,16 @@ struct RequestHandle
   char *tld;
 
   /**
+   * The redirect prefix
+   */
+  char *redirect_prefix;
+
+  /**
+   * The redirect suffix
+   */
+  char *redirect_suffix;
+
+  /**
    * Error response message
    */
   char *emsg;
@@ -450,8 +463,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
   struct EgoEntry *ego_entry;
   struct EgoEntry *ego_tmp;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -463,19 +476,28 @@ cleanup_handle (struct RequestHandle *handle)
   if (NULL != handle->identity_handle)
     GNUNET_IDENTITY_disconnect (handle->identity_handle);
   if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
   if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
   if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
   if (NULL != handle->url)
     GNUNET_free (handle->url);
   if (NULL != handle->tld)
     GNUNET_free (handle->tld);
+  if (NULL != handle->redirect_prefix)
+    GNUNET_free (handle->redirect_prefix);
+  if (NULL != handle->redirect_suffix)
+    GNUNET_free (handle->redirect_suffix);
   if (NULL != handle->emsg)
     GNUNET_free (handle->emsg);
   if (NULL != handle->edesc)
     GNUNET_free (handle->edesc);
+  if (NULL != handle->gns_op)
+    GNUNET_GNS_lookup_cancel (handle->gns_op);
+  if (NULL != handle->gns_handle)
+    GNUNET_GNS_disconnect (handle->gns_handle);
+
   if (NULL != handle->namestore_handle)
     GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
   if (NULL != handle->oidc)
@@ -732,6 +754,8 @@ cookie_identity_interpretation (struct RequestHandle *handle)
       {
         handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY);
         handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity);
+      } else {
+        handle->oidc->login_identity = NULL;
       }
     }
     else
@@ -753,7 +777,7 @@ login_redirection(void *cls)
   struct RequestHandle *handle = cls;
 
   if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
                                                  "address", &login_base_url) )
   {
     GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
@@ -799,11 +823,12 @@ oidc_iteration_error (void *cls)
   GNUNET_SCHEDULER_add_now (&do_error, handle);
 }
 
-static void get_client_name_result (void *cls,
-                                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                                    const char *label,
-                                    unsigned int rd_count,
-                                    const struct GNUNET_GNSRECORD_Data *rd)
+static void
+get_client_name_result (void *cls,
+                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                        const char *label,
+                        unsigned int rd_count,
+                        const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RequestHandle *handle = cls;
   struct MHD_Response *resp;
@@ -811,46 +836,33 @@ static void get_client_name_result (void *cls,
   char *redirect_uri;
   char *code_json_string;
   char *code_base64_final_string;
-  char *redirect_path;
-  char *tmp;
-  char *tmp_prefix;
-  char *prefix;
+
   ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
-                                                    sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
   //TODO change if more attributes are needed (see max_age)
-  GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
-                   ticket_str,
-                   (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
-                   (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
-                   (NULL != handle->oidc->nonce) ? "\"" : "");
+  code_json_string = OIDC_build_authz_code (&handle->priv_key,
+                                            &handle->ticket,
+                                            handle->oidc->nonce);
   code_base64_final_string = base_64_encode(code_json_string);
-  tmp = GNUNET_strdup (handle->oidc->redirect_uri);
-  redirect_path = strtok (tmp, "/");
-  redirect_path = strtok (NULL, "/");
-  redirect_path = strtok (NULL, "/");
-  tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri);
-  prefix = strrchr (tmp_prefix,
-                    (unsigned char) '.');
-  *prefix = '\0';
   GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
-                   tmp_prefix,
+                   handle->redirect_prefix,
                    handle->tld,
-                   redirect_path,
+                   handle->redirect_suffix,
                    handle->oidc->response_type,
                    code_base64_final_string, handle->oidc->state);
   resp = GNUNET_REST_create_response ("");
   MHD_add_response_header (resp, "Location", redirect_uri);
   handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
   GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
-  GNUNET_free (tmp);
-  GNUNET_free (tmp_prefix);
   GNUNET_free (redirect_uri);
   GNUNET_free (ticket_str);
   GNUNET_free (code_json_string);
   GNUNET_free (code_base64_final_string);
   return;
+
 }
 
+
 static void
 get_client_name_error (void *cls)
 {
@@ -861,32 +873,93 @@ get_client_name_error (void *cls)
   GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
 
-/**
- * Issues ticket and redirects to relying party with the authorization code as
- * parameter. Otherwise redirects with error
- */
+
 static void
-oidc_ticket_issue_cb (void* cls,
-                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+lookup_redirect_uri_result (void *cls,
+                            uint32_t rd_count,
+                            const struct GNUNET_GNSRECORD_Data *rd)
 {
   struct RequestHandle *handle = cls;
-  handle->idp_op = NULL;
-  handle->ticket = *ticket;
-  if (NULL != ticket) {
+  char *tmp;
+  char *tmp_key_str;
+  char *pos;
+  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
+
+  handle->gns_op = NULL;
+  if (0 == rd_count)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  for (int i = 0; i < rd_count; i++)
+  {
+    if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+      continue;
+    if (0 != strcmp (rd[i].data,
+                     handle->oidc->redirect_uri))
+      continue;
+    tmp = GNUNET_strdup (rd[i].data);
+    pos = strrchr (tmp,
+                   (unsigned char) '.');
+    *pos = '\0';
+    handle->redirect_prefix = GNUNET_strdup (tmp);
+    tmp_key_str = pos + 1;
+    pos = strchr (tmp_key_str,
+                  (unsigned char) '/');
+    *pos = '\0';
+    handle->redirect_suffix = GNUNET_strdup (pos + 1);
+
+    GNUNET_STRINGS_string_to_data (tmp_key_str,
+                                   strlen (tmp_key_str),
+                                   &redirect_zone,
+                                   sizeof (redirect_zone));
+
     GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
                                    &handle->priv_key,
-                                   &handle->oidc->client_pkey,
+                                   &redirect_zone,
                                    &get_client_name_error,
                                    handle,
                                    &get_client_name_result,
                                    handle);
+    GNUNET_free (tmp);
     return;
   }
   handle->emsg = GNUNET_strdup("server_error");
-  handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+  handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
   GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
 
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
+static void
+oidc_ticket_issue_cb (void* cls,
+                      const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+  struct RequestHandle *handle = cls;
+
+  handle->idp_op = NULL;
+  handle->ticket = *ticket;
+  if (NULL == ticket)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle,
+                                      "+",
+                                      &handle->oidc->client_pkey,
+                                      GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
+                                      GNUNET_GNS_LO_DEFAULT,
+                                      &lookup_redirect_uri_result,
+                                      handle);
+
+}
+
 static void
 oidc_collect_finished_cb (void *cls)
 {
@@ -900,12 +973,12 @@ oidc_collect_finished_cb (void *cls)
     GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
     return;
   }
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp,
-                                                          &handle->priv_key,
-                                                          &handle->oidc->client_pkey,
-                                                          handle->attr_list,
-                                                          &oidc_ticket_issue_cb,
-                                                          handle);
+  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
+                                                &handle->priv_key,
+                                                &handle->oidc->client_pkey,
+                                                handle->attr_list,
+                                                &oidc_ticket_issue_cb,
+                                                handle);
 }
 
 
@@ -915,17 +988,17 @@ oidc_collect_finished_cb (void *cls)
 static void
 oidc_attr_collect (void *cls,
                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
   char* scope_variables;
   char* scope_variable;
   char delimiter[]=" ";
 
   if ( (NULL == attr->name) || (NULL == attr->data) )
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     return;
   }
 
@@ -941,18 +1014,18 @@ oidc_attr_collect (void *cls,
   }
   if ( NULL == scope_variable )
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     GNUNET_free(scope_variables);
     return;
   }
   GNUNET_free(scope_variables);
 
-  le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type,
-                                                   attr->data, attr->data_size);
+  le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type,
+                                                  attr->data, attr->data_size);
   GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
                               handle->attr_list->list_tail, le);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
 
 
@@ -1005,88 +1078,33 @@ login_check (void *cls)
           handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
                                                                    handle->ego_entry->ego);
           handle->resp_object = GNUNET_JSONAPI_document_new ();
-          handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+          handle->idp = GNUNET_RECLAIM_connect (cfg);
           handle->attr_list = GNUNET_new(
-                                         struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-          handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
-                                                                           handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
-                                                                           &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
+                                         struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+          handle->attr_it = GNUNET_RECLAIM_get_attributes_start (
+                                                                 handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
+                                                                 &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
           return;
         }
       }
-      handle->emsg = GNUNET_strdup("invalid_cookie");
-      handle->edesc = GNUNET_strdup(
-                                    "The cookie of the login identity is not valid");
-      GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      //handle->emsg = GNUNET_strdup("invalid_cookie");
+      //handle->edesc = GNUNET_strdup(
+      //                              "The cookie of the login identity is not valid");
+      //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      GNUNET_SCHEDULER_add_now (&login_redirection,handle);
       return;
     }
   }
 }
 
 /**
- * Searches for client_id in namestore. If found trust status stored in handle
- * Else continues to search
- *
- * @param handle the RequestHandle
- */
-static void
-namestore_iteration_callback (
-                              void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
-                              const char *rname, unsigned int rd_len,
-                              const struct GNUNET_GNSRECORD_Data *rd)
-{
-  struct RequestHandle *handle = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
-  int i;
-
-  for (i = 0; i < rd_len; i++)
-  {
-    if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
-      continue;
-
-    if ( NULL != handle->oidc->login_identity )
-    {
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (
-                                                  handle->oidc->login_identity,
-                                                  strlen (handle->oidc->login_identity),
-                                                  &login_identity_pkey);
-      GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
-                                          &current_zone_pkey);
-
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        if ( 0 == memcmp (&login_identity_pkey, &current_zone_pkey,
-                          sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-        {
-          handle->oidc->is_client_trusted = GNUNET_YES;
-        }
-      }
-    }
-    else
-    {
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        handle->oidc->is_client_trusted = GNUNET_YES;
-      }
-    }
-  }
-
-  GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it,
-                                       1);
-}
-
-
-/**
  * Iteration over all results finished, build final
  * response.
  *
  * @param cls the `struct RequestHandle`
  */
 static void
-namestore_iteration_finished (void *cls)
+build_authz_response (void *cls)
 {
   struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
@@ -1096,25 +1114,6 @@ namestore_iteration_finished (void *cls)
   int number_of_ignored_parameter, iterator;
 
 
-  handle->ego_entry = handle->ego_entry->next;
-
-  if(NULL != handle->ego_entry)
-  {
-    handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
-    handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key,
-                                                                         &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
-                                                                         &namestore_iteration_finished, handle);
-    return;
-  }
-  if (GNUNET_NO == handle->oidc->is_client_trusted)
-  {
-    handle->emsg = GNUNET_strdup("unauthorized_client");
-    handle->edesc = GNUNET_strdup("The client is not authorized to request an "
-                                  "authorization code using this method.");
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
-  }
-
   // REQUIRED value: redirect_uri
   GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                       &cache_key);
@@ -1244,8 +1243,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
   struct EgoEntry *tmp_ego;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
   const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
 
   cookie_identity_interpretation(handle);
 
@@ -1299,9 +1298,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 
   handle->ego_entry = handle->ego_head;
   handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
-  handle->oidc->is_client_trusted = GNUNET_NO;
-
-  //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config
+  //If we know this identity, translated the corresponding TLD
+  //TODO: We might want to have a reverse lookup functionality for TLDs?
   for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
   {
     priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
@@ -1311,17 +1309,10 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
                       sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
     {
       handle->tld = GNUNET_strdup (tmp_ego->identifier);
-      handle->oidc->is_client_trusted = GNUNET_YES;
       handle->ego_entry = handle->ego_tail;
     }
-  }
-
-
-  // Checks if client_id is valid:
-  handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
-                                                                       handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
-                                                                       handle, &namestore_iteration_callback, handle,
-                                                                       &namestore_iteration_finished, handle);
+  } 
+  GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
 }
 
 /**
@@ -1359,8 +1350,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
     current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
     *current_time = GNUNET_TIME_relative_to_absolute (
-                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
-                                                                                     30));
+                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+                                                                                     5));
     last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
     if (NULL != last_time)
     {
@@ -1382,37 +1373,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
   return;
 }
 
-/**
- * Responds to token url-encoded POST request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
-                const char* url,
-                void *cls)
+static int 
+check_authorization (struct RequestHandle *handle,
+                     struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
 {
-  //TODO static strings
-  struct RequestHandle *handle = cls;
   struct GNUNET_HashCode cache_key;
-  char *authorization, *credentials;
-  char delimiter[]=" ";
-  char delimiter_user_psw[]=":";
-  char *grant_type, *code;
-  char *user_psw = NULL, *client_id, *psw;
-  char *expected_psw;
+  char *authorization;
+  char *credentials;
+  char *basic_authorization;
+  char *client_id;
+  char *pass;
+  char *expected_pass;
   int client_exists = GNUNET_NO;
-  struct MHD_Response *resp;
-  char* code_output;
-  json_t *root, *ticket_string, *nonce, *max_age;
-  json_error_t error;
-  char *json_response;
 
-  /*
-   * Check Authorization
-   */
   GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
                       &cache_key);
@@ -1422,80 +1395,75 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->edesc=GNUNET_strdup("missing authorization");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
+  authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+                                                     &cache_key);
 
   //split header in "Basic" and [content]
-  credentials = strtok (authorization, delimiter);
-  if (0 != strcmp ("Basic",credentials))
+  credentials = strtok (authorization, " ");
+  if (0 != strcmp ("Basic", credentials))
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  credentials = strtok(NULL, delimiter);
+  credentials = strtok(NULL, " ");
   if (NULL == credentials)
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw);
+  GNUNET_STRINGS_base64_decode (credentials,
+                                strlen (credentials),
+                                (void**)&basic_authorization);
 
-  if ( NULL == user_psw )
+  if ( NULL == basic_authorization )
   {
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  client_id = strtok (user_psw, delimiter_user_psw);
+  client_id = strtok (basic_authorization, ":");
   if ( NULL == client_id )
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
-  psw = strtok (NULL, delimiter_user_psw);
-  if (NULL == psw)
+  pass = strtok (NULL, ":");
+  if (NULL == pass)
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
 
   //check client password
   if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
-                                                 "psw", &expected_psw) )
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+                                                 "psw", &expected_pass) )
   {
-    if (0 != strcmp (expected_psw, psw))
+    if (0 != strcmp (expected_pass, pass))
     {
-      GNUNET_free_non_null(user_psw);
-      GNUNET_free(expected_psw);
+      GNUNET_free_non_null(basic_authorization);
+      GNUNET_free(expected_pass);
       handle->emsg=GNUNET_strdup("invalid_client");
       handle->response_code = MHD_HTTP_UNAUTHORIZED;
-      GNUNET_SCHEDULER_add_now (&do_error, handle);
-      return;
+      return GNUNET_SYSERR;
     }
-    GNUNET_free(expected_psw);
+    GNUNET_free(expected_pass);
   }
   else
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg = GNUNET_strdup("server_error");
     handle->edesc = GNUNET_strdup ("gnunet configuration failed");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
+    return GNUNET_SYSERR;
   }
 
   //check client_id
@@ -1510,9 +1478,107 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   }
   if (GNUNET_NO == client_exists)
   {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
     handle->emsg=GNUNET_strdup("invalid_client");
     handle->response_code = MHD_HTTP_UNAUTHORIZED;
+    return GNUNET_SYSERR;
+  }
+  GNUNET_STRINGS_string_to_data (client_id,
+                                 strlen(client_id),
+                                 cid,
+                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+  GNUNET_free (basic_authorization);
+  return GNUNET_OK;
+}
+
+static int
+ego_exists (struct RequestHandle *handle,
+            struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+{
+  struct EgoEntry *ego_entry;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+
+  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  {
+    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+    if (0 == memcmp (&pub_key,
+                     test_key,
+                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+    {
+      break;
+    }
+  }
+  if (NULL == ego_entry)
+    return GNUNET_NO;
+  return GNUNET_YES;
+}
+
+static void
+store_ticket_reference (const struct RequestHandle *handle,
+                        const char* access_token,
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                        const struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+{
+  struct GNUNET_HashCode cache_key;
+  char *id_ticket_combination;
+  char *ticket_string;
+  char *client_id;
+
+  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
+  client_id = GNUNET_STRINGS_data_to_string_alloc (cid,
+                                                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                       sizeof (struct GNUNET_RECLAIM_Ticket));
+  GNUNET_asprintf(&id_ticket_combination,
+                  "%s;%s",
+                  client_id,
+                  ticket_string);
+  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
+                                    &cache_key,
+                                    id_ticket_combination,
+                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+
+  GNUNET_free (client_id);
+  GNUNET_free (ticket_string);
+}
+
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+                const char* url,
+                void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct GNUNET_TIME_Relative expiration_time;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; 
+  struct GNUNET_RECLAIM_Ticket *ticket;
+  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+  struct GNUNET_HashCode cache_key;
+  struct MHD_Response *resp;
+  char *grant_type;
+  char *code;
+  char *json_response;
+  char *id_token;
+  char *access_token;
+  char *jwt_secret;
+  char *nonce;
+  int i = 1;
+
+  /*
+   * Check Authorization
+   */
+  if (GNUNET_SYSERR == check_authorization (handle,
+                                            &cid))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "OIDC authorization for token endpoint failed\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
@@ -1524,27 +1590,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //TODO Do not allow multiple equal parameter names
   //REQUIRED grant_type
   GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter grant_type");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  grant_type = GNUNET_CONTAINER_multihashmap_get (
-                                                  handle->rest_handle->url_param_map, &cache_key);
+  grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+                                                  &cache_key);
 
   //REQUIRED code
   GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter code");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1557,11 +1621,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //REQUIRED redirect_uri
   GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                       &cache_key);
-  if ( GNUNET_NO
-       == GNUNET_CONTAINER_multihashmap_contains (
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+  if (GNUNET_NO ==
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+                                              &cache_key) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1572,21 +1635,18 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   //Check parameter grant_type == "authorization_code"
   if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg=GNUNET_strdup("unsupported_grant_type");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
   GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
-  int i = 1;
-  if ( GNUNET_SYSERR
-       == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
-                                             &cache_key,
-                                             &i,
-                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
+  if (GNUNET_SYSERR ==
+      GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+                                         &cache_key,
+                                         &i,
+                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1595,16 +1655,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   }
 
   //decode code
-  GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output);
-  root = json_loads (code_output, 0, &error);
-  GNUNET_free(code_output);
-  ticket_string = json_object_get (root, "ticket");
-  nonce = json_object_get (root, "nonce");
-  max_age = json_object_get (root, "max_age");
-
-  if(ticket_string == NULL && !json_is_string(ticket_string))
+  if(GNUNET_OK != OIDC_parse_authz_code (&cid,
+                                         code,
+                                         &ticket,
+                                         &nonce))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
     handle->edesc = GNUNET_strdup("invalid code");
     handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1612,42 +1667,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
-  if ( GNUNET_OK
-       != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
-                                         strlen (json_string_value(ticket_string)),
-                                         ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
-  // this is the current client (relying party)
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
-  GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
-  if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
-
   //create jwt
-  unsigned long long int expiration_time;
-  if ( GNUNET_OK
-       != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
-                                                "expiration_time", &expiration_time) )
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_time(cfg,
+                                          "reclaim-rest-plugin",
+                                          "expiration_time",
+                                          &expiration_time))
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("server_error");
     handle->edesc = GNUNET_strdup ("gnunet configuration failed");
     handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1656,118 +1682,56 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-  //aud REQUIRED public key client_id must be there
-  GNUNET_IDENTITY_ATTRIBUTE_list_add(cl,
-                                     "aud",
-                                     GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                     client_id,
-                                     strlen(client_id));
-  //exp REQUIRED time expired from config
-  struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
-                                                                           GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                                          expiration_time));
-  const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "exp",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      exp_time_string,
-                                      strlen(exp_time_string));
-  //iat REQUIRED time now
-  struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
-  const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "iat",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      time_now_string,
-                                      strlen(time_now_string));
-  //nonce only if nonce is provided
-  if ( NULL != nonce && json_is_string(nonce) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "nonce",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(nonce),
-                                        strlen(json_string_value(nonce)));
-  }
-  //auth_time only if max_age is provided
-  if ( NULL != max_age && json_is_string(max_age) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "auth_time",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(max_age),
-                                        strlen(json_string_value(max_age)));
-  }
-  //TODO OPTIONAL acr,amr,azp
 
-  struct EgoEntry *ego_entry;
-  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  //TODO OPTIONAL acr,amr,azp
+  if (GNUNET_NO == ego_exists (handle,
+                               &ticket->audience))
   {
-    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
-    if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
-    {
-      break;
-    }
+    handle->emsg = GNUNET_strdup("invalid_request");
+    handle->edesc = GNUNET_strdup("invalid code...");
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    GNUNET_free(ticket);
   }
-  if ( NULL == ego_entry )
+  if ( GNUNET_OK
+       != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+                                                 "jwt_secret", &jwt_secret) )
   {
-    GNUNET_free_non_null(user_psw);
     handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code....");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    handle->edesc = GNUNET_strdup("No signing secret configured!");
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     GNUNET_free(ticket);
     return;
   }
-  char *id_token = jwt_create_from_list(&ticket->audience,
-                                        cl,
-                                        GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
-
-  //Create random access_token
-  char* access_token_number;
-  char* access_token;
-  uint64_t random_number;
-  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
-  GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number);
-  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
-
-
-
-  //TODO OPTIONAL add refresh_token and scope
-  GNUNET_asprintf (&json_response,
-                   "{ \"access_token\" : \"%s\", "
-                   "\"token_type\" : \"Bearer\", "
-                   "\"expires_in\" : %d, "
-                   "\"id_token\" : \"%s\"}",
-                   access_token,
-                   expiration_time,
-                   id_token);
-  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
-  char *id_ticket_combination;
-  GNUNET_asprintf(&id_ticket_combination,
-                  "%s;%s",
-                  client_id,
-                  json_string_value(ticket_string));
-  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
-                                    &cache_key,
-                                    id_ticket_combination,
-                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
-
+  //TODO We should collect the attributes here. cl always empty
+  cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+  id_token = OIDC_id_token_new (&ticket->audience,
+                                &ticket->identity,
+                                cl,
+                                &expiration_time,
+                                (NULL != nonce) ? nonce : NULL,
+                                jwt_secret);
+  access_token = OIDC_access_token_new (); 
+  OIDC_build_token_response (access_token,
+                             id_token,
+                             &expiration_time,
+                             &json_response);
+
+  store_ticket_reference (handle,
+                          access_token,
+                          ticket,
+                          &cid);
   resp = GNUNET_REST_create_response (json_response);
   MHD_add_response_header (resp, "Cache-Control", "no-store");
   MHD_add_response_header (resp, "Pragma", "no-cache");
   MHD_add_response_header (resp, "Content-Type", "application/json");
   handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
-
-  GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
-  GNUNET_free(access_token_number);
+  GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl);
   GNUNET_free(access_token);
-  GNUNET_free(user_psw);
   GNUNET_free(json_response);
   GNUNET_free(ticket);
   GNUNET_free(id_token);
-  json_decref (root);
   GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
 }
 
@@ -1777,7 +1741,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_ticket (void *cls,
                 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
   char *tmp_value;
@@ -1789,9 +1753,9 @@ consume_ticket (void *cls,
     return;
   }
 
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
-                                                         attr->data,
-                                                         attr->data_size);
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+                                                        attr->data,
+                                                        attr->data_size);
 
   value = json_string (tmp_value);
 
@@ -1820,7 +1784,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
   struct GNUNET_HashCode cache_key;
   char *authorization, *authorization_type, *authorization_access_token;
   char *client_ticket, *client, *ticket_str;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
 
   GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                       strlen (OIDC_AUTHORIZATION_HEADER_KEY),
@@ -1918,12 +1882,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     GNUNET_free(client_ticket);
     return;
   }
-  ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
+  ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket);
   if ( GNUNET_OK
        != GNUNET_STRINGS_string_to_data (ticket_str,
                                          strlen (ticket_str),
                                          ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
+                                         sizeof(struct GNUNET_RECLAIM_Ticket)))
   {
     handle->emsg = GNUNET_strdup("invalid_token");
     handle->edesc = GNUNET_strdup("The Access Token expired");
@@ -1935,15 +1899,15 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
 
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
   handle->oidc->response = json_object();
   json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (
-                                                            handle->idp,
-                                                            GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
-                                                            ticket,
-                                                            consume_ticket,
-                                                            handle);
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (
+                                                  handle->idp,
+                                                  GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
+                                                  ticket,
+                                                  consume_ticket,
+                                                  handle);
   GNUNET_free(ticket);
   GNUNET_free(authorization);
   GNUNET_free(client_ticket);
@@ -2103,6 +2067,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
   handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
                                                      &list_ego,
                                                      handle);
+  handle->gns_handle = GNUNET_GNS_connect (cfg);
   handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
   handle->timeout_task =
     GNUNET_SCHEDULER_add_delayed (handle->timeout,
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/reclaim/plugin_rest_reclaim.c
index a83163db2..38ffc4ddb 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -18,8 +18,8 @@
 /**
  * @author Martin Schanzenbach
  * @author Philippe Buschmann
- * @file identity/plugin_rest_identity.c
- * @brief GNUnet Namestore REST plugin
+ * @file reclaim/plugin_rest_reclaim.c
+ * @brief GNUnet reclaim REST plugin
  *
  */
 
@@ -36,38 +36,38 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
 
 /**
  * REST root namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
+#define GNUNET_REST_API_NS_RECLAIM "/reclaim"
 
 /**
  * Attribute namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes"
+#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes"
 
 /**
  * Ticket namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets"
+#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets"
 
 /**
  * Revoke namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke"
+#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke"
 
 /**
  * Revoke namespace
  */
-#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume"
+#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume"
 
 /**
  * Attribute key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 
 /**
  * Ticket key
@@ -78,7 +78,7 @@
 /**
  * Value key
  */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 
 /**
  * State while collecting all egos
@@ -190,7 +190,7 @@ struct RequestHandle
   /**
    * Attribute claim list
    */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 
   /**
    * IDENTITY Operation
@@ -200,27 +200,27 @@ struct RequestHandle
   /**
    * Identity Provider
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
 
   /**
    * Idp Operation
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
 
   /**
    * Attribute iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
 
   /**
    * Ticket iterator
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
 
   /**
    * A ticket
    */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
 
   /**
    * Desired timeout for the lookup (default is no timeout).
@@ -271,8 +271,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
   struct EgoEntry *ego_entry;
   struct EgoEntry *ego_tmp;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -284,11 +284,11 @@ cleanup_handle (struct RequestHandle *handle)
   if (NULL != handle->identity_handle)
     GNUNET_IDENTITY_disconnect (handle->identity_handle);
   if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
   if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
   if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
   if (NULL != handle->url)
     GNUNET_free (handle->url);
   if (NULL != handle->emsg)
@@ -435,7 +435,7 @@ collect_finished_cb (void *cls)
  */
 static void
 ticket_collect (void *cls,
-                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                const struct GNUNET_RECLAIM_Ticket *ticket)
 {
   struct GNUNET_JSONAPI_Resource *json_resource;
   struct RequestHandle *handle = cls;
@@ -474,7 +474,7 @@ ticket_collect (void *cls,
                                     value);
   GNUNET_free (tmp);
   json_decref (value);
-  GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it);
+  GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it);
 }
 
 
@@ -523,8 +523,8 @@ list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
   priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->ticket_it = GNUNET_RECLAIM_ticket_iteration_start (handle->idp,
                                                                        priv_key,
                                                                        &collect_error_cb,
                                                                        handle,
@@ -549,7 +549,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attribute;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_TIME_Relative exp;
@@ -565,14 +565,14 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n",
               handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
        strlen (handle->url))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
 
   for (ego_entry = handle->ego_head;
        NULL != ego_entry;
@@ -625,7 +625,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
   if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
-                                                       GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE))
+                                                       GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Unsupported JSON data type\n");
@@ -651,12 +651,12 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
   value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                   "value");
   value_str = json_string_value (value_json);
-  attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str,
-                                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+  attribute = GNUNET_RECLAIM_ATTRIBUTE_claim_new (name_str,
+                                                      GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
                                                       value_str,
                                                       strlen (value_str) + 1);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_attribute_store (handle->idp,
                                                              identity_priv,
                                                              attribute,
                                                              &exp,
@@ -675,7 +675,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 attr_collect (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct GNUNET_JSONAPI_Resource *json_resource;
   struct RequestHandle *handle = cls;
@@ -684,17 +684,17 @@ attr_collect (void *cls,
   
   if ((NULL == attr->name) || (NULL == attr->data))
   {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
     return;
   }
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
               attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                                attr->name);
   GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
 
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
                                            attr->data,
                                            attr->data_size);
 
@@ -705,7 +705,7 @@ attr_collect (void *cls,
                                     value);
   json_decref (value);
   GNUNET_free(tmp_value);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
 
 
@@ -729,14 +729,14 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n",
               handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
        strlen (handle->url))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
     GNUNET_SCHEDULER_add_now (&do_error, handle);
     return;
   }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
 
   for (ego_entry = handle->ego_head;
        NULL != ego_entry;
@@ -755,8 +755,8 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
     return;
   }
   priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp,
                                                                    priv_key,
                                                                    &collect_error_cb,
                                                                    handle,
@@ -780,7 +780,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -844,7 +844,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                 "rnd");
   identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
-                                                     "identity");
+                                                     "issuer");
   audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                      "audience");
   rnd_str = json_string_value (rnd_json);
@@ -884,8 +884,8 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
 
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_ticket_revoke (handle->idp,
                                                            identity_priv,
                                                            &ticket,
                                                            &finished_cont,
@@ -896,7 +896,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_cont (void *cls,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
   struct RequestHandle *handle = cls;
   struct GNUNET_JSONAPI_Resource *json_resource;
@@ -910,7 +910,7 @@ consume_cont (void *cls,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
               attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                                attr->name);
   GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
 
@@ -934,7 +934,7 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   struct RequestHandle *handle = cls;
   struct EgoEntry *ego_entry;
   struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
   struct GNUNET_JSONAPI_Document *json_obj;
   struct GNUNET_JSONAPI_Resource *json_res;
   struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -1038,8 +1038,8 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
   }
   identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
   handle->resp_object = GNUNET_JSONAPI_document_new ();
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp,
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
                                                             identity_priv,
                                                             &ticket,
                                                             &consume_cont,
@@ -1084,12 +1084,12 @@ init_cont (struct RequestHandle *handle)
 {
   struct GNUNET_REST_RequestHandlerError err;
   static const struct GNUNET_REST_RequestHandler handlers[] = {
-    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont},
+    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont},
     {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
     {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
-    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM,
       &options_cont},
     GNUNET_REST_HANDLER_END
   };
@@ -1202,7 +1202,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
  * @return NULL on error, otherwise the plugin context
  */
 void *
-libgnunet_plugin_rest_identity_provider_init (void *cls)
+libgnunet_plugin_rest_reclaim_init (void *cls)
 {
   static struct Plugin plugin;
   struct GNUNET_REST_Plugin *api;
@@ -1214,7 +1214,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
   plugin.cfg = cfg;
   api = GNUNET_new (struct GNUNET_REST_Plugin);
   api->cls = &plugin;
-  api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
+  api->name = GNUNET_REST_API_NS_RECLAIM;
   api->process_request = &rest_identity_process_request;
   GNUNET_asprintf (&allow_methods,
                    "%s, %s, %s, %s, %s",
@@ -1237,7 +1237,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
  * @return always NULL
  */
 void *
-libgnunet_plugin_rest_identity_provider_done (void *cls)
+libgnunet_plugin_rest_reclaim_done (void *cls)
 {
   struct GNUNET_REST_Plugin *api = cls;
   struct Plugin *plugin = api->cls;
@@ -1250,4 +1250,4 @@ libgnunet_plugin_rest_identity_provider_done (void *cls)
   return NULL;
 }
 
-/* end of plugin_rest_identity_provider.c */
+/* end of plugin_rest_reclaim.c */
diff --git a/src/identity-provider/identity-provider.conf b/src/reclaim/reclaim.conf
index cc50152a1..cf0a0dc5e 100644
--- a/src/identity-provider/identity-provider.conf
+++ b/src/reclaim/reclaim.conf
@@ -1,22 +1,23 @@
-[identity-provider]
+[reclaim]
 START_ON_DEMAND = NO
 RUN_PER_USER = YES
 #PORT = 2108
 HOSTNAME = localhost
-BINARY = gnunet-service-identity-provider
+BINARY = gnunet-service-reclaim
 ACCEPT_FROM = 127.0.0.1;
 ACCEPT_FROM6 = ::1;
-UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock
 UNIX_MATCH_UID = NO
 UNIX_MATCH_GID = YES
 TOKEN_EXPIRATION_INTERVAL = 30 m
 DATABASE = sqlite
 
-[identity-rest-plugin]
+[reclaim-rest-plugin]
 #ADDRESS = https://identity.gnu:8000#/login
 ADDRESS = https://reclaim.ui/#/login
 PSW = secret
-EXPIRATION_TIME = 3600
+JWT_SECRET = secret
+EXPIRATION_TIME = 1d
 
-[identity-provider-sqlite]
-FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db
+[reclaim-sqlite]
+FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db
diff --git a/src/identity-provider/identity_provider.h b/src/reclaim/reclaim.h
index 6a4b7769f..d2c84686d 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/reclaim/reclaim.h
@@ -18,13 +18,13 @@
 
 /**
  * @author Martin Schanzenbach
- * @file identity-provider/identity_provider.h
+ * @file reclaim/reclaim.h
  *
  * @brief Common type definitions for the identity provider
  *        service and API.
  */
-#ifndef IDENTITY_PROVIDER_H
-#define IDENTITY_PROVIDER_H
+#ifndef RECLAIM_H
+#define RECLAIM_H
 
 #include "gnunet_common.h"
 
@@ -152,7 +152,7 @@ struct AttributeIterationStartMessage
 struct AttributeIterationNextMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT
    */
   struct GNUNET_MessageHeader header;
 
@@ -170,7 +170,7 @@ struct AttributeIterationNextMessage
 struct AttributeIterationStopMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP
    */
   struct GNUNET_MessageHeader header;
 
@@ -214,7 +214,7 @@ struct TicketIterationStartMessage
 struct TicketIterationNextMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT
    */
   struct GNUNET_MessageHeader header;
 
@@ -232,7 +232,7 @@ struct TicketIterationNextMessage
 struct TicketIterationStopMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP
    */
   struct GNUNET_MessageHeader header;
 
@@ -251,7 +251,7 @@ struct TicketIterationStopMessage
 struct IssueTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET
    */
   struct GNUNET_MessageHeader header;
 
@@ -284,7 +284,7 @@ struct IssueTicketMessage
 struct RevokeTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET
    */
   struct GNUNET_MessageHeader header;
 
@@ -312,7 +312,7 @@ struct RevokeTicketMessage
 struct RevokeTicketResultMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
    */
   struct GNUNET_MessageHeader header;
 
@@ -334,7 +334,7 @@ struct RevokeTicketResultMessage
 struct TicketResultMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
    */
   struct GNUNET_MessageHeader header;
 
@@ -351,7 +351,7 @@ struct TicketResultMessage
 struct ConsumeTicketMessage
 {
   /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET
    */
   struct GNUNET_MessageHeader header;
 
diff --git a/src/identity-provider/identity_provider_api.c b/src/reclaim/reclaim_api.c
index 772b4a244..3f1584ccd 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/reclaim/reclaim_api.c
@@ -17,8 +17,8 @@
 */
 
 /**
- * @file identity-provider/identity_provider_api.c
- * @brief api to interact with the identity provider service
+ * @file reclaim/reclaim_api.c
+ * @brief api to interact with the reclaim service
  * @author Martin Schanzenbach
  */
 #include "platform.h"
@@ -26,33 +26,33 @@
 #include "gnunet_constants.h"
 #include "gnunet_protocols.h"
 #include "gnunet_mq_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "identity_provider.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "reclaim.h"
 
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-api",__VA_ARGS__)
 
 
 /**
  * Handle for an operation with the service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation
+struct GNUNET_RECLAIM_Operation
 {
 
   /**
    * Main handle.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * We keep operations in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *next;
+  struct GNUNET_RECLAIM_Operation *next;
 
   /**
    * We keep operations in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *prev;
+  struct GNUNET_RECLAIM_Operation *prev;
 
   /**
    * Message to send to the service.
@@ -63,22 +63,22 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
   /**
    * Continuation to invoke after attribute store call
    */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus as_cb;
 
   /**
    * Attribute result callback
    */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb;
+  GNUNET_RECLAIM_AttributeResult ar_cb;
 
   /**
    * Revocation result callback
    */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus rvk_cb;
 
   /**
    * Ticket result callback
    */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
 
   /**
    * Envelope with the message for this queue entry.
@@ -100,23 +100,23 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
 /**
  * Handle for a ticket iterator operation
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator
+struct GNUNET_RECLAIM_TicketIterator
 {
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next;
+  struct GNUNET_RECLAIM_TicketIterator *next;
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev;
+  struct GNUNET_RECLAIM_TicketIterator *prev;
 
   /**
    * Main handle to access the idp.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * Function to call on completion.
@@ -131,7 +131,7 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
   /**
    * The continuation to call with the results
    */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
 
   /**
    * Closure for @e tr_cb.
@@ -165,23 +165,23 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
 /**
  * Handle for a attribute iterator operation
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
+struct GNUNET_RECLAIM_AttributeIterator
 {
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next;
+  struct GNUNET_RECLAIM_AttributeIterator *next;
 
   /**
    * Kept in a DLL.
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev;
+  struct GNUNET_RECLAIM_AttributeIterator *prev;
 
   /**
    * Main handle to access the idp.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
   /**
    * Function to call on completion.
@@ -196,7 +196,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
   /**
    * The continuation to call with the results
    */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult proc;
+  GNUNET_RECLAIM_AttributeResult proc;
 
   /**
    * Closure for @e proc.
@@ -235,7 +235,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
 /**
  * Handle for the service.
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle
+struct GNUNET_RECLAIM_Handle
 {
   /**
    * Configuration to use.
@@ -255,32 +255,32 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
   /**
    * Head of active operations.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_head;
+  struct GNUNET_RECLAIM_Operation *op_head;
 
   /**
    * Tail of active operations.
    */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail;
+  struct GNUNET_RECLAIM_Operation *op_tail;
 
   /**
    * Head of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head;
+  struct GNUNET_RECLAIM_AttributeIterator *it_head;
 
   /**
    * Tail of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail;
+  struct GNUNET_RECLAIM_AttributeIterator *it_tail;
 
   /**
    * Head of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_head;
 
   /**
    * Tail of active iterations
    */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail;
 
 
   /**
@@ -318,10 +318,10 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
 /**
  * Try again to connect to the service.
  *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
  */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+reconnect (struct GNUNET_RECLAIM_Handle *h);
 
 /**
  * Reconnect
@@ -331,7 +331,7 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
 static void
 reconnect_task (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
 
   handle->reconnect_task = NULL;
   reconnect (handle);
@@ -344,7 +344,7 @@ reconnect_task (void *cls)
  * @param handle our service
  */
 static void
-force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
+force_reconnect (struct GNUNET_RECLAIM_Handle *handle)
 {
   GNUNET_MQ_destroy (handle->mq);
   handle->mq = NULL;
@@ -362,9 +362,9 @@ force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
  * @param it entry to free
  */
 static void
-free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+free_it (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
 
   GNUNET_CONTAINER_DLL_remove (h->it_head,
                                h->it_tail,
@@ -375,7 +375,7 @@ free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
 }
 
 static void
-free_op (struct GNUNET_IDENTITY_PROVIDER_Operation* op)
+free_op (struct GNUNET_RECLAIM_Operation* op)
 {
   if (NULL == op)
     return;
@@ -397,7 +397,7 @@ static void
 mq_error_handler (void *cls,
                   enum GNUNET_MQ_Error error)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
   force_reconnect (handle);
 }
 
@@ -412,8 +412,8 @@ static void
 handle_attribute_store_response (void *cls,
                               const struct AttributeStoreResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   uint32_t r_id = ntohl (msg->id);
   int res;
   const char *emsg;
@@ -448,7 +448,7 @@ handle_attribute_store_response (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -474,7 +474,7 @@ check_consume_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -483,8 +483,8 @@ static void
 handle_consume_ticket_result (void *cls,
                               const struct ConsumeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   size_t attrs_len;
   uint32_t r_id = ntohl (msg->id);
 
@@ -500,9 +500,9 @@ handle_consume_ticket_result (void *cls,
     return;
 
   {
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-    attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1],
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+    attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&msg[1],
                                         attrs_len);
     if (NULL != op->ar_cb)
     {
@@ -518,7 +518,7 @@ handle_consume_ticket_result (void *cls,
           op->ar_cb (op->cls,
                      &msg->identity,
                      le->claim);
-        GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+        GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
       }
     }
     if (NULL != op)
@@ -539,7 +539,7 @@ handle_consume_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -565,7 +565,7 @@ check_attribute_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -575,9 +575,9 @@ handle_attribute_result (void *cls,
                          const struct AttributeResultMessage *msg)
 {
   static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
+  struct GNUNET_RECLAIM_Operation *op;
   size_t attr_len;
   uint32_t r_id = ntohl (msg->id);
 
@@ -627,8 +627,8 @@ handle_attribute_result (void *cls,
   }
 
   {
-    struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
-    attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1],
+    struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
+    attr = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&msg[1],
                                                   attr_len);
     if (NULL != it)
     {
@@ -652,7 +652,7 @@ handle_attribute_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -677,7 +677,7 @@ check_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -686,10 +686,10 @@ static void
 handle_ticket_result (void *cls,
                       const struct TicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
-  const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Operation *op;
+  struct GNUNET_RECLAIM_TicketIterator *it;
+  const struct GNUNET_RECLAIM_Ticket *ticket;
   uint32_t r_id = ntohl (msg->id);
   size_t msg_len;
 
@@ -712,7 +712,7 @@ handle_ticket_result (void *cls,
       if (NULL != op->tr_cb)
         op->tr_cb (op->cls, NULL);
     } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
       if (NULL != op->tr_cb)
         op->tr_cb (op->cls, ticket);
     }
@@ -728,7 +728,7 @@ handle_ticket_result (void *cls,
       it->finish_cb (it->finish_cb_cls);
       GNUNET_free (it);
     } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
       if (NULL != it->tr_cb)
         it->tr_cb (it->cls, ticket);
     }
@@ -740,7 +740,7 @@ handle_ticket_result (void *cls,
 
 /**
  * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
  *
  * @param cls
  * @param msg the message we received
@@ -749,8 +749,8 @@ static void
 handle_revoke_ticket_result (void *cls,
                              const struct RevokeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Handle *h = cls;
+  struct GNUNET_RECLAIM_Operation *op;
   uint32_t r_id = ntohl (msg->id);
   int32_t success;
 
@@ -785,42 +785,42 @@ handle_revoke_ticket_result (void *cls,
 /**
  * Try again to connect to the service.
  *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
  */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+reconnect (struct GNUNET_RECLAIM_Handle *h)
 {
   struct GNUNET_MQ_MessageHandler handlers[] = {
     GNUNET_MQ_hd_fixed_size (attribute_store_response,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE,
                              struct AttributeStoreResultMessage,
                              h),
     GNUNET_MQ_hd_var_size (attribute_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT,
                            struct AttributeResultMessage,
                            h),
     GNUNET_MQ_hd_var_size (ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT,
                            struct TicketResultMessage,
                            h),
     GNUNET_MQ_hd_var_size (consume_ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT,
                            struct ConsumeTicketResultMessage,
                            h),
     GNUNET_MQ_hd_fixed_size (revoke_ticket_result,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT,
                              struct RevokeTicketResultMessage,
                              h),
     GNUNET_MQ_handler_end ()
   };
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
 
   GNUNET_assert (NULL == h->mq);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Connecting to identity provider service.\n");
+       "Connecting to reclaim service.\n");
 
   h->mq = GNUNET_CLIENT_connect (h->cfg,
-                                 "identity-provider",
+                                 "reclaim",
                                  handlers,
                                  &mq_error_handler,
                                  h);
@@ -833,17 +833,17 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 
 
 /**
- * Connect to the identity provider service.
+ * Connect to the reclaim service.
  *
  * @param cfg the configuration to use
  * @return handle to use
  */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
 
-  h = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Handle);
+  h = GNUNET_new (struct GNUNET_RECLAIM_Handle);
   h->cfg = cfg;
   reconnect (h);
   if (NULL == h->mq)
@@ -864,9 +864,9 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
  * @param op operation to cancel
  */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = op->h;
+  struct GNUNET_RECLAIM_Handle *h = op->h;
 
   GNUNET_CONTAINER_DLL_remove (h->op_head,
                                h->op_tail,
@@ -881,7 +881,7 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
  * @param h handle to destroy
  */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h)
 {
   GNUNET_assert (NULL != h);
   if (NULL != h->mq)
@@ -902,7 +902,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
  * Store an attribute.  If the attribute is already present,
  * it is replaced with the new attribute.
  *
- * @param h handle to the identity provider
+ * @param h handle to the reclaim
  * @param pkey private key of the identity
  * @param attr the attribute value
  * @param exp_interval the relative expiration interval for the attribute
@@ -910,19 +910,19 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
  * @param cont_cls closure for @a cont
  * @return handle to abort the request
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                           const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                           void *cont_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct AttributeStoreMessage *sam;
   size_t attr_len;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->as_cb = cont;
   op->cls = cont_cls;
@@ -930,15 +930,15 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (attr);
   op->env = GNUNET_MQ_msg_extra (sam,
                                  attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE);
   sam->identity = *pkey;
   sam->id = htonl (op->r_id);
   sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
 
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (attr,
                                        (char*)&sam[1]);
 
   sam->attr_len = htons (attr_len);
@@ -952,11 +952,11 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 
 /**
  * List all attributes for a local identity.
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
  * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
  *
  * On error (disconnect), @a error_cb will be invoked.
  * On normal completion, @a finish_cb proc will be
@@ -975,23 +975,23 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                GNUNET_SCHEDULER_TaskCallback error_cb,
                                                void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                                void *proc_cls,
                                                GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeIterationStartMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1005,7 +1005,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
                                     h->it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = *identity;
   if (NULL == h->mq)
@@ -1018,20 +1018,20 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
 
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct AttributeIterationNextMessage *msg;
   struct GNUNET_MQ_Envelope *env;
 
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT);
   msg->id = htonl (it->r_id);
   GNUNET_MQ_send (h->mq,
                   env);
@@ -1041,21 +1041,21 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_At
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct GNUNET_MQ_Envelope *env;
   struct AttributeIterationStopMessage *msg;
 
   if (NULL != h->mq)
   {
     env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP);
     msg->id = htonl (it->r_id);
     GNUNET_MQ_send (h->mq,
                     env);
@@ -1066,10 +1066,10 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
 
 /** TODO
  * Issues a ticket to another identity. The identity may use
- * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
+ * @GNUNET_RECLAIM_authorization_ticket_consume to consume the ticket
  * and retrieve the attributes specified in the AttributeList.
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param iss the issuing identity
  * @param rp the subject of the ticket (the relying party)
  * @param attrs the attributes that the relying party is given access to
@@ -1077,19 +1077,19 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                        const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                        void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct IssueTicketMessage *tim;
   size_t attr_len;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->tr_cb = cb;
   op->cls = cb_cls;
@@ -1097,15 +1097,15 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
   op->env = GNUNET_MQ_msg_extra (tim,
                                  attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET);
   tim->identity = *iss;
   tim->rp = *rp;
   tim->id = htonl (op->r_id);
 
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                                             (char*)&tim[1]);
 
   tim->attr_len = htons (attr_len);
@@ -1119,24 +1119,24 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
  * Consumes an issued ticket. The ticket is persisted
  * and used to retrieve identity information from the issuer
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the identity that is the subject of the issued ticket (the relying party)
  * @param ticket the issued ticket to consume
  * @param cb the callback to call
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                          void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
   struct ConsumeTicketMessage *ctm;
 
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->ar_cb = cb;
   op->cls = cb_cls;
@@ -1145,14 +1145,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
                                     h->op_tail,
                                     op);
   op->env = GNUNET_MQ_msg_extra (ctm,
-                                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET);
+                                 sizeof (const struct GNUNET_RECLAIM_Ticket),
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET);
   ctm->identity = *identity;
   ctm->id = htonl (op->r_id);
 
   GNUNET_memcpy ((char*)&ctm[1],
                  ticket,
-                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                 sizeof (const struct GNUNET_RECLAIM_Ticket));
 
   if (NULL != h->mq)
     GNUNET_MQ_send_copy (h->mq,
@@ -1166,7 +1166,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * Lists all tickets that have been issued to remote
  * identites (relying parties)
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param error_cb function to call on error (i.e. disconnect),
  *        the handle is afterwards invalid
@@ -1179,17 +1179,17 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                  const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                  GNUNET_SCHEDULER_TaskCallback error_cb,
                                                  void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                  void *proc_cls,
                                                  GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                  void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
   struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStartMessage *msg;
@@ -1198,7 +1198,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
   GNUNET_CRYPTO_ecdsa_key_get_public (identity,
                                       &identity_pub);
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1211,7 +1211,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
                                     h->ticket_it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = identity_pub;
   msg->is_audience = htonl (GNUNET_NO);
@@ -1229,7 +1229,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * Lists all tickets that have been issued to remote
  * identites (relying parties)
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param error_cb function to call on error (i.e. disconnect),
  *        the handle is afterwards invalid
@@ -1242,23 +1242,23 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  * @param finish_cb_cls closure for @a finish_cb
  * @return an iterator handle to use for iteration
  */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                     const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                     GNUNET_SCHEDULER_TaskCallback error_cb,
                                                     void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                     void *proc_cls,
                                                     GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                     void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStartMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
   it->h = h;
   it->error_cb = error_cb;
   it->error_cb_cls = error_cb_cls;
@@ -1271,7 +1271,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
                                     h->ticket_it_tail,
                                     it);
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
   msg->id = htonl (rid);
   msg->identity = *identity;
   msg->is_audience = htonl (GNUNET_YES);
@@ -1286,20 +1286,20 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
 }
 
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
  * for the next record.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct TicketIterationNextMessage *msg;
   struct GNUNET_MQ_Envelope *env;
 
   env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT);
   msg->id = htonl (it->r_id);
   GNUNET_MQ_send (h->mq,
                   env);
@@ -1309,21 +1309,21 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_
 /**
  * Stops iteration and releases the idp handle for further calls.  Must
  * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
  *
  * @param it the iterator
  */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
   struct GNUNET_MQ_Envelope *env;
   struct TicketIterationStopMessage *msg;
 
   if (NULL != h->mq)
   {
     env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP);
     msg->id = htonl (it->r_id);
     GNUNET_MQ_send (h->mq,
                     env);
@@ -1335,27 +1335,26 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
  * Revoked an issued ticket. The relying party will be unable to retrieve
  * updated attributes.
  *
- * @param h the identity provider to use
+ * @param h the reclaim to use
  * @param identity the issuing identity
  * @param ticket the ticket to revoke
  * @param cb the callback
  * @param cb_cls the callback closure
  * @return handle to abort the operation
  */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                         void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
-  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_RECLAIM_Operation *op;
   struct RevokeTicketMessage *msg;
   uint32_t rid;
 
   rid = h->r_id_gen++;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
   op->h = h;
   op->rvk_cb = cb;
   op->cls = cb_cls;
@@ -1363,22 +1362,22 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
   GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                     h->op_tail,
                                     op);
-  env = GNUNET_MQ_msg_extra (msg,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET);
+  op->env = GNUNET_MQ_msg_extra (msg,
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET);
   msg->id = htonl (rid);
   msg->identity = *identity;
   GNUNET_memcpy (&msg[1],
                  ticket,
-                 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
-  if (NULL == h->mq)
-    op->env = env;
-  else
+                 sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (NULL != h->mq) {
     GNUNET_MQ_send (h->mq,
-                    env);
+                    op->env);
+    op->env = NULL;
+  }
   return op;
 }
 
 
 
-/* end of identity_provider_api.c */
+/* end of reclaim_api.c */
diff --git a/src/reclaim/test_reclaim.sh b/src/reclaim/test_reclaim.sh
new file mode 100755
index 000000000..311f5382a
--- /dev/null
+++ b/src/reclaim/test_reclaim.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_attribute.sh b/src/reclaim/test_reclaim_attribute.sh
new file mode 100755
index 000000000..39bd715b7
--- /dev/null
+++ b/src/reclaim/test_reclaim_attribute.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+
+#curl localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_consume.sh b/src/reclaim/test_reclaim_consume.sh
new file mode 100755
index 000000000..36c8052d0
--- /dev/null
+++ b/src/reclaim/test_reclaim_consume.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}')
+gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf > /dev/null 2>&1
+
+if test $? != 0
+then
+  "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/tickets/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/identity-provider/test_idp_defaults.conf b/src/reclaim/test_reclaim_defaults.conf
index a9a197dea..a9a197dea 100644
--- a/src/identity-provider/test_idp_defaults.conf
+++ b/src/reclaim/test_reclaim_defaults.conf
diff --git a/src/reclaim/test_reclaim_issue.sh b/src/reclaim/test_reclaim_issue.sh
new file mode 100755
index 000000000..6a71470e1
--- /dev/null
+++ b/src/reclaim/test_reclaim_issue.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf > /dev/null 2>&1
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+#gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_revoke.sh b/src/reclaim/test_reclaim_revoke.sh
new file mode 100755
index 000000000..595752fd8
--- /dev/null
+++ b/src/reclaim/test_reclaim_revoke.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+gnunet-identity -C alice -c test_reclaim.conf
+gnunet-identity -C bob -c test_reclaim.conf
+gnunet-identity -C eve -c test_reclaim.conf
+ALICE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep alice | awk '{print $3}')
+BOB_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep bob | awk '{print $3}')
+EVE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep eve | awk '{print $3}')
+
+gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf 
+gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf
+TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}')
+#gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf
+TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}')
+
+#echo "Consuming $TICKET"
+#gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf
+gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf
+
+#sleep 6
+
+gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf 2&>1 >/dev/null
+if test $? == 0
+then 
+  echo "Eve can still resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+
+gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf 2&>1 >/dev/null
+if test $? != 0
+then
+  echo "Bob cannot resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/rest/Makefile.am b/src/rest/Makefile.am
index ebfb98024..ce0454d53 100644
--- a/src/rest/Makefile.am
+++ b/src/rest/Makefile.am
@@ -29,6 +29,18 @@ libexec_PROGRAMS = \
 EXTRA_DIST = \
  rest.conf
 
+plugin_LTLIBRARIES = libgnunet_plugin_rest_copying.la
+
+libgnunet_plugin_rest_copying_la_SOURCES = \
+  plugin_rest_copying.c
+libgnunet_plugin_rest_copying_la_LIBADD = \
+        $(top_builddir)/src/rest/libgnunetrest.la \
+  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+  $(LTLIBINTL) -lmicrohttpd
+libgnunet_plugin_rest_copying_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
 gnunet_rest_server_SOURCES = \
  gnunet-rest-server.c
 
diff --git a/src/rest/plugin_rest_copying.c b/src/rest/plugin_rest_copying.c
new file mode 100644
index 000000000..668dc5d38
--- /dev/null
+++ b/src/rest/plugin_rest_copying.c
@@ -0,0 +1,231 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2018 GNUnet e.V.
+
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+  
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file gns/plugin_rest_copying.c
+ * @brief REST plugin that serves licensing information.
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include <gnunet_rest_lib.h>
+
+#define GNUNET_REST_API_NS_COPYING "/copying"
+
+#define GNUNET_REST_COPYING_TEXT "GNU Affero General Public License version 3 or later. See also: <http://www.gnu.org/licenses/>"
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+struct RequestHandle
+{
+  /**
+   * Handle to rest request
+   */
+  struct GNUNET_REST_RequestHandle *rest_handle;
+
+  /**
+   * The plugin result processor
+   */
+  GNUNET_REST_ResultProcessor proc;
+
+  /**
+   * The closure of the result processor
+   */
+  void *proc_cls;
+
+  /**
+   * HTTP response code
+   */
+  int response_code;
+
+};
+
+
+/**
+ * Cleanup request handle.
+ *
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cleaning up\n");
+  GNUNET_free (handle);
+}
+
+
+/**
+ * Task run on shutdown.  Cleans up everything.
+ *
+ * @param cls unused
+ * @param tc scheduler context
+ */
+static void
+do_error (void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+
+  resp = GNUNET_REST_create_response (NULL);
+  handle->proc (handle->proc_cls, resp, handle->response_code);
+  cleanup_handle (handle);
+}
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+get_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+
+  resp = GNUNET_REST_create_response (GNUNET_REST_COPYING_TEXT);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+
+  resp = GNUNET_REST_create_response (NULL);
+  MHD_add_response_header (resp,
+                           "Access-Control-Allow-Methods",
+                           MHD_HTTP_METHOD_GET);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+
+
+/**
+ * Function processing the REST call
+ *
+ * @param method HTTP method
+ * @param url URL of the HTTP request
+ * @param data body of the HTTP request (optional)
+ * @param data_size length of the body
+ * @param proc callback function for the result
+ * @param proc_cls closure for @a proc
+ * @return #GNUNET_OK if request accepted
+ */
+static void
+rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle,
+                              GNUNET_REST_ResultProcessor proc,
+                              void *proc_cls)
+{
+  static const struct GNUNET_REST_RequestHandler handlers[] = {
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_COPYING, &get_cont},
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_COPYING, &options_cont},
+    GNUNET_REST_HANDLER_END
+  };
+  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+  struct GNUNET_REST_RequestHandlerError err;
+
+  handle->proc_cls = proc_cls;
+  handle->proc = proc;
+  handle->rest_handle = conndata_handle;
+
+  if (GNUNET_NO == GNUNET_REST_handle_request (conndata_handle,
+                                               handlers,
+                                               &err,
+                                               handle))
+  {
+    handle->response_code = err.error_code;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+  }
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*"
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_copying_init (void *cls)
+{
+  static struct Plugin plugin;
+  cfg = cls;
+  struct GNUNET_REST_Plugin *api;
+
+  if (NULL != plugin.cfg)
+    return NULL;                /* can only initialize once! */
+  memset (&plugin, 0, sizeof (struct Plugin));
+  plugin.cfg = cfg;
+  api = GNUNET_new (struct GNUNET_REST_Plugin);
+  api->cls = &plugin;
+  api->name = GNUNET_REST_API_NS_COPYING;
+  api->process_request = &rest_copying_process_request;
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              _("COPYING REST API initialized\n"));
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_copying_done (void *cls)
+{
+  struct GNUNET_REST_Plugin *api = cls;
+  struct Plugin *plugin = api->cls;
+
+  plugin->cfg = NULL;
+  GNUNET_free (api);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "COPYING REST plugin is finished\n");
+  return NULL;
+}
+
+/* end of plugin_rest_copying.c */
diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c
index 16f23e86c..49714872f 100644
--- a/src/rps/gnunet-rps-profiler.c
+++ b/src/rps/gnunet-rps-profiler.c
@@ -49,7 +49,11 @@ static unsigned bits_needed;
 /**
  * How long do we run the test?
  */
-//#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)
+static struct GNUNET_TIME_Relative duration;
+
+/**
+ * When do we do a hard shutdown?
+ */
 static struct GNUNET_TIME_Relative timeout;
 
 
@@ -446,6 +450,10 @@ struct RPSPeer
    * @brief statistics values
    */
   uint64_t stats[STAT_TYPE_MAX];
+  /**
+   * @brief Handle for the statistics get request
+   */
+  struct GNUNET_STATISTICS_GetHandle *h_stat_get[STAT_TYPE_MAX];
 };
 
 /**
@@ -489,15 +497,16 @@ static unsigned int view_sizes;
 static int ok;
 
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the task that runs after the test to collect results
  */
 static struct GNUNET_SCHEDULER_Task *post_test_task;
 
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the shutdown task
  */
 static struct GNUNET_SCHEDULER_Task *shutdown_task;
 
+
 /**
  * Identifier for the churn task that runs periodically
  */
@@ -874,6 +883,75 @@ static int check_statistics_collect_completed ()
   return GNUNET_YES;
 }
 
+static void
+rps_disconnect_adapter (void *cls,
+                        void *op_result);
+
+static void
+cancel_pending_req (struct PendingRequest *pending_req)
+{
+  struct RPSPeer *rps_peer;
+
+  rps_peer = pending_req->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
+                               rps_peer->pending_req_tail,
+                               pending_req);
+  rps_peer->num_pending_reqs--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling pending rps get request\n");
+  GNUNET_SCHEDULER_cancel (pending_req->request_task);
+  GNUNET_free (pending_req);
+}
+
+static void
+cancel_request (struct PendingReply *pending_rep)
+{
+  struct RPSPeer *rps_peer;
+
+  rps_peer = pending_rep->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
+                               rps_peer->pending_rep_tail,
+                               pending_rep);
+  rps_peer->num_pending_reps--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling rps get reply\n");
+  GNUNET_RPS_request_cancel (pending_rep->req_handle);
+  GNUNET_free (pending_rep);
+}
+
+void
+clean_peer (unsigned peer_index)
+{
+  struct PendingRequest *pending_req;
+
+  while (NULL != (pending_req = rps_peers[peer_index].pending_req_head))
+  {
+    cancel_pending_req (pending_req);
+  }
+  pending_req = rps_peers[peer_index].pending_req_head;
+  rps_disconnect_adapter (&rps_peers[peer_index],
+                          &rps_peers[peer_index].rps_handle);
+  for (unsigned stat_type = STAT_TYPE_ROUNDS;
+       stat_type < STAT_TYPE_MAX;
+       stat_type++)
+  {
+    if (NULL != rps_peers[peer_index].h_stat_get[stat_type])
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "(%u) did not yet receive stat value for `%s'\n",
+                  rps_peers[peer_index].index,
+                  stat_type_2_str (stat_type));
+      GNUNET_STATISTICS_get_cancel (
+          rps_peers[peer_index].h_stat_get[stat_type]);
+    }
+  }
+  if (NULL != rps_peers[peer_index].op)
+  {
+    GNUNET_TESTBED_operation_done (rps_peers[peer_index].op);
+    rps_peers[peer_index].op = NULL;
+  }
+}
+
 /**
  * Task run on timeout to shut everything down.
  */
@@ -881,35 +959,55 @@ static void
 shutdown_op (void *cls)
 {
   unsigned int i;
+  struct OpListEntry *entry;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Shutdown task scheduled, going down.\n");
   in_shutdown = GNUNET_YES;
+
+  if (NULL != shutdown_task)
+  {
+    GNUNET_SCHEDULER_cancel (shutdown_task);
+    shutdown_task = NULL;
+  }
   if (NULL != post_test_task)
   {
     GNUNET_SCHEDULER_cancel (post_test_task);
+    post_test_task = NULL;
   }
   if (NULL != churn_task)
   {
     GNUNET_SCHEDULER_cancel (churn_task);
     churn_task = NULL;
   }
+  entry = oplist_head;
+  while (NULL != (entry = oplist_head))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Operation still pending on shutdown (%u)\n",
+                entry->index);
+    GNUNET_TESTBED_operation_done (entry->op);
+    GNUNET_CONTAINER_DLL_remove (oplist_head, oplist_tail, entry);
+    GNUNET_free (entry);
+  }
   for (i = 0; i < num_peers; i++)
   {
-    if (NULL != rps_peers[i].rps_handle)
-    {
-      GNUNET_RPS_disconnect (rps_peers[i].rps_handle);
-    }
-    if (NULL != rps_peers[i].op)
-    {
-      GNUNET_TESTBED_operation_done (rps_peers[i].op);
-    }
+    clean_peer (i);
   }
 }
 
+static void
+trigger_shutdown (void *cls)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Shutdown was triggerd by timeout, going down.\n");
+  shutdown_task = NULL;
+  GNUNET_SCHEDULER_shutdown ();
+}
+
 
 /**
- * Task run on timeout to collect statistics and potentially shut down.
+ * Task run after #duration to collect statistics and potentially shut down.
  */
 static void
 post_test_op (void *cls)
@@ -919,7 +1017,7 @@ post_test_op (void *cls)
   post_test_task = NULL;
   post_test = GNUNET_YES;
   GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-              "Post test task scheduled, going down.\n");
+              "Post test task scheduled.\n");
   if (NULL != churn_task)
   {
     GNUNET_SCHEDULER_cancel (churn_task);
@@ -943,7 +1041,7 @@ post_test_op (void *cls)
       GNUNET_YES == check_statistics_collect_completed())
   {
     GNUNET_SCHEDULER_cancel (shutdown_task);
-    shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL);
+    shutdown_task = NULL;
     GNUNET_SCHEDULER_shutdown ();
   }
 }
@@ -1030,9 +1128,9 @@ info_cb (void *cb_cls,
  */
 static void
 rps_connect_complete_cb (void *cls,
-                         struct GNUNET_TESTBED_Operation *op,
-                         void *ca_result,
-                         const char *emsg)
+                         struct GNUNET_TESTBED_Operation *op,
+                         void *ca_result,
+                         const char *emsg)
 {
   struct RPSPeer *rps_peer = cls;
   struct GNUNET_RPS_Handle *rps = ca_result;
@@ -1057,7 +1155,9 @@ rps_connect_complete_cb (void *cls,
     return;
   }
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Started client successfully\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Started client successfully (%u)\n",
+              rps_peer->index);
 
   cur_test_run.main_test (rps_peer);
 }
@@ -1075,7 +1175,7 @@ rps_connect_complete_cb (void *cls,
  */
 static void *
 rps_connect_adapter (void *cls,
-                                 const struct GNUNET_CONFIGURATION_Handle *cfg)
+                     const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
   struct GNUNET_RPS_Handle *h;
 
@@ -1167,15 +1267,26 @@ stat_complete_cb (void *cls, struct GNUNET_TESTBED_Operation *op,
  */
 static void
 rps_disconnect_adapter (void *cls,
-                                          void *op_result)
+                        void *op_result)
 {
   struct RPSPeer *peer = cls;
   struct GNUNET_RPS_Handle *h = op_result;
+  struct PendingReply *pending_rep;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "disconnect_adapter (%u)\n",
+              peer->index);
   GNUNET_assert (NULL != peer);
-  GNUNET_RPS_disconnect (h);
-  peer->rps_handle = NULL;
+  if (NULL != peer->rps_handle)
+  {
+    while (NULL != (pending_rep = peer->pending_rep_head))
+    {
+      cancel_request (pending_rep);
+    }
+    GNUNET_assert (h == peer->rps_handle);
+    GNUNET_RPS_disconnect (h);
+    peer->rps_handle = NULL;
+  }
 }
 
 
@@ -1219,13 +1330,15 @@ default_reply_handle (void *cls,
     rps_peer->num_recv_ids++;
   }
 
-  if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit)
+  if (GNUNET_YES != post_test) return;
+  if (HAVE_QUICK_QUIT != cur_test_run.have_quick_quit) return;
+  if (0 == evaluate())
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before timeout\n");
-    GNUNET_assert (NULL != post_test_task);
-    GNUNET_SCHEDULER_cancel (post_test_task);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Test succeeded before end of duration\n");
+    if (NULL != post_test_task) GNUNET_SCHEDULER_cancel (post_test_task);
     post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL);
-    GNUNET_assert (NULL!= post_test_task);
+    GNUNET_assert (NULL != post_test_task);
   }
 }
 
@@ -1239,13 +1352,13 @@ request_peers (void *cls)
   struct RPSPeer *rps_peer;
   struct PendingReply *pending_rep;
 
-  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test)
-    return;
   rps_peer = pending_req->rps_peer;
   GNUNET_assert (1 <= rps_peer->num_pending_reqs);
   GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
                                rps_peer->pending_req_tail,
                                pending_req);
+  rps_peer->num_pending_reqs--;
+  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) return;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Requesting one peer\n");
   pending_rep = GNUNET_new (struct PendingReply);
@@ -1258,39 +1371,6 @@ request_peers (void *cls)
                                     rps_peer->pending_rep_tail,
                                     pending_rep);
   rps_peer->num_pending_reps++;
-  rps_peer->num_pending_reqs--;
-}
-
-static void
-cancel_pending_req (struct PendingRequest *pending_req)
-{
-  struct RPSPeer *rps_peer;
-
-  rps_peer = pending_req->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
-                               rps_peer->pending_req_tail,
-                               pending_req);
-  rps_peer->num_pending_reqs--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling pending request\n");
-  GNUNET_SCHEDULER_cancel (pending_req->request_task);
-  GNUNET_free (pending_req);
-}
-
-static void
-cancel_request (struct PendingReply *pending_rep)
-{
-  struct RPSPeer *rps_peer;
-
-  rps_peer = pending_rep->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
-                               rps_peer->pending_rep_tail,
-                               pending_rep);
-  rps_peer->num_pending_reps--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling request\n");
-  GNUNET_RPS_request_cancel (pending_rep->req_handle);
-  GNUNET_free (pending_rep);
 }
 
 
@@ -2261,12 +2341,6 @@ void write_final_stats (void){
          stat_type < STAT_TYPE_MAX;
          stat_type++)
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                 "Add to sum (%" PRIu64 ") %" PRIu64 " of stat type %u - %s\n",
-                  sums[stat_type],
-                  rps_peers[i].stats[stat_type],
-                  stat_type,
-                  stat_type_2_str (stat_type));
       sums[stat_type] += rps_peers[i].stats[stat_type];
     }
   }
@@ -2312,6 +2386,8 @@ post_test_shutdown_ready_cb (void *cls,
 {
   struct STATcls *stat_cls = (struct STATcls *) cls;
   struct RPSPeer *rps_peer = stat_cls->rps_peer;
+
+  rps_peer->h_stat_get[stat_cls->stat_type] = NULL;
   if (GNUNET_OK == success)
   {
     /* set flag that we we got the value */
@@ -2363,6 +2439,7 @@ stat_iterator (void *cls,
 {
   const struct STATcls *stat_cls = (const struct STATcls *) cls;
   struct RPSPeer *rps_peer = (struct RPSPeer *) stat_cls->rps_peer;
+
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got stat value: %s - %" PRIu64 "\n",
       //stat_type_2_str (stat_cls->stat_type),
       name,
@@ -2455,12 +2532,13 @@ void post_profiler (struct RPSPeer *rps_peer)
       stat_cls->stat_type = stat_type;
       rps_peer->file_name_stats =
         store_prefix_file_name (rps_peer->peer_id, "stats");
-      GNUNET_STATISTICS_get (rps_peer->stats_h,
-                             "rps",
-                             stat_type_2_str (stat_type),
-                             post_test_shutdown_ready_cb,
-                             stat_iterator,
-                             (struct STATcls *) stat_cls);
+      rps_peer->h_stat_get[stat_type] = GNUNET_STATISTICS_get (
+          rps_peer->stats_h,
+          "rps",
+          stat_type_2_str (stat_type),
+          post_test_shutdown_ready_cb,
+          stat_iterator,
+          (struct STATcls *) stat_cls);
       GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
           "Requested statistics for %s (peer %" PRIu32 ")\n",
           stat_type_2_str (stat_type),
@@ -2555,6 +2633,8 @@ test_run (void *cls,
     /* Connect all peers to statistics service */
     if (COLLECT_STATISTICS == cur_test_run.have_collect_statistics)
     {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                 "Connecting to statistics service\n");
       rps_peers[i].stat_op =
         GNUNET_TESTBED_service_connect (NULL,
                                         peers[i],
@@ -2569,11 +2649,12 @@ test_run (void *cls,
 
   if (NULL != churn_task)
     GNUNET_SCHEDULER_cancel (churn_task);
-  post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL);
-  timeout = GNUNET_TIME_relative_multiply (timeout, 1 + (0.1 * num_peers));
-  shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
-  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL);
-
+  post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000);
+  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout,
+                                                &trigger_shutdown,
+                                                NULL);
+  GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
 }
 
 
@@ -2609,7 +2690,7 @@ run (void *cls,
   if (0 == cur_test_run.num_requests) cur_test_run.num_requests = 5;
   //cur_test_run.have_churn = HAVE_CHURN;
   cur_test_run.have_churn = HAVE_NO_CHURN;
-  cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
+  cur_test_run.have_quick_quit = HAVE_QUICK_QUIT;
   cur_test_run.have_collect_statistics = COLLECT_STATISTICS;
   cur_test_run.stat_collect_flags = BIT(STAT_TYPE_ROUNDS) |
                                     BIT(STAT_TYPE_BLOCKS) |
@@ -2632,10 +2713,38 @@ run (void *cls,
   /* 'Clean' directory */
   (void) GNUNET_DISK_directory_remove ("/tmp/rps/");
   GNUNET_DISK_directory_create ("/tmp/rps/");
-  if (0 == timeout.rel_value_us)
+  if (0 == duration.rel_value_us)
   {
-    timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+    if (0 == timeout.rel_value_us)
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               (90 * 1.2) +
+                                                 (0.01 * num_peers));
+    }
+    else
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                                (timeout.rel_value_us/1000000)
+                                                  * 0.75);
+    }
   }
+  else
+  {
+    if (0 == timeout.rel_value_us)
+    {
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               ((duration.rel_value_us/1000000)
+                                                  * 1.2) + (0.01 * num_peers));
+    }
+  }
+  GNUNET_assert (duration.rel_value_us < timeout.rel_value_us);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "duration is %lus\n",
+              duration.rel_value_us/1000000);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "timeout is %lus\n",
+              timeout.rel_value_us/1000000);
 
   /* Compute number of bits for representing largest peer id */
   for (bits_needed = 1; (1 << bits_needed) < num_peers; bits_needed++)
@@ -2685,6 +2794,12 @@ main (int argc, char *argv[])
                                gettext_noop ("number of peers to start"),
                                &num_peers),
 
+    GNUNET_GETOPT_option_relative_time ('d',
+                                        "duration",
+                                        "DURATION",
+                                        gettext_noop ("duration of the profiling"),
+                                        &duration),
+
     GNUNET_GETOPT_option_relative_time ('t',
                                         "timeout",
                                         "TIMEOUT",
@@ -2732,7 +2847,6 @@ main (int argc, char *argv[])
   GNUNET_free (rps_peers);
   GNUNET_free (rps_peer_ids);
   GNUNET_CONTAINER_multipeermap_destroy (peer_map);
-  printf ("test -1\n");
   return ret_value;
 }
 
diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c
index 84fb33be2..d601ac7d4 100644
--- a/src/rps/gnunet-service-rps.c
+++ b/src/rps/gnunet-service-rps.c
@@ -68,6 +68,7 @@ static struct GNUNET_STATISTICS_Handle *stats;
  */
 static struct GNUNET_PeerIdentity own_identity;
 
+static int in_shutdown = GNUNET_NO;
 
 /**
  * @brief Port used for cadet.
@@ -97,11 +98,6 @@ static struct GNUNET_HashCode port;
 #define unset_peer_flag(peer_ctx, mask) ((peer_ctx->peer_flags) &= ~(mask))
 
 /**
- * Set a channel flag of given channel context.
- */
-#define set_channel_flag(channel_flags, mask) ((*channel_flags) |= (mask))
-
-/**
  * Get channel flag of given channel context.
  */
 #define check_channel_flag_set(channel_flags, mask)\
@@ -164,6 +160,11 @@ struct PendingMessage
 };
 
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx;
+
+/**
  * Struct used to keep track of other peer's status
  *
  * This is stored in a multipeermap.
@@ -181,22 +182,12 @@ struct PeerContext
   /**
    * Channel open to client.
    */
-  struct GNUNET_CADET_Channel *send_channel;
-
-  /**
-   * Flags to the sending channel
-   */
-  uint32_t *send_channel_flags;
+  struct ChannelCtx *send_channel_ctx;
 
   /**
    * Channel open from client.
    */
-  struct GNUNET_CADET_Channel *recv_channel; // unneeded?
-
-  /**
-   * Flags to the receiving channel
-   */
-  uint32_t *recv_channel_flags;
+  struct ChannelCtx *recv_channel_ctx;
 
   /**
    * Array of pending operations on this peer.
@@ -242,6 +233,11 @@ struct PeerContext
   struct PendingMessage *pending_messages_tail;
 
   /**
+   * @brief Task to destroy this context.
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+
+  /**
    * This is pobably followed by 'statistical' data (when we first saw
    * it, how did we get its ID, how many pushes (in a timeinterval),
    * ...)
@@ -265,6 +261,33 @@ struct PeersIteratorCls
 };
 
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx
+{
+  /**
+   * @brief Meant to be used in a DLL
+   */
+  struct ChannelCtx *next;
+  struct ChannelCtx *prev;
+
+  /**
+   * @brief The channel itself
+   */
+  struct GNUNET_CADET_Channel *channel;
+
+  /**
+   * @brief The peer context associated with the channel
+   */
+  struct PeerContext *peer_ctx;
+
+  /**
+   * @brief Scheduled task that will destroy this context
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+};
+
+/**
  * @brief Hashmap of valid peers.
  */
 static struct GNUNET_CONTAINER_MultiPeerMap *valid_peers;
@@ -332,8 +355,6 @@ create_peer_ctx (const struct GNUNET_PeerIdentity *peer)
 
   ctx = GNUNET_new (struct PeerContext);
   ctx->peer_id = *peer;
-  ctx->send_channel_flags = GNUNET_new (uint32_t);
-  ctx->recv_channel_flags = GNUNET_new (uint32_t);
   ret = GNUNET_CONTAINER_multipeermap_put (peer_map, peer, ctx,
       GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
   GNUNET_assert (GNUNET_OK == ret);
@@ -387,8 +408,8 @@ Peers_check_connected (const struct GNUNET_PeerIdentity *peer)
   /* Get the context */
   peer_ctx = get_peer_ctx (peer);
   /* If we have no channel to this peer we don't know whether it's online */
-  if ( (NULL == peer_ctx->send_channel) &&
-       (NULL == peer_ctx->recv_channel) )
+  if ( (NULL == peer_ctx->send_channel_ctx) &&
+       (NULL == peer_ctx->recv_channel_ctx) )
   {
     Peers_unset_peer_flag (peer, Peers_ONLINE);
     return GNUNET_NO;
@@ -575,6 +596,24 @@ handle_peer_pull_reply (void *cls,
 
 /* End declaration of handlers */
 
+/**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx);
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx);
+
 
 /**
  * @brief Get the channel of a peer. If not existing, create.
@@ -610,16 +649,17 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
 
 
   peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
          "Trying to establish channel to peer %s\n",
          GNUNET_i2s (peer));
     ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
     *ctx_peer = *peer;
-    peer_ctx->send_channel =
+    peer_ctx->send_channel_ctx = add_channel_ctx (peer_ctx);
+    peer_ctx->send_channel_ctx->channel =
       GNUNET_CADET_channel_create (cadet_handle,
-                                   (struct GNUNET_PeerIdentity *) ctx_peer, /* context */
+                                   peer_ctx->send_channel_ctx, /* context */
                                    peer,
                                    &port,
                                    GNUNET_CADET_OPTION_RELIABLE,
@@ -627,8 +667,9 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
                                    cleanup_destroyed_channel, /* Disconnect handler */
                                    cadet_handlers);
   }
-  GNUNET_assert (NULL != peer_ctx->send_channel);
-  return peer_ctx->send_channel;
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx);
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx->channel);
+  return peer_ctx->send_channel_ctx->channel;
 }
 
 
@@ -1045,12 +1086,10 @@ restore_valid_peers ()
  */
 void
 Peers_initialise (char* fn_valid_peers,
-                  struct GNUNET_CADET_Handle *cadet_h,
-                  const struct GNUNET_PeerIdentity *own_id)
+                  struct GNUNET_CADET_Handle *cadet_h)
 {
   filename_valid_peers = GNUNET_strdup (fn_valid_peers);
   cadet_handle = cadet_h;
-  own_identity = *own_id;
   peer_map = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
   valid_peers = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
   restore_valid_peers ();
@@ -1136,14 +1175,12 @@ Peers_get_valid_peers (PeersIterator iterator,
  * @param peer the new #GNUNET_PeerIdentity
  *
  * @return #GNUNET_YES if peer was inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
- *                     peer was #own_identity)
+ *         #GNUNET_NO  otherwise
  */
 int
 Peers_insert_peer (const struct GNUNET_PeerIdentity *peer)
 {
-  if ( (GNUNET_YES == Peers_check_peer_known (peer)) ||
-       (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) )
+  if (GNUNET_YES == Peers_check_peer_known (peer))
   {
     return GNUNET_NO; /* We already know this peer - nothing to do */
   }
@@ -1161,8 +1198,7 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
  *
  * @param peer the peer whose liveliness is to be checked
  * @return #GNUNET_YES if peer had to be inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
- *                     peer was #own_identity)
+ *         #GNUNET_NO  otherwise
  */
 int
 Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
@@ -1170,13 +1206,10 @@ Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
   struct PeerContext *peer_ctx;
   int ret;
 
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
   ret = Peers_insert_peer (peer);
   peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE))
+  if ( (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) &&
+       (NULL == peer_ctx->liveliness_check_pending) )
   {
     check_peer_live (peer_ctx);
   }
@@ -1208,7 +1241,7 @@ Peers_check_removable (const struct GNUNET_PeerIdentity *peer)
   }
 
   peer_ctx = get_peer_ctx (peer);
-  if ( (NULL != peer_ctx->recv_channel) ||
+  if ( (NULL != peer_ctx->recv_channel_ctx) ||
        (NULL != peer_ctx->pending_messages_head) ||
        (GNUNET_NO == check_peer_flag_set (peer_ctx, Peers_PULL_REPLY_PENDING)) )
   {
@@ -1225,6 +1258,65 @@ int
 Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags);
 
 /**
+ * @brief Callback for the scheduler to destroy the knowledge of a peer.
+ *
+ * @param cls Context of the peer
+ */
+static void
+destroy_peer (void *cls)
+{
+  struct PeerContext *peer_ctx = cls;
+
+  GNUNET_assert (NULL != peer_ctx);
+  peer_ctx->destruction_task = NULL;
+  Peers_remove_peer (&peer_ctx->peer_id);
+}
+
+static void
+destroy_channel (void *cls);
+
+
+/**
+ * @brief Schedule the destruction of the given channel.
+ *
+ * Do so only if it was not already scheduled and not during shutdown.
+ *
+ * @param channel_ctx The context of the channel to destroy.
+ */
+static void
+schedule_channel_destruction (struct ChannelCtx *channel_ctx)
+{
+  GNUNET_assert (NULL != channel_ctx);
+  if (NULL != channel_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    channel_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx);
+  }
+}
+
+
+/**
+ * @brief Schedule the destruction of the given peer.
+ *
+ * Do so only if it was not already scheduled and not during shutdown.
+ *
+ * @param peer_ctx The context of the peer to destroy.
+ */
+static void
+schedule_peer_destruction (struct PeerContext *peer_ctx)
+{
+  GNUNET_assert (NULL != peer_ctx);
+  if (NULL != peer_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    peer_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx);
+  }
+}
+
+
+/**
  * @brief Remove peer
  *
  * @param peer the peer to clean
@@ -1235,7 +1327,8 @@ int
 Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
 {
   struct PeerContext *peer_ctx;
-  uint32_t *channel_flag;
+
+  GNUNET_assert (NULL != peer_map);
 
   if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer))
   {
@@ -1249,7 +1342,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
        GNUNET_i2s (&peer_ctx->peer_id));
   Peers_unset_peer_flag (peer, Peers_ONLINE);
 
+  /* Clear list of pending operations */
+  // TODO this probably leaks memory
+  //      ('only' the cls to the function. Not sure what to do with it)
   GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0);
+
+  /* Remove all pending messages */
   while (NULL != peer_ctx->pending_messages_head)
   {
     LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -1261,10 +1359,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
                      peer_ctx->liveliness_check_pending,
                      sizeof (struct PendingMessage))) )
       {
+        // TODO this may leak memory
         peer_ctx->liveliness_check_pending = NULL;
       }
     remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES);
   }
+
   /* If we are still waiting for notification whether this peer is live
    * cancel the according task */
   if (NULL != peer_ctx->liveliness_check_pending)
@@ -1277,28 +1377,40 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
     remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
     peer_ctx->liveliness_check_pending = NULL;
   }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-  if (NULL != peer_ctx->send_channel &&
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+
+
+  /* Do we still have to wait for destruction of channels
+   * or issue the destruction? */
+  if (NULL != peer_ctx->send_channel_ctx &&
+      NULL != peer_ctx->send_channel_ctx->destruction_task
+      )
   {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Destroying send channel\n");
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
   }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
-  if (NULL != peer_ctx->recv_channel &&
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+  if (NULL != peer_ctx->recv_channel_ctx &&
+      NULL != peer_ctx->recv_channel_ctx->destruction_task)
   {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Destroying recv channel\n");
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-    peer_ctx->recv_channel = NULL;
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
+  }
+  if (NULL != peer_ctx->recv_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->recv_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
+  }
+  if (NULL != peer_ctx->send_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
   }
 
-  GNUNET_free (peer_ctx->send_channel_flags);
-  GNUNET_free (peer_ctx->recv_channel_flags);
+  if (NULL != peer_ctx->destruction_task)
+  {
+    GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task);
+  }
 
   if (GNUNET_YES != GNUNET_CONTAINER_multipeermap_remove_all (peer_map, &peer_ctx->peer_id))
   {
@@ -1308,7 +1420,6 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
   return GNUNET_YES;
 }
 
-
 /**
  * @brief set flags on a given peer.
  *
@@ -1364,77 +1475,6 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
   return check_peer_flag_set (peer_ctx, flags);
 }
 
-
-/**
- * @brief set flags on a given channel.
- *
- * @param channel the channel to set flags on
- * @param flags the flags
- */
-void
-Peers_set_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  set_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief unset flags on a given channel.
- *
- * @param channel the channel to unset flags on
- * @param flags the flags
- */
-void
-Peers_unset_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  unset_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief Check whether flags on a channel are set.
- *
- * @param channel the channel to check the flag of
- * @param flags the flags to check
- *
- * @return #GNUNET_YES if all given flags are set
- *         #GNUNET_NO  otherwise
- */
-int
-Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  return check_channel_flag_set (channel_flags, flags);
-}
-
-/**
- * @brief Get the flags for the channel in @a role for @a peer.
- *
- * @param peer Peer to get the channel flags for.
- * @param role Role of channel to get flags for
- *
- * @return The flags.
- */
-uint32_t *
-Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
-                        enum Peers_ChannelRole role)
-{
-  const struct PeerContext *peer_ctx;
-
-  peer_ctx = get_peer_ctx (peer);
-  if (Peers_CHANNEL_ROLE_SENDING == role)
-  {
-    return peer_ctx->send_channel_flags;
-  }
-  else if (Peers_CHANNEL_ROLE_RECEIVING == role)
-  {
-    return peer_ctx->recv_channel_flags;
-  }
-  else
-  {
-    GNUNET_assert (0);
-  }
-}
-
 /**
  * @brief Check whether we have information about the given peer.
  *
@@ -1505,7 +1545,7 @@ Peers_check_peer_send_intention (const struct GNUNET_PeerIdentity *peer)
   const struct PeerContext *peer_ctx;
 
   peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->recv_channel)
+  if (NULL != peer_ctx->recv_channel_ctx)
   {
     return GNUNET_YES;
   }
@@ -1530,6 +1570,7 @@ Peers_handle_inbound_channel (void *cls,
 {
   struct PeerContext *peer_ctx;
   struct GNUNET_PeerIdentity *ctx_peer;
+  struct ChannelCtx *channel_ctx;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
       "New channel was established to us (Peer %s).\n",
@@ -1540,19 +1581,22 @@ Peers_handle_inbound_channel (void *cls,
   set_peer_live (peer_ctx);
   ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
   *ctx_peer = *initiator;
+  channel_ctx = add_channel_ctx (peer_ctx);
+  channel_ctx->channel = channel;
   /* We only accept one incoming channel per peer */
   if (GNUNET_YES == Peers_check_peer_send_intention (initiator))
   {
-    set_channel_flag (peer_ctx->recv_channel_flags,
-                      Peers_CHANNEL_ESTABLISHED_TWICE);
-    //GNUNET_CADET_channel_destroy (channel);
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-    peer_ctx->recv_channel = channel;
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+        "Already got one receive channel. Destroying old one.\n");
+    GNUNET_break_op (0);
+    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel);
+    remove_channel_ctx (peer_ctx->recv_channel_ctx);
+    peer_ctx->recv_channel_ctx = channel_ctx;
     /* return the channel context */
-    return ctx_peer;
+    return channel_ctx;
   }
-  peer_ctx->recv_channel = channel;
-  return ctx_peer;
+  peer_ctx->recv_channel_ctx = channel_ctx;
+  return channel_ctx;
 }
 
 
@@ -1574,7 +1618,7 @@ Peers_check_sending_channel_exists (const struct GNUNET_PeerIdentity *peer)
     return GNUNET_NO;
   }
   peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
   {
     return GNUNET_NO;
   }
@@ -1607,12 +1651,14 @@ Peers_check_channel_role (const struct GNUNET_PeerIdentity *peer,
   }
   peer_ctx = get_peer_ctx (peer);
   if ( (Peers_CHANNEL_ROLE_SENDING == role) &&
-       (channel == peer_ctx->send_channel) )
+       (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
   {
     return GNUNET_YES;
   }
   if ( (Peers_CHANNEL_ROLE_RECEIVING == role) &&
-       (channel == peer_ctx->recv_channel) )
+       (NULL != peer_ctx->recv_channel_ctx) &&
+       (channel == peer_ctx->recv_channel_ctx->channel) )
   {
     return GNUNET_YES;
   }
@@ -1642,12 +1688,9 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer)
     return GNUNET_NO;
   }
   peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->send_channel)
+  if (NULL != peer_ctx->send_channel_ctx)
   {
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN);
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
     (void) Peers_check_connected (peer);
     return GNUNET_YES;
   }
@@ -1655,6 +1698,25 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer)
 }
 
 /**
+ * @brief Callback for scheduler to destroy a channel
+ *
+ * @param cls Context of the channel
+ */
+static void
+destroy_channel (void *cls)
+{
+  struct ChannelCtx *channel_ctx = cls;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+
+  GNUNET_assert (channel_ctx == peer_ctx->send_channel_ctx ||
+                 channel_ctx == peer_ctx->recv_channel_ctx);
+
+  channel_ctx->destruction_task = NULL;
+  GNUNET_CADET_channel_destroy (channel_ctx->channel);
+  remove_channel_ctx (peer_ctx->send_channel_ctx);
+}
+
+/**
  * This is called when a channel is destroyed.
  *
  * @param cls The closure
@@ -1664,77 +1726,45 @@ void
 Peers_cleanup_destroyed_channel (void *cls,
                                  const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
-  struct PeerContext *peer_ctx;
+  struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
 
   if (GNUNET_NO == Peers_check_peer_known (peer))
   {/* We don't want to implicitly create a context that we're about to kill */
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
+  LOG (GNUNET_ERROR_TYPE_WARNING,
        "channel (%s) without associated context was destroyed\n",
        GNUNET_i2s (peer));
     return;
   }
-  peer_ctx = get_peer_ctx (peer);
 
   /* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY
    * flag will be set. In this case simply make sure that the channels are
    * cleaned. */
-  /* FIXME This distinction seems to be redundant */
-  if (Peers_check_peer_flag (peer, Peers_TO_DESTROY))
-  {/* We initiatad the destruction of this particular peer */
+  /* The distinction seems to be redundant */
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Peer is NOT in the process of being destroyed\n");
+  if ( (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
+  { /* Something (but us) killd the channel - clean up peer */
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is in the process of being destroyed\n");
-    if (channel == peer_ctx->send_channel)
-    {
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    else if (channel == peer_ctx->recv_channel)
-    {
-      peer_ctx->recv_channel = NULL;
-    }
-
-    if (NULL != peer_ctx->send_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    if (NULL != peer_ctx->recv_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-      peer_ctx->recv_channel = NULL;
-    }
-    /* Set the #Peers_ONLINE flag accordingly */
-    (void) Peers_check_connected (peer);
-    return;
+        "send channel (%s) was destroyed - cleaning up\n",
+        GNUNET_i2s (peer));
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
   }
-
-  else
-  { /* We did not initiate the destruction of this peer */
+  else if ( (NULL != peer_ctx->recv_channel_ctx) &&
+       (channel == peer_ctx->recv_channel_ctx->channel) )
+  { /* Other peer doesn't want to send us messages anymore */
     LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is NOT in the process of being destroyed\n");
-    if (channel == peer_ctx->send_channel)
-    { /* Something (but us) killd the channel - clean up peer */
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-          "send channel (%s) was destroyed - cleaning up\n",
-          GNUNET_i2s (peer));
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    else if (channel == peer_ctx->recv_channel)
-    { /* Other peer doesn't want to send us messages anymore */
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Peer %s destroyed recv channel - cleaning up channel\n",
-           GNUNET_i2s (peer));
-      peer_ctx->recv_channel = NULL;
-    }
-    else
-    {
-      LOG (GNUNET_ERROR_TYPE_WARNING,
-           "unknown channel (%s) was destroyed\n",
-           GNUNET_i2s (peer));
-    }
+         "Peer %s destroyed recv channel - cleaning up channel\n",
+         GNUNET_i2s (peer));
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "unknown channel (%s) was destroyed\n",
+         GNUNET_i2s (peer));
   }
   (void) Peers_check_connected (peer);
 }
@@ -1786,10 +1816,6 @@ Peers_schedule_operation (const struct GNUNET_PeerIdentity *peer,
   struct PeerPendingOp pending_op;
   struct PeerContext *peer_ctx;
 
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
   GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
 
   //TODO if LIVE/ONLINE execute immediately
@@ -1823,7 +1849,7 @@ Peers_get_recv_channel (const struct GNUNET_PeerIdentity *peer)
 
   GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
   peer_ctx = get_peer_ctx (peer);
-  return peer_ctx->recv_channel;
+  return peer_ctx->recv_channel_ctx->channel;
 }
 /***********************************************************************
  * /Old gnunet-service-rps_peers.c
@@ -2484,6 +2510,9 @@ send_pull_reply (const struct GNUNET_PeerIdentity *peer_id,
 
   Peers_send_message (peer_id, ev, "PULL REPLY");
   GNUNET_STATISTICS_update(stats, "# pull reply send issued", 1, GNUNET_NO);
+  // TODO check with send intention: as send_channel is used/opened we indicate
+  // a sending intention without intending it.
+  // -> clean peer afterwards?
 }
 
 
@@ -2616,7 +2645,7 @@ remove_peer (const struct GNUNET_PeerIdentity *peer)
   CustomPeerMap_remove_peer (push_map, peer);
   RPS_sampler_reinitialise_by_value (prot_sampler, peer);
   RPS_sampler_reinitialise_by_value (client_sampler, peer);
-  Peers_remove_peer (peer);
+  schedule_peer_destruction (get_peer_ctx (peer));
 }
 
 
@@ -2660,6 +2689,58 @@ clean_peer (const struct GNUNET_PeerIdentity *peer)
 }
 
 /**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx)
+{
+  struct ChannelCtx *channel_ctx;
+  channel_ctx = GNUNET_new (struct ChannelCtx);
+  channel_ctx->peer_ctx = peer_ctx;
+  return channel_ctx;
+}
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx)
+{
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+  if (NULL != channel_ctx->destruction_task)
+  {
+    GNUNET_SCHEDULER_cancel (channel_ctx->destruction_task);
+  }
+  GNUNET_free (channel_ctx);
+
+  if (channel_ctx == peer_ctx->send_channel_ctx)
+  {
+    peer_ctx->send_channel_ctx = NULL;
+    peer_ctx->mq = NULL;
+  }
+  else if (channel_ctx == peer_ctx->recv_channel_ctx)
+  {
+    peer_ctx->recv_channel_ctx = NULL;
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Trying to remove channel_ctx that is not associated with a peer\n");
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\trecv: %p\n", peer_ctx->recv_channel_ctx);
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\tsend: %p\n", peer_ctx->send_channel_ctx);
+    GNUNET_assert (0);
+  }
+}
+
+/**
  * @brief This is called when a channel is destroyed.
  *
  * Removes peer completely from our knowledge if the send_channel was destroyed
@@ -2675,8 +2756,8 @@ static void
 cleanup_destroyed_channel (void *cls,
                            const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
-  uint32_t *channel_flag;
+  struct ChannelCtx *channel_ctx = cls;
+  struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   struct PeerContext *peer_ctx;
 
   GNUNET_assert (NULL != peer);
@@ -2686,94 +2767,26 @@ cleanup_destroyed_channel (void *cls,
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "channel (%s) without associated context was destroyed\n",
          GNUNET_i2s (peer));
-    GNUNET_free (peer);
+    remove_channel_ctx (channel_ctx);
     return;
   }
 
   peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of recv-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_DESTROING);
-  } else if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of send-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_DESTROING);
-  } else {
-    LOG (GNUNET_ERROR_TYPE_ERROR,
-        "Channel to be destroyed has is neither sending nor receiving role\n");
-  }
 
-  if (GNUNET_YES == Peers_check_peer_flag (peer, Peers_TO_DESTROY))
-  { /* We are in the middle of removing that peer from our knowledge. In this
-       case simply make sure that the channels are cleaned. */
-    Peers_cleanup_destroyed_channel (cls, channel);
-    to_file (file_name_view_log,
-             "-%s\t(cleanup channel, ourself)",
-             GNUNET_i2s_full (peer));
-    GNUNET_free (peer);
-    return;
-  }
+  // What should be done here:
+  //  * cleanup everything related to the channel
+  //    * memory
+  //  * remove peer if necessary
 
-  if (GNUNET_YES ==
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
-  { /* Channel used for sending was destroyed */
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> cleaning send channel -> clean context
-     *  - other peer -> peer probably went down -> remove
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-    if (GNUNET_YES == Peers_check_channel_flag (channel_flag, Peers_CHANNEL_CLEAN))
-    { /* We are about to clean the sending channel. Clean the respective
-       * context */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer destroyed our sending channel that it is supposed to keep
-       * open. It probably went down. Remove it from our knowledge. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      remove_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
-  }
-  else if (GNUNET_YES ==
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  { /* Channel used for receiving was destroyed */
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> peer tried to establish channel twice -> clean context
-     *  - other peer -> peer doesn't want to send us data -> clean
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
-    if (GNUNET_YES ==
-        Peers_check_channel_flag (channel_flag, Peers_CHANNEL_ESTABLISHED_TWICE))
-    { /* Other peer tried to establish a channel to us twice. We do not accept
-       * that. Clean the context. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer doesn't want to send us data anymore. We are free to clean
-       * it. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      clean_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
+  if (peer_ctx->recv_channel_ctx == channel_ctx)
+  {
+    remove_channel_ctx (channel_ctx);
   }
-  else
+  else if (peer_ctx->send_channel_ctx == channel_ctx)
   {
-    LOG (GNUNET_ERROR_TYPE_WARNING,
-        "Destroyed channel is neither sending nor receiving channel\n");
+    remove_channel_ctx (channel_ctx);
+    remove_peer (&peer_ctx->peer_id);
   }
-  GNUNET_free (peer);
 }
 
 /***********************************************************************
@@ -3032,8 +3045,6 @@ handle_client_seed (void *cls,
 
   num_peers = ntohl (msg->num_peers);
   peers = (struct GNUNET_PeerIdentity *) &msg[1];
-  //peers = GNUNET_new_array (num_peers, struct GNUNET_PeerIdentity);
-  //GNUNET_memcpy (peers, &msg[1], num_peers * sizeof (struct GNUNET_PeerIdentity));
 
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Client seeded peers:\n");
@@ -3048,9 +3059,6 @@ handle_client_seed (void *cls,
 
     got_peer (&peers[i]);
   }
-
-  ////GNUNET_free (peers);
-
   GNUNET_SERVICE_client_continue (cli_ctx->client);
 }
 
@@ -3168,11 +3176,12 @@ static void
 handle_peer_check (void *cls,
                    const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer));
 
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 /**
@@ -3188,7 +3197,8 @@ static void
 handle_peer_push (void *cls,
                   const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
 
   // (check the proof of work (?))
 
@@ -3233,7 +3243,7 @@ handle_peer_push (void *cls,
   CustomPeerMap_put (push_map, peer);
 
   GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 
@@ -3249,7 +3259,8 @@ static void
 handle_peer_pull_request (void *cls,
                           const struct GNUNET_MessageHeader *msg)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
   const struct GNUNET_PeerIdentity *view_array;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer));
@@ -3272,7 +3283,7 @@ handle_peer_pull_request (void *cls,
   #endif /* ENABLE_MALICIOUS */
 
   GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
   view_array = View_get_as_array ();
   send_pull_reply (peer, view_array, View_size ());
 }
@@ -3312,7 +3323,8 @@ check_peer_pull_reply (void *cls,
   if (GNUNET_YES != Peers_check_peer_flag (sender, Peers_PULL_REPLY_PENDING))
   {
     LOG (GNUNET_ERROR_TYPE_WARNING,
-        "Received a pull reply from a peer we didn't request one from!\n");
+        "Received a pull reply from a peer (%s) we didn't request one from!\n",
+        GNUNET_i2s (sender));
     GNUNET_break_op (0);
     return GNUNET_SYSERR;
   }
@@ -3329,8 +3341,9 @@ static void
 handle_peer_pull_reply (void *cls,
                         const struct GNUNET_RPS_P2P_PullReplyMessage *msg)
 {
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id;
   const struct GNUNET_PeerIdentity *peers;
-  struct GNUNET_PeerIdentity *sender = cls;
   uint32_t i;
 #ifdef ENABLE_MALICIOUS
   struct AttackedPeer *tmp_att_peer;
@@ -3368,9 +3381,7 @@ handle_peer_pull_reply (void *cls,
       if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (att_peer_set,
                                                                &peers[i])
           && GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (mal_peer_set,
-                                                                  &peers[i])
-          && 0 != GNUNET_CRYPTO_cmp_peer_identity (&peers[i],
-                                                   &own_identity))
+                                                                  &peers[i]))
       {
         tmp_att_peer = GNUNET_new (struct AttackedPeer);
         tmp_att_peer->peer_id = peers[i];
@@ -3382,21 +3393,17 @@ handle_peer_pull_reply (void *cls,
       continue;
     }
     #endif /* ENABLE_MALICIOUS */
-    if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity,
-                                              &peers[i]))
-    {
-      /* Make sure we 'know' about this peer */
-      (void) Peers_insert_peer (&peers[i]);
+    /* Make sure we 'know' about this peer */
+    (void) Peers_insert_peer (&peers[i]);
 
-      if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
-      {
-        CustomPeerMap_put (pull_map, &peers[i]);
-      }
-      else
-      {
-        Peers_schedule_operation (&peers[i], insert_in_pull_map);
-        (void) Peers_issue_peer_liveliness_check (&peers[i]);
-      }
+    if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
+    {
+      CustomPeerMap_put (pull_map, &peers[i]);
+    }
+    else
+    {
+      Peers_schedule_operation (&peers[i], insert_in_pull_map);
+      (void) Peers_issue_peer_liveliness_check (&peers[i]);
     }
   }
 
@@ -3404,7 +3411,7 @@ handle_peer_pull_reply (void *cls,
   clean_peer (sender);
 
   GNUNET_break_op (Peers_check_peer_known (sender));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (sender));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 
 
@@ -3831,10 +3838,8 @@ do_round (void *cls)
     for (i = 0; i < a_peers; i++)
     {
       peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer)) // TODO
-      { // FIXME if this fails schedule/loop this for later
-        send_push (&peer);
-      }
+      // FIXME if this fails schedule/loop this for later
+      send_push (&peer);
     }
 
     /* Send PULL requests */
@@ -3852,8 +3857,7 @@ do_round (void *cls)
     for (i = first_border; i < second_border; i++)
     {
       peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer) &&
-          GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) // TODO
+      if ( GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING))
       { // FIXME if this fails schedule/loop this for later
         send_pull_request (&peer);
       }
@@ -3950,7 +3954,6 @@ do_round (void *cls)
                "-%s",
                GNUNET_i2s_full (&peers_to_clean[i]));
       clean_peer (&peers_to_clean[i]);
-      //peer_destroy_channel_send (sender);
     }
 
     GNUNET_array_grow (peers_to_clean, peers_to_clean_size, 0);
@@ -4006,7 +4009,6 @@ do_round (void *cls)
          GNUNET_i2s (update_peer));
     insert_in_sampler (NULL, update_peer);
     clean_peer (update_peer); /* This cleans only if it is not in the view */
-    //peer_destroy_channel_send (sender);
   }
 
   for (i = 0; i < CustomPeerMap_size (pull_map); i++)
@@ -4017,7 +4019,6 @@ do_round (void *cls)
     insert_in_sampler (NULL, CustomPeerMap_get_peer_by_index (pull_map, i));
     /* This cleans only if it is not in the view */
     clean_peer (CustomPeerMap_get_peer_by_index (pull_map, i));
-    //peer_destroy_channel_send (sender);
   }
 
 
@@ -4120,6 +4121,8 @@ shutdown_task (void *cls)
   struct ClientContext *client_ctx;
   struct ReplyCls *reply_cls;
 
+  in_shutdown = GNUNET_YES;
+
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "RPS is going down\n");
 
@@ -4364,10 +4367,17 @@ run (void *cls,
                                        NULL, /* WindowSize handler */
                                        cleanup_destroyed_channel, /* Disconnect handler */
                                        cadet_handlers);
+  if (NULL == cadet_port)
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Cadet port `%s' is already in use.\n",
+        GNUNET_APPLICATION_PORT_RPS);
+    GNUNET_assert (0);
+  }
 
 
   peerinfo_handle = GNUNET_PEERINFO_connect (cfg);
-  Peers_initialise (fn_valid_peers, cadet_handle, &own_identity);
+  Peers_initialise (fn_valid_peers, cadet_handle);
   GNUNET_free (fn_valid_peers);
 
   /* Initialise sampler */
diff --git a/src/rps/gnunet-service-rps_custommap.c b/src/rps/gnunet-service-rps_custommap.c
index 42507655b..9e003eb39 100644
--- a/src/rps/gnunet-service-rps_custommap.c
+++ b/src/rps/gnunet-service-rps_custommap.c
@@ -213,7 +213,7 @@ CustomPeerMap_remove_peer (const struct CustomPeerMap *c_peer_map,
     GNUNET_assert (NULL != last_index);
     GNUNET_assert (CustomPeerMap_size (c_peer_map) == *last_index);
     GNUNET_CONTAINER_multihashmap32_put (c_peer_map->hash_map, *index, last_p,
-        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST);
+        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
     GNUNET_CONTAINER_multihashmap32_remove_all (c_peer_map->hash_map, *last_index);
     *last_index = *index;
   }
diff --git a/src/rps/rps-test_util.c b/src/rps/rps-test_util.c
index d47e4952f..08fe96097 100644
--- a/src/rps/rps-test_util.c
+++ b/src/rps/rps-test_util.c
@@ -31,6 +31,17 @@
 
 #define LOG(kind, ...) GNUNET_log_from(kind,"rps-test_util",__VA_ARGS__)
 
+#define B2B_PAT "%c%c%c%c%c%c%c%c"
+#define B2B(byte)  \
+  (byte & 0x80 ? '1' : '0'), \
+  (byte & 0x40 ? '1' : '0'), \
+  (byte & 0x20 ? '1' : '0'), \
+  (byte & 0x10 ? '1' : '0'), \
+  (byte & 0x08 ? '1' : '0'), \
+  (byte & 0x04 ? '1' : '0'), \
+  (byte & 0x02 ? '1' : '0'), \
+  (byte & 0x01 ? '1' : '0')
+
 #ifndef TO_FILE
 #define TO_FILE
 #endif /* TO_FILE */
@@ -155,6 +166,9 @@ to_file_raw (const char *file_name, const char *buf, size_t size_buf)
 
     return;
   }
+  LOG (GNUNET_ERROR_TYPE_WARNING,
+       "Wrote %u bytes raw.\n",
+       size_written);
   if (GNUNET_YES != GNUNET_DISK_file_close (f))
     LOG (GNUNET_ERROR_TYPE_WARNING,
          "Unable to close file\n");
@@ -180,6 +194,8 @@ to_file_raw_unaligned (const char *file_name,
   //  num_bits_buf_unaligned = bits_needed % 8;
   //  return;
   //}
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Was asked to write %u bits\n", bits_needed);
 
   char buf_write[size_buf + 1];
   const unsigned bytes_iter = (0 != bits_needed % 8?
@@ -187,6 +203,14 @@ to_file_raw_unaligned (const char *file_name,
                                bits_needed/8);
   // TODO what if no iteration happens?
   unsigned size_buf_write = 0;
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "num_bits_buf_unaligned: %u\n",
+       num_bits_buf_unaligned);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "ua args: size_buf: %u, bits_needed: %u -> iter: %u\n",
+       size_buf,
+       bits_needed,
+       bytes_iter);
   buf_write[0] = buf_unaligned;
   /* Iterate over input bytes */
   for (unsigned i = 0; i < bytes_iter; i++)
@@ -227,17 +251,57 @@ to_file_raw_unaligned (const char *file_name,
     {
       num_bits_needed_iter = 8;
     }
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed in this iteration: %u\n",
+         num_bits_needed_iter);
     mask_bits_needed_iter = ((char) 1 << num_bits_needed_iter) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask needed bits (current iter): "B2B_PAT"\n",
+         B2B(mask_bits_needed_iter));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "Unaligned byte: "B2B_PAT" (%u bits)\n",
+         B2B(buf_unaligned),
+         num_bits_buf_unaligned);
     byte_input = buf[i];
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "next whole input byte: "B2B_PAT"\n",
+         B2B(byte_input));
     byte_input &= mask_bits_needed_iter;
     num_bits_to_align = 8 - num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "input byte, needed bits: "B2B_PAT"\n",
+         B2B(byte_input));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed to align unaligned bit: %u\n",
+         num_bits_to_align);
     num_bits_to_move  = min (num_bits_to_align, num_bits_needed_iter);
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits of new byte to move: %u\n",
+         num_bits_to_move);
     mask_input_to_move = ((char) 1 << num_bits_to_move) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask of bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(mask_input_to_move));
     bits_to_move = byte_input & mask_input_to_move;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "masked bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(bits_to_move));
     distance_shift_bits = num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "distance needed to shift bits to their correct spot: %u\n",
+         distance_shift_bits);
     bits_moving = bits_to_move << distance_shift_bits;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "shifted, masked bits of new byte being moved: "B2B_PAT"\n",
+         B2B(bits_moving));
     byte_to_fill = buf_unaligned | bits_moving;
-    if (num_bits_buf_unaligned + num_bits_needed_iter > 8)
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "byte being filled: "B2B_PAT"\n",
+         B2B(byte_to_fill));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "pending bytes: %u\n",
+         num_bits_buf_unaligned + num_bits_needed_iter);
+    if (num_bits_buf_unaligned + num_bits_needed_iter >= 8)
     {
       /* buf_unaligned was aligned by filling
        * -> can be written to storage */
@@ -246,10 +310,22 @@ to_file_raw_unaligned (const char *file_name,
 
       /* store the leftover, unaligned bits in buffer */
       mask_input_leftover = mask_bits_needed_iter & (~ mask_input_to_move);
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "mask of leftover bits of new byte: "B2B_PAT"\n",
+           B2B(mask_input_leftover));
       byte_input_leftover = byte_input & mask_input_leftover;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "masked, leftover bits of new byte: "B2B_PAT"\n",
+           B2B(byte_input_leftover));
       num_bits_leftover = num_bits_needed_iter - num_bits_to_move;
-      num_bits_discard = 8 - num_bits_needed_iter;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "number of unaligned bits left: %u\n",
+           num_bits_leftover);
+      //num_bits_discard = 8 - num_bits_needed_iter;
       byte_unaligned_new = byte_input_leftover >> num_bits_to_move;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "new unaligned byte: "B2B_PAT"\n",
+           B2B(byte_unaligned_new));
       buf_unaligned = byte_unaligned_new;
       num_bits_buf_unaligned = num_bits_leftover % 8;
     }
diff --git a/src/set/gnunet-service-set_intersection.c b/src/set/gnunet-service-set_intersection.c
index 254763b45..1083384f5 100644
--- a/src/set/gnunet-service-set_intersection.c
+++ b/src/set/gnunet-service-set_intersection.c
@@ -11,7 +11,7 @@
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
       Affero General Public License for more details.
-     
+
       You should have received a copy of the GNU Affero General Public License
       along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -23,6 +23,7 @@
  */
 #include "platform.h"
 #include "gnunet_util_lib.h"
+#include "gnunet_statistics_service.h"
 #include "gnunet-service-set.h"
 #include "gnunet_block_lib.h"
 #include "gnunet-service-set_protocol.h"
@@ -215,6 +216,10 @@ send_client_removed_element (struct Operation *op,
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Sending removed element (size %u) to client\n",
               element->size);
+  GNUNET_STATISTICS_update (_GSS_statistics,
+                            "# Element removed messages sent",
+                            1,
+                            GNUNET_NO);
   GNUNET_assert (0 != op->client_request_id);
   ev = GNUNET_MQ_msg_extra (rm,
                             element->size,
@@ -406,6 +411,10 @@ fail_intersection_operation (struct Operation *op)
 
   GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
               "Intersection operation failed\n");
+  GNUNET_STATISTICS_update (_GSS_statistics,
+                            "# Intersection operations failed",
+                            1,
+                            GNUNET_NO);
   if (NULL != op->state->my_elements)
   {
     GNUNET_CONTAINER_multihashmap_destroy (op->state->my_elements);
@@ -466,6 +475,10 @@ send_bloomfilter (struct Operation *op)
                                          op);
 
   /* send our Bloom filter */
+  GNUNET_STATISTICS_update (_GSS_statistics,
+                            "# Intersection Bloom filters sent",
+                            1,
+                            GNUNET_NO);
   chunk_size = 60 * 1024 - sizeof (struct BFMessage);
   if (bf_size <= chunk_size)
   {
@@ -534,6 +547,10 @@ send_client_done_and_destroy (void *cls)
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Intersection succeeded, sending DONE to local client\n");
+  GNUNET_STATISTICS_update (_GSS_statistics,
+                            "# Intersection operations succeeded",
+                            1,
+                            GNUNET_NO);
   ev = GNUNET_MQ_msg (rm,
                       GNUNET_MESSAGE_TYPE_SET_RESULT);
   rm->request_id = htonl (op->client_request_id);
diff --git a/src/set/gnunet-service-set_union.c b/src/set/gnunet-service-set_union.c
index 8c0c52d64..73d3f5c83 100644
--- a/src/set/gnunet-service-set_union.c
+++ b/src/set/gnunet-service-set_union.c
@@ -11,7 +11,7 @@
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
       Affero General Public License for more details.
-     
+
       You should have received a copy of the GNU Affero General Public License
       along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -758,8 +758,8 @@ get_order_from_difference (unsigned int diff)
  */
 static int
 send_full_element_iterator (void *cls,
-                       const struct GNUNET_HashCode *key,
-                       void *value)
+                            const struct GNUNET_HashCode *key,
+                            void *value)
 {
   struct Operation *op = cls;
   struct GNUNET_SET_ElementMessage *emsg;
@@ -1367,6 +1367,26 @@ send_client_element (struct Operation *op,
 
 
 /**
+ * Destroy remote channel.
+ *
+ * @param op operation
+ */
+static void
+destroy_channel (struct Operation *op)
+{
+  struct GNUNET_CADET_Channel *channel;
+
+  if (NULL != (channel = op->channel))
+  {
+    /* This will free op; called conditionally as this helper function
+       is also called from within the channel disconnect handler. */
+    op->channel = NULL;
+    GNUNET_CADET_channel_destroy (channel);
+  }
+}
+
+
+/**
  * Signal to the client that the operation has finished and
  * destroy the operation.
  *
@@ -1379,13 +1399,18 @@ send_client_done (void *cls)
   struct GNUNET_MQ_Envelope *ev;
   struct GNUNET_SET_ResultMessage *rm;
 
-  if (GNUNET_YES == op->state->client_done_sent) {
+  if (GNUNET_YES == op->state->client_done_sent)
+  {
     return;
   }
 
   if (PHASE_DONE != op->state->phase) {
     LOG (GNUNET_ERROR_TYPE_WARNING,
-         "union operation failed\n");
+         "Union operation failed\n");
+    GNUNET_STATISTICS_update (_GSS_statistics,
+                              "# Union operations failed",
+                              1,
+                              GNUNET_NO);
     ev = GNUNET_MQ_msg (rm, GNUNET_MESSAGE_TYPE_SET_RESULT);
     rm->result_status = htons (GNUNET_SET_STATUS_FAILURE);
     rm->request_id = htonl (op->client_request_id);
@@ -1397,6 +1422,10 @@ send_client_done (void *cls)
 
   op->state->client_done_sent = GNUNET_YES;
 
+  GNUNET_STATISTICS_update (_GSS_statistics,
+                            "# Union operations succeeded",
+                            1,
+                            GNUNET_NO);
   LOG (GNUNET_ERROR_TYPE_INFO,
        "Signalling client that union operation is done\n");
   ev = GNUNET_MQ_msg (rm,
diff --git a/src/transport/test_quota_compliance.c b/src/transport/test_quota_compliance.c
index 0ef3c864a..cd93ff855 100644
--- a/src/transport/test_quota_compliance.c
+++ b/src/transport/test_quota_compliance.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -65,6 +65,8 @@ report ()
   unsigned long long datarate;
 
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   datarate = (total_bytes_recv * 1000 * 1000) / delta;
 
   FPRINTF (stderr,
diff --git a/src/transport/test_transport_api_reliability.c b/src/transport/test_transport_api_reliability.c
index 86e2a7e9d..c6e77bae0 100644
--- a/src/transport/test_transport_api_reliability.c
+++ b/src/transport/test_transport_api_reliability.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -174,6 +174,8 @@ custom_shutdown (void *cls)
 
   /* Calculcate statistics   */
   delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
   rate = (1000LL* 1000ll * total_bytes) / (1024 * delta);
   FPRINTF (stderr,
            "\nThroughput was %llu KiBytes/s\n",
diff --git a/src/util/.gitignore b/src/util/.gitignore
index 23139a1ab..7b190ca76 100644
--- a/src/util/.gitignore
+++ b/src/util/.gitignore
@@ -69,3 +69,7 @@ perf_crypto_hash
 perf_crypto_symmetric
 perf_crypto_rsa
 perf_crypto_ecc_dlog
+test_hexcoder 
+test_regex
+test_tun
+gnunet-timeout
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index ec7bcb016..4ae073c2c 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -166,6 +166,7 @@ lib_LTLIBRARIES = libgnunetutil.la
 
 libexec_PROGRAMS = \
  gnunet-service-resolver \
+ gnunet-timeout \
  $(W32CONSOLEHELPER)
 
 bin_SCRIPTS =\
@@ -192,6 +193,15 @@ endif
 endif
 
 
+if !MINGW
+gnunet_timeout_SOURCES = \
+ gnunet-timeout.c
+else
+gnunet_timeout_SOURCES = \
+ gnunet-timeout-w32.c
+endif
+
+
 do_subst = $(SED) -e 's,[@]PYTHON[@],$(PYTHON),g'
 
 gnunet-qr: gnunet-qr.py.in Makefile
@@ -334,12 +344,12 @@ test_hexcoder_LDADD = \
 test_tun_SOURCES = \
  test_tun.c
 test_tun_LDADD = \
- libgnunetutil.la 
+ libgnunetutil.la
 
 test_regex_SOURCES = \
  test_regex.c
 test_regex_LDADD = \
- libgnunetutil.la 
+ libgnunetutil.la
 
 test_os_start_process_SOURCES = \
  test_os_start_process.c
@@ -622,4 +632,4 @@ EXTRA_DIST = \
   test_resolver_api_data.conf \
   test_service_data.conf \
   test_speedup_data.conf \
-  gnunet-qr.py.in 
+  gnunet-qr.py.in
diff --git a/src/util/client.c b/src/util/client.c
index 44e326eab..1f569255a 100644
--- a/src/util/client.c
+++ b/src/util/client.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -721,6 +721,17 @@ test_service_configuration (const char *service_name,
                                                 &unixpath)) &&
       (0 < strlen (unixpath)))
     ret = GNUNET_OK;
+  else if ((GNUNET_OK ==
+            GNUNET_CONFIGURATION_have_value (cfg,
+                                             service_name,
+                                             "UNIXPATH")))
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               service_name,
+                               "UNIXPATH",
+                               _("not a valid filename"));
+    return GNUNET_SYSERR; /* UNIXPATH specified but invalid! */
+  }
   GNUNET_free_non_null (unixpath);
 #endif
 
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 8410b7835..fe1f58df7 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
 
 /**
  * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
  *
  * @param key secret key
+ * @param key_len secret key length
  * @param plaintext input plaintext
  * @param plaintext_len length of @a plaintext
  * @param hmac where to store the hmac
  */
 void
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
                     const void *plaintext, size_t plaintext_len,
                     struct GNUNET_HashCode *hmac)
 {
@@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
   {
     gcry_md_reset (md);
   }
-  gcry_md_setkey (md, key->key, sizeof (key->key));
+  gcry_md_setkey (md, key, key_len);
   gcry_md_write (md, plaintext, plaintext_len);
   mc = gcry_md_read (md, GCRY_MD_SHA512);
   GNUNET_assert (NULL != mc);
@@ -399,6 +402,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
 
 
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac)
+{
+  GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+                          plaintext, plaintext_len,
+                          hmac);
+}
+
+
+/**
  * Context for cummulative hashing.
  */
 struct GNUNET_HashContext
diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c
index cce68f2ee..24f1b18cf 100644
--- a/src/util/dnsparser.c
+++ b/src/util/dnsparser.c
@@ -11,7 +11,7 @@
       WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
       Affero General Public License for more details.
-     
+
       You should have received a copy of the GNU Affero General Public License
       along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
@@ -759,6 +759,122 @@ GNUNET_DNSPARSER_parse (const char *udp_payload,
 
 
 /**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_Record *
+GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r)
+{
+  struct GNUNET_DNSPARSER_Record *dup = GNUNET_memdup (r, sizeof (*r));
+
+  dup->name = GNUNET_strdup (r->name);
+  switch (r->type)
+  {
+    case GNUNET_DNSPARSER_TYPE_NS:
+    case GNUNET_DNSPARSER_TYPE_CNAME:
+    case GNUNET_DNSPARSER_TYPE_PTR:
+    {
+      dup->data.hostname = GNUNET_strdup (r->data.hostname);
+      break;
+    }
+    case GNUNET_DNSPARSER_TYPE_SOA:
+    {
+      dup->data.soa = GNUNET_DNSPARSER_duplicate_soa_record (r->data.soa);
+      break;
+    }
+    case GNUNET_DNSPARSER_TYPE_CERT:
+    {
+      dup->data.cert = GNUNET_DNSPARSER_duplicate_cert_record (r->data.cert);
+      break;
+    }
+    case GNUNET_DNSPARSER_TYPE_MX:
+    {
+      dup->data.mx = GNUNET_DNSPARSER_duplicate_mx_record (r->data.mx);
+      break;
+    }
+    case GNUNET_DNSPARSER_TYPE_SRV:
+    {
+      dup->data.srv = GNUNET_DNSPARSER_duplicate_srv_record (r->data.srv);
+      break;
+    }
+    default:
+    {
+      dup->data.raw.data = GNUNET_memdup (r->data.raw.data,
+                                          r->data.raw.data_len);
+    }
+  }
+  return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SoaRecord *
+GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r)
+{
+  struct GNUNET_DNSPARSER_SoaRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+  dup->mname = GNUNET_strdup (r->mname);
+  dup->rname = GNUNET_strdup (r->rname);
+  return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r)
+{
+  struct GNUNET_DNSPARSER_CertRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+  dup->certificate_data = GNUNET_strdup (r->certificate_data);
+  return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_MxRecord *
+GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r)
+{
+  struct GNUNET_DNSPARSER_MxRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+  dup->mxhost = GNUNET_strdup (r->mxhost);
+  return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SrvRecord *
+GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r)
+{
+  struct GNUNET_DNSPARSER_SrvRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+  dup->target = GNUNET_strdup (r->target);
+  return dup;
+}
+
+
+/**
  * Free memory taken by a packet.
  *
  * @param p packet to free
@@ -840,8 +956,11 @@ GNUNET_DNSPARSER_builder_add_name (char *dst,
       len = dot - idna_name;
     if ( (len >= 64) || (0 == len) )
     {
-      GNUNET_break (0);
-      goto fail; /* segment too long or empty */
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Invalid DNS name `%s': label with %u characters encountered\n",
+                  name,
+                  (unsigned int) len);
+      goto fail; /* label too long or empty */
     }
     dst[pos++] = (char) (uint8_t) len;
     GNUNET_memcpy (&dst[pos],
diff --git a/src/util/gnunet-service-resolver.c b/src/util/gnunet-service-resolver.c
index d90d8ec10..5b890261b 100644
--- a/src/util/gnunet-service-resolver.c
+++ b/src/util/gnunet-service-resolver.c
@@ -27,721 +27,559 @@
 #include "gnunet_statistics_service.h"
 #include "resolver.h"
 
+
+struct Record
+{
+  struct Record *next;
+
+  struct Record *prev;
+
+  struct GNUNET_DNSPARSER_Record *record;
+};
+
 /**
- * A cached DNS lookup result (for reverse lookup).
+ * A cached DNS lookup result.
  */
-struct IPCache
+struct ResolveCache
 {
   /**
    * This is a doubly linked list.
    */
-  struct IPCache *next;
+  struct ResolveCache *next;
 
   /**
    * This is a doubly linked list.
    */
-  struct IPCache *prev;
+  struct ResolveCache *prev;
 
   /**
-   * Hostname in human-readable form.
+   * type of queried DNS record
    */
-  char *addr;
+  uint16_t record_type;
 
   /**
-   * Binary IP address, allocated at the end of this struct.
+   * a pointer to the request_id if a query for this hostname/record_type
+   * is currently pending, NULL otherwise.
    */
-  const void *ip;
+  int16_t *request_id;
 
   /**
-   * Last time this entry was updated.
+   * The client that queried the records contained in this cache entry.
    */
-  struct GNUNET_TIME_Absolute last_refresh;
+  struct GNUNET_SERVICE_Client *client;
 
   /**
-   * Last time this entry was requested.
+   * head of a double linked list containing the lookup results
    */
-  struct GNUNET_TIME_Absolute last_request;
+  struct Record *records_head;
 
   /**
-   * Number of bytes in ip.
+   * tail of a double linked list containing the lookup results
    */
-  size_t ip_len;
+  struct Record *records_tail;
 
   /**
-   * Address family of the IP.
+   * handle for cancelling a request
    */
-  int af;
+  struct GNUNET_DNSSTUB_RequestSocket *resolve_handle;
+
+  /**
+   * handle for the resolution timeout task
+   */
+  struct GNUNET_SCHEDULER_Task *timeout_task;
+
 };
 
 
 /**
  * Start of the linked list of cached DNS lookup results.
  */
-static struct IPCache *cache_head;
+static struct ResolveCache *cache_head;
 
 /**
  * Tail of the linked list of cached DNS lookup results.
  */
-static struct IPCache *cache_tail;
+static struct ResolveCache *cache_tail;
 
 /**
- * Pipe for asynchronously notifying about resolve result
+ * context of dnsstub library
  */
-static struct GNUNET_DISK_PipeHandle *resolve_result_pipe;
+static struct GNUNET_DNSSTUB_Context *dnsstub_ctx;
 
-/**
- * Task for reading from resolve_result_pipe
- */
-static struct GNUNET_SCHEDULER_Task *resolve_result_pipe_task;
 
-
-#if HAVE_GETNAMEINFO
-/**
- * Resolve the given request using getnameinfo
- *
- * @param cache the request to resolve (and where to store the result)
- */
-static void
-getnameinfo_resolve (struct IPCache *cache)
+void free_cache_entry (struct ResolveCache *entry)
 {
-  char hostname[256];
-  const struct sockaddr *sa;
-  struct sockaddr_in v4;
-  struct sockaddr_in6 v6;
-  size_t salen;
-  int ret;
-
-  switch (cache->af)
+  struct Record *pos;
+  struct Record *next;
+ 
+  next = entry->records_head;
+  while (NULL != (pos = next))
   {
-  case AF_INET:
-    GNUNET_assert (cache->ip_len == sizeof (struct in_addr));
-    sa = (const struct sockaddr*) &v4;
-    memset (&v4, 0, sizeof (v4));
-    v4.sin_addr = * (const struct in_addr*) cache->ip;
-    v4.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-    v4.sin_len = sizeof (v4);
-#endif
-    salen = sizeof (v4);
-    break;
-  case AF_INET6:
-    GNUNET_assert (cache->ip_len == sizeof (struct in6_addr));
-    sa = (const struct sockaddr*) &v6;
-    memset (&v6, 0, sizeof (v6));
-    v6.sin6_addr = * (const struct in6_addr*) cache->ip;
-    v6.sin6_family = AF_INET6;
-#if HAVE_SOCKADDR_IN_SIN_LEN
-    v6.sin6_len = sizeof (v6);
-#endif
-    salen = sizeof (v6);
-    break;
-  default:
-    GNUNET_assert (0);
+    next = pos->next;
+    GNUNET_CONTAINER_DLL_remove (entry->records_head,
+                                 entry->records_tail,
+                                 pos);
+    if (NULL != pos->record)
+    {
+      GNUNET_DNSPARSER_free_record (pos->record);
+      GNUNET_free (pos->record);
+    }
+    GNUNET_free (pos);
   }
-
-  if (0 ==
-      (ret = getnameinfo (sa, salen,
-                          hostname, sizeof (hostname),
-                          NULL,
-                          0, 0)))
+  if (NULL != entry->resolve_handle)
   {
-    cache->addr = GNUNET_strdup (hostname);
+    GNUNET_DNSSTUB_resolve_cancel (entry->resolve_handle);
+    entry->resolve_handle = NULL;
   }
-  else
+  if (NULL != entry->timeout_task)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "getnameinfo failed: %s\n",
-                gai_strerror (ret));
+    GNUNET_SCHEDULER_cancel (entry->timeout_task);
+    entry->timeout_task = NULL;
   }
+  GNUNET_free_non_null (entry->request_id);
+  GNUNET_free (entry);
 }
-#endif
 
 
-#if HAVE_GETHOSTBYADDR
+static char*
+extract_dns_server (const char* line, size_t line_len)
+{
+  if (0 == strncmp (line, "nameserver ", 11))
+    return GNUNET_strndup (line + 11, line_len - 11);
+  return NULL;
+}
+
+ 
 /**
- * Resolve the given request using gethostbyaddr
+ * reads the list of nameservers from /etc/resolve.conf
  *
- * @param cache the request to resolve (and where to store the result)
+ * @param server_addrs[out] a list of null-terminated server address strings
+ * @return the number of server addresses in @server_addrs, -1 on error
  */
-static void
-gethostbyaddr_resolve (struct IPCache *cache)
+static ssize_t
+lookup_dns_servers (char ***server_addrs)
 {
-  struct hostent *ent;
-
-  ent = gethostbyaddr (cache->ip,
-                       cache->ip_len,
-                       cache->af);
-  if (NULL != ent)
+  struct GNUNET_DISK_FileHandle *fh;
+  char buf[2048];
+  ssize_t bytes_read;
+  size_t read_offset = 0;
+  unsigned int num_dns_servers = 0;
+    
+  fh = GNUNET_DISK_file_open ("/etc/resolv.conf",
+                              GNUNET_DISK_OPEN_READ,
+                              GNUNET_DISK_PERM_NONE);
+  if (NULL == fh)
   {
-    cache->addr = GNUNET_strdup (ent->h_name);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Could not open /etc/resolv.conf. "
+                "DNS resolution will not be possible.\n");
+    return -1;
   }
-  else
+  bytes_read = GNUNET_DISK_file_read (fh,
+                                      buf,
+                                      sizeof (buf));
+  *server_addrs = NULL;
+  while (read_offset < bytes_read)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "gethostbyaddr failed: %s\n",
-                hstrerror (h_errno));
+    char *newline;
+    size_t line_len;
+    char *dns_server;
+    
+    newline = strchr (buf + read_offset, '\n');
+    if (NULL == newline)
+    {
+      break;
+    }
+    line_len = newline - buf - read_offset;
+    dns_server = extract_dns_server (buf + read_offset, line_len);
+    if (NULL != dns_server)
+    {
+      GNUNET_array_append (*server_addrs,
+                           num_dns_servers,
+                           dns_server);
+    }
+    read_offset += line_len + 1;
   }
+  GNUNET_DISK_file_close (fh);
+  return num_dns_servers;
 }
-#endif
 
 
-/**
- * Resolve the given request using the available methods.
- *
- * @param cache the request to resolve (and where to store the result)
- */
-static void
-cache_resolve (struct IPCache *cache)
+static char *
+make_reverse_hostname (const void *ip, int af)
 {
-#if HAVE_GETNAMEINFO
-  if (NULL == cache->addr)
-    getnameinfo_resolve (cache);
-#endif
-#if HAVE_GETHOSTBYADDR
-  if (NULL == cache->addr)
-    gethostbyaddr_resolve (cache);
-#endif
+  char *buf = GNUNET_new_array (80, char);
+  int pos = 0;
+  if (AF_INET == af)
+  {
+    struct in_addr *addr = (struct in_addr *)ip;
+    uint32_t ip_int = addr->s_addr;
+    for (int i = 3; i >= 0; i--)
+    {
+      int n = GNUNET_snprintf (buf + pos,
+                               80 - pos,
+                               "%u.",
+                               ((uint8_t *)&ip_int)[i]);
+      if (n < 0)
+      {
+        GNUNET_free (buf);
+        return NULL;
+      }
+      pos += n;
+    }
+    pos += GNUNET_snprintf (buf + pos, 80 - pos, "in-addr.arpa");
+  }
+  else if (AF_INET6 == af)
+  {
+    struct in6_addr *addr = (struct in6_addr *)ip;
+    for (int i = 15; i >= 0; i--)
+    {
+      int n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] & 0xf);
+      if (n < 0)
+      {
+        GNUNET_free (buf);
+        return NULL;
+      }
+      pos += n;
+      n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] >> 4);
+      if (n < 0)
+      {
+        GNUNET_free (buf);
+        return NULL;
+      }
+      pos += n;
+    }
+    pos += GNUNET_snprintf (buf + pos, 80 - pos, "ip6.arpa");
+  }
+  buf[pos] = '\0';
+  return buf;
 }
 
 
-/**
- * Function called after the replies for the request have all
- * been transmitted to the client, and we can now read the next
- * request from the client.
- *
- * @param cls the `struct GNUNET_SERVICE_Client` to continue with
- */
 static void
-notify_service_client_done (void *cls)
+send_reply (struct GNUNET_DNSPARSER_Record *record,
+            uint16_t request_id,
+            struct GNUNET_SERVICE_Client *client)
 {
-  struct GNUNET_SERVICE_Client *client = cls;
-
-  GNUNET_SERVICE_client_continue (client);
-}
-
-
-/**
- * Get an IP address as a string (works for both IPv4 and IPv6).  Note
- * that the resolution happens asynchronously and that the first call
- * may not immediately result in the FQN (but instead in a
- * human-readable IP address).
- *
- * @param client handle to the client making the request (for sending the reply)
- * @param af AF_INET or AF_INET6
- * @param ip `struct in_addr` or `struct in6_addr`
- */
-static void
-get_ip_as_string (struct GNUNET_SERVICE_Client *client,
-                  int af,
-                  const void *ip,
-                  uint32_t request_id)
-{
-  struct IPCache *pos;
-  struct IPCache *next;
-  struct GNUNET_TIME_Absolute now;
-  struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_MQ_Handle *mq;
   struct GNUNET_RESOLVER_ResponseMessage *msg;
-  size_t ip_len;
-  struct in6_addr ix;
-  size_t alen;
+  struct GNUNET_MQ_Envelope *env;
+  void *payload;
+  size_t payload_len;
 
-  switch (af)
-  {
-  case AF_INET:
-    ip_len = sizeof (struct in_addr);
-    break;
-  case AF_INET6:
-    ip_len = sizeof (struct in6_addr);
-    break;
-  default:
-    GNUNET_assert (0);
-  }
-  now = GNUNET_TIME_absolute_get ();
-  next = cache_head;
-  while ( (NULL != (pos = next)) &&
-          ( (pos->af != af) ||
-            (pos->ip_len != ip_len) ||
-            (0 != memcmp (pos->ip, ip, ip_len))) )
+  switch (record->type)
   {
-    next = pos->next;
-    if (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us <
-        60 * 60 * 1000 * 1000LL)
+    case GNUNET_DNSPARSER_TYPE_PTR:
     {
-      GNUNET_CONTAINER_DLL_remove (cache_head,
-                                   cache_tail,
-                                   pos);
-      GNUNET_free_non_null (pos->addr);
-      GNUNET_free (pos);
-      continue;
+      char *hostname = record->data.hostname;
+      payload = hostname;
+      payload_len = strlen (hostname) + 1;
+      break;
     }
-  }
-  if (NULL != pos)
-  {
-    if ( (1 == inet_pton (af,
-                          pos->ip,
-                          &ix)) &&
-         (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us >
-          120 * 1000 * 1000LL) )
+    case GNUNET_DNSPARSER_TYPE_A:
+    case GNUNET_DNSPARSER_TYPE_AAAA:
     {
-      /* try again if still numeric AND 2 minutes have expired */
-      GNUNET_free_non_null (pos->addr);
-      pos->addr = NULL;
-      cache_resolve (pos);
-      pos->last_request = now;
+      payload = record->data.raw.data;
+      payload_len = record->data.raw.data_len;
+      break;         
+    }
+    default:
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Cannot handle DNS response type: unimplemented\n");
+      return;
     }
   }
-  else
-  {
-    pos = GNUNET_malloc (sizeof (struct IPCache) + ip_len);
-    pos->ip = &pos[1];
-    GNUNET_memcpy (&pos[1],
-                   ip,
-                   ip_len);
-    pos->last_request = now;
-    pos->last_refresh = now;
-    pos->ip_len = ip_len;
-    pos->af = af;
-    GNUNET_CONTAINER_DLL_insert (cache_head,
-                                 cache_tail,
-                                 pos);
-    cache_resolve (pos);
-  }
-  if (NULL != pos->addr)
-    alen = strlen (pos->addr) + 1;
-  else
-    alen = 0;
-  mq = GNUNET_SERVICE_client_get_mq (client);
   env = GNUNET_MQ_msg_extra (msg,
-                             alen,
-                             GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
+                             payload_len,
+                             GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
   msg->id = request_id;
   GNUNET_memcpy (&msg[1],
-                 pos->addr,
-                 alen);
-  GNUNET_MQ_send (mq,
-                  env);
-  // send end message
-  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-  msg->id = request_id;
-  GNUNET_MQ_notify_sent (env,
-                         &notify_service_client_done,
-                         client);
-  GNUNET_MQ_send (mq,
-                  env);
+                 payload,
+                 payload_len);
+  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+                  env);
 }
 
 
-#if HAVE_GETADDRINFO_A
-struct AsyncCls
-{
-  struct gaicb *host;
-  struct sigevent *sig;
-  struct GNUNET_MQ_Handle *mq;
-  uint32_t request_id;
-};
-
-
 static void
-resolve_result_pipe_cb (void *cls)
+send_end_msg (uint16_t request_id,
+              struct GNUNET_SERVICE_Client *client)
 {
-  struct AsyncCls *async_cls;
-  struct gaicb *host;
   struct GNUNET_RESOLVER_ResponseMessage *msg;
   struct GNUNET_MQ_Envelope *env;
 
-  GNUNET_DISK_file_read (GNUNET_DISK_pipe_handle (resolve_result_pipe,
-                                                  GNUNET_DISK_PIPE_END_READ),
-                         &async_cls,
-                         sizeof (struct AsyncCls *));
-  resolve_result_pipe_task =
-    GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
-                                    GNUNET_DISK_pipe_handle (resolve_result_pipe,
-                                                             GNUNET_DISK_PIPE_END_READ),
-                                    &resolve_result_pipe_cb,
-                                    NULL);
-  host = async_cls->host;
-  for (struct addrinfo *pos = host->ar_result; pos != NULL; pos = pos->ai_next)
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Sending end message\n");
+  env = GNUNET_MQ_msg (msg,
+                       GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
+  msg->id = request_id;
+  GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+                  env);
+}
+
+
+static void
+handle_resolve_result (void *cls,
+                       const struct GNUNET_TUN_DnsHeader *dns,
+                       size_t dns_len)
+{
+  struct ResolveCache *cache = cls;
+  struct GNUNET_DNSPARSER_Packet *parsed;
+  uint16_t request_id = *cache->request_id;
+  struct GNUNET_SERVICE_Client *client = cache->client;
+
+  parsed = GNUNET_DNSPARSER_parse ((const char *)dns,
+                                   dns_len);
+  if (NULL == parsed)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to parse DNS reply (request ID %u\n",
+                request_id);
+    return;
+  }
+  if (request_id != ntohs (parsed->id))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Request ID in DNS reply does not match\n");
+    return;
+  }
+  else if (0 == parsed->num_answers)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "DNS reply (request ID %u) contains no answers\n",
+                request_id);
+    GNUNET_CONTAINER_DLL_remove (cache_head,
+                                 cache_tail,
+                                 cache);
+    free_cache_entry (cache);
+    cache = NULL;
+  }
+  else
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Lookup result for hostname %s: %s (request ID %u)\n",
-                host->ar_name,
-                GNUNET_a2s (pos->ai_addr, pos->ai_addrlen),
-                async_cls->request_id);
-    switch (pos->ai_family)
+                "Got reply for request ID %u\n",
+                request_id);
+    for (unsigned int i = 0; i != parsed->num_answers; i++)
     {
-    case AF_INET:
-      env = GNUNET_MQ_msg_extra (msg,
-                                 sizeof (struct in_addr),
-                                 GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-      msg->id = async_cls->request_id;
-      GNUNET_memcpy (&msg[1],
-                     &((struct sockaddr_in*) pos->ai_addr)->sin_addr,
-                     sizeof (struct in_addr));
-      GNUNET_MQ_send (async_cls->mq,
-                      env);
-      break;
-    case AF_INET6:
-      env = GNUNET_MQ_msg_extra (msg,
-                                 sizeof (struct in6_addr),
-                                 GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-      msg->id = async_cls->request_id;
-      GNUNET_memcpy (&msg[1],
-                     &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr,
-                     sizeof (struct in6_addr));
-      GNUNET_MQ_send (async_cls->mq,
-                      env);
-      break;
-    default:
-      /* unsupported, skip */
-      break;
+      struct Record *cache_entry = GNUNET_new (struct Record);
+      struct GNUNET_DNSPARSER_Record *record = &parsed->answers[i];
+      cache_entry->record = GNUNET_DNSPARSER_duplicate_record (record);
+      GNUNET_CONTAINER_DLL_insert (cache->records_head,
+                                   cache->records_tail,
+                                   cache_entry);
+      send_reply (cache_entry->record,
+                  request_id,
+                  cache->client);
     }
+    GNUNET_free_non_null (cache->request_id);
+    cache->request_id = NULL;
   }
-  // send end message
-  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-  msg->id = async_cls->request_id;
-  GNUNET_MQ_send (async_cls->mq,
-                  env);
-  freeaddrinfo (host->ar_result);
-  GNUNET_free ((struct gaicb *)host->ar_request); // free hints
-  GNUNET_free (host);
-  GNUNET_free (async_cls->sig);
-  GNUNET_free (async_cls);
+  send_end_msg (request_id,
+                client);
+  if (NULL != cache)
+    cache->client = NULL;
+  if (NULL != cache)
+  {
+    if (NULL != cache->timeout_task)
+    { 
+      GNUNET_SCHEDULER_cancel (cache->timeout_task);
+      cache->timeout_task = NULL;
+    }
+    if (NULL != cache->resolve_handle)
+    {
+      GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle);
+      cache->resolve_handle = NULL;
+    }
+  }
+  GNUNET_DNSPARSER_free_packet (parsed);
 }
 
 
 static void
-handle_async_result (union sigval val) 
+handle_resolve_timeout (void *cls)
 {
-  GNUNET_DISK_file_write (GNUNET_DISK_pipe_handle (resolve_result_pipe,
-                                                   GNUNET_DISK_PIPE_END_WRITE),
-                          &val.sival_ptr,
-                          sizeof (val.sival_ptr));
+  struct ResolveCache *cache = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 
+              "timeout!\n");
+  if (NULL != cache->resolve_handle)
+  {
+    GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle);
+    cache->resolve_handle = NULL;
+  }
+  GNUNET_CONTAINER_DLL_remove (cache_head,
+                               cache_tail,
+                               cache);
+  free_cache_entry (cache);
 }
 
 
 static int
-getaddrinfo_a_resolve (struct GNUNET_MQ_Handle *mq,
-                       const char *hostname,
-                       int af,
-                       uint32_t request_id)
+resolve_and_cache (const char* hostname,
+                   uint16_t record_type,
+                   uint16_t request_id,
+                   struct GNUNET_SERVICE_Client *client)
 {
-  int ret;
-  struct gaicb *host;
-  struct addrinfo *hints; 
-  struct sigevent *sig;
-  struct AsyncCls *async_cls;
-
-  host = GNUNET_new (struct gaicb);
-  hints = GNUNET_new (struct addrinfo);
-  sig = GNUNET_new (struct sigevent);
-  async_cls = GNUNET_new (struct AsyncCls);
-  memset (hints,
+  char *packet_buf;
+  size_t packet_size;
+  struct GNUNET_DNSPARSER_Query query;
+  struct GNUNET_DNSPARSER_Packet packet;
+  struct ResolveCache *cache;
+  struct GNUNET_TIME_Relative timeout =
+    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5);
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "resolve_and_cache\n");
+  query.name = (char *)hostname;
+  query.type = record_type;
+  query.dns_traffic_class = GNUNET_TUN_DNS_CLASS_INTERNET;
+  memset (&packet,
           0,
-          sizeof (struct addrinfo));
-  memset (sig,
-          0,
-          sizeof (struct sigevent));
-  hints->ai_family = af;
-  hints->ai_socktype = SOCK_STREAM;      /* go for TCP */
-  host->ar_name = hostname;
-  host->ar_service = NULL;
-  host->ar_request = hints;
-  host->ar_result = NULL;
-  sig->sigev_notify = SIGEV_THREAD;
-  sig->sigev_value.sival_ptr = async_cls;
-  sig->sigev_notify_function = &handle_async_result; 
-  async_cls->host = host;
-  async_cls->sig = sig;
-  async_cls->mq = mq;
-  async_cls->request_id = request_id;
-  ret = getaddrinfo_a (GAI_NOWAIT,
-                       &host,
-                       1,
-                       sig);
-  if (0 != ret)
+          sizeof (packet));
+  packet.num_queries = 1;
+  packet.queries = &query;
+  packet.id = htons (request_id);
+  packet.flags.recursion_desired = 1;
+  if (GNUNET_OK != 
+      GNUNET_DNSPARSER_pack (&packet,
+                             UINT16_MAX,
+                             &packet_buf,
+                             &packet_size))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to pack query for hostname `%s'\n",
+                hostname);
     return GNUNET_SYSERR;
+ 
+  }
+  cache = GNUNET_malloc (sizeof (struct ResolveCache));
+  cache->record_type = record_type;
+  cache->request_id = GNUNET_memdup (&request_id, sizeof (request_id));
+  cache->client = client;
+  cache->timeout_task = GNUNET_SCHEDULER_add_delayed (timeout,
+                                                      &handle_resolve_timeout,
+                                                      cache);
+  cache->resolve_handle = 
+    GNUNET_DNSSTUB_resolve (dnsstub_ctx,
+                            packet_buf,
+                            packet_size,
+                            &handle_resolve_result,
+                            cache);
+  GNUNET_CONTAINER_DLL_insert (cache_head,
+                               cache_tail,
+                               cache);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "resolve %s, request_id = %u\n",
+              hostname,
+              request_id);
+  GNUNET_free (packet_buf);
   return GNUNET_OK;
 }
 
 
-#elif HAVE_GETADDRINFO
-static int
-getaddrinfo_resolve (struct GNUNET_MQ_Handle *mq,
-                     const char *hostname,
-                     int af,
-                     uint32_t request_id)
+static const char *
+get_hostname (struct ResolveCache *cache_entry)
 {
-  int s;
-  struct addrinfo hints;
-  struct addrinfo *result;
-  struct addrinfo *pos;
-  struct GNUNET_RESOLVER_ResponseMessage *msg;
-  struct GNUNET_MQ_Envelope *env;
-
-#ifdef WINDOWS
-  /* Due to a bug, getaddrinfo will not return a mix of different families */
-  if (AF_UNSPEC == af)
+  if (NULL != cache_entry->records_head)
   {
-    int ret1;
-    int ret2;
-    ret1 = getaddrinfo_resolve (mq,
-                                hostname,
-                                AF_INET,
-                                request_id);
-    ret2 = getaddrinfo_resolve (mq,
-                                hostname,
-                                AF_INET6,
-                                request_id);
-    if ( (ret1 == GNUNET_OK) ||
-         (ret2 == GNUNET_OK) )
-      return GNUNET_OK;
-    if ( (ret1 == GNUNET_SYSERR) ||
-         (ret2 == GNUNET_SYSERR) )
-      return GNUNET_SYSERR;
-    return GNUNET_NO;
+    GNUNET_assert (NULL != cache_entry->records_head);
+    GNUNET_assert (NULL != cache_entry->records_head->record);
+    GNUNET_assert (NULL != cache_entry->records_head->record->name);
+    return cache_entry->records_head->record->name;
   }
-#endif
-
-  memset (&hints,
-          0,
-          sizeof (struct addrinfo));
-  hints.ai_family = af;
-  hints.ai_socktype = SOCK_STREAM;      /* go for TCP */
-
-  if (0 != (s = getaddrinfo (hostname,
-                             NULL,
-                             &hints,
-                             &result)))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                _("Could not resolve `%s' (%s): %s\n"),
-                hostname,
-                (af ==
-                 AF_INET) ? "IPv4" : ((af == AF_INET6) ? "IPv6" : "any"),
-                gai_strerror (s));
-    if ( (s == EAI_BADFLAGS) ||
-#ifndef WINDOWS
-         (s == EAI_SYSTEM) ||
-#endif
-         (s == EAI_MEMORY) )
-      return GNUNET_NO;         /* other function may still succeed */
-    return GNUNET_SYSERR;
-  }
-  if (NULL == result)
-    return GNUNET_SYSERR;
-  for (pos = result; pos != NULL; pos = pos->ai_next)
-  {
-    switch (pos->ai_family)
-    {
-    case AF_INET:
-      env = GNUNET_MQ_msg_extra (msg,
-                                 sizeof (struct in_addr),
-                                 GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-      msg->id = request_id;
-      GNUNET_memcpy (&msg[1],
-                     &((struct sockaddr_in*) pos->ai_addr)->sin_addr,
-                     sizeof (struct in_addr));
-      GNUNET_MQ_send (mq,
-                      env);
-      break;
-    case AF_INET6:
-      env = GNUNET_MQ_msg_extra (msg,
-                                 sizeof (struct in6_addr),
-                                 GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-      msg->id = request_id;
-      GNUNET_memcpy (&msg[1],
-                     &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr,
-                     sizeof (struct in6_addr));
-      GNUNET_MQ_send (mq,
-                      env);
-      break;
-    default:
-      /* unsupported, skip */
-      break;
-    }
-  }
-  freeaddrinfo (result);
-  return GNUNET_OK;
+  return NULL;
 }
 
 
-#elif HAVE_GETHOSTBYNAME2
-
-
-static int
-gethostbyname2_resolve (struct GNUNET_MQ_Handle *mq,
-                        const char *hostname,
-                        int af,
-                        uint32_t request_id)
+static const uint16_t *
+get_record_type (struct ResolveCache *cache_entry)
 {
-  struct hostent *hp;
-  int ret1;
-  int ret2;
-  struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_RESOLVER_ResponseMessage *msg;
+  if (NULL != cache_entry->records_head)
+    return &cache_entry->record_type;
+  return NULL; 
+}
 
-#ifdef WINDOWS
-  /* gethostbyname2() in plibc is a compat dummy that calls gethostbyname(). */
-  return GNUNET_NO;
-#endif
 
-  if (af == AF_UNSPEC)
-  {
-    ret1 = gethostbyname2_resolve (mq,
-                                   hostname,
-                                   AF_INET,
-                                   request_id);
-    ret2 = gethostbyname2_resolve (mq,
-                                   hostname,
-                                   AF_INET6,
-                                   request_id);
-    if ( (ret1 == GNUNET_OK) ||
-         (ret2 == GNUNET_OK) )
-      return GNUNET_OK;
-    if ( (ret1 == GNUNET_SYSERR) ||
-         (ret2 == GNUNET_SYSERR) )
-      return GNUNET_SYSERR;
-    return GNUNET_NO;
-  }
-  hp = gethostbyname2 (hostname,
-                       af);
-  if (hp == NULL)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                _("Could not find IP of host `%s': %s\n"),
-                hostname,
-                hstrerror (h_errno));
-    return GNUNET_SYSERR;
-  }
-  GNUNET_assert (hp->h_addrtype == af);
-  switch (af)
-  {
-  case AF_INET:
-    GNUNET_assert (hp->h_length == sizeof (struct in_addr));
-    env = GNUNET_MQ_msg_extra (msg,
-                               hp->h_length,
-                               GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-    msg->id = request_id;
-    GNUNET_memcpy (&msg[1],
-                   hp->h_addr_list[0],
-                   hp->h_length);
-    GNUNET_MQ_send (mq,
-                    env);
-    break;
-  case AF_INET6:
-    GNUNET_assert (hp->h_length == sizeof (struct in6_addr));
-    env = GNUNET_MQ_msg_extra (msg,
-                               hp->h_length,
-                               GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-    msg->id = request_id;
-    GNUNET_memcpy (&msg[1],
-                   hp->h_addr_list[0],
-                   hp->h_length);
-    GNUNET_MQ_send (mq,
-                    env);
-    break;
-  default:
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  return GNUNET_OK;
+static const struct GNUNET_TIME_Absolute *
+get_expiration_time (struct ResolveCache *cache_entry)
+{
+  if (NULL != cache_entry->records_head)
+    return &cache_entry->records_head->record->expiration_time;
+  return NULL;
 }
 
-#elif HAVE_GETHOSTBYNAME
-
 
 static int
-gethostbyname_resolve (struct GNUNET_MQ_Handle *mq,
-                       const char *hostname,
-                       uint32_t request_id)
+remove_if_expired (struct ResolveCache *cache_entry)
 {
-  struct hostent *hp;
-  struct GNUNET_RESOLVER_ResponseMessage *msg;
-  struct GNUNET_MQ_Envelope *env;
+  struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
 
-  hp = GETHOSTBYNAME (hostname);
-  if (NULL == hp)
+  if ( (NULL != cache_entry->records_head) &&
+       (now.abs_value_us > get_expiration_time (cache_entry)->abs_value_us) )
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                _("Could not find IP of host `%s': %s\n"),
-                hostname,
-                hstrerror (h_errno));
-    return GNUNET_SYSERR;
-  }
-  if (hp->h_addrtype != AF_INET)
-  {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
+    GNUNET_CONTAINER_DLL_remove (cache_head,
+                                 cache_tail,
+                                 cache_entry);
+    free_cache_entry (cache_entry);
+    return GNUNET_YES;
   }
-  GNUNET_assert (hp->h_length == sizeof (struct in_addr));
-  env = GNUNET_MQ_msg_extra (msg,
-                             hp->h_length,
-                             GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-  msg->id = request_id;
-  GNUNET_memcpy (&msg[1],
-                 hp->h_addr_list[0],
-                 hp->h_length);
-  GNUNET_MQ_send (mq,
-                  env);
-  return GNUNET_OK;
+  return GNUNET_NO;
 }
-#endif
 
 
 /**
- * Convert a string to an IP address.
+ * Get an IP address as a string (works for both IPv4 and IPv6).  Note
+ * that the resolution happens asynchronously and that the first call
+ * may not immediately result in the FQN (but instead in a
+ * human-readable IP address).
  *
- * @param client where to send the IP address
- * @param hostname the hostname to resolve
- * @param af AF_INET or AF_INET6; use AF_UNSPEC for "any"
+ * @param client handle to the client making the request (for sending the reply)
+ * @param af AF_INET or AF_INET6
+ * @param ip `struct in_addr` or `struct in6_addr`
  */
-static void
-get_ip_from_hostname (struct GNUNET_SERVICE_Client *client,
-                      const char *hostname,
-                      int af,
-                      uint32_t request_id)
+static int
+try_cache (const char *hostname,
+           uint16_t record_type,
+           uint16_t request_id,
+           struct GNUNET_SERVICE_Client *client)
 {
-  struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_RESOLVER_ResponseMessage *msg;
-  struct GNUNET_MQ_Handle *mq;
-
-  mq = GNUNET_SERVICE_client_get_mq (client);
-#if HAVE_GETADDRINFO_A
-  getaddrinfo_a_resolve (mq,
-                         hostname,
-                         af,
-                         request_id);
-  GNUNET_SERVICE_client_continue (client);
-  return;
-#elif HAVE_GETADDRINFO
-  getaddrinfo_resolve (mq,
-                       hostname,
-                       af,
-                       request_id);
-#elif HAVE_GETHOSTBYNAME2
-  gethostbyname2_resolve (mq,
-                          hostname,
-                          af,
-                          request_id);
-#elif HAVE_GETHOSTBYNAME
-  if ( ( (af == AF_UNSPEC) ||
-         (af == PF_INET) ) )
-    gethostbyname_resolve (mq,
-                           hostname,
-                           request_id);
-#endif
-  // send end message
-  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
-  msg->id = request_id;
-  GNUNET_MQ_notify_sent (env,
-                         &notify_service_client_done,
-                         client);
-  GNUNET_MQ_send (mq,
-                  env);
+  struct ResolveCache *pos;
+  struct ResolveCache *next;
+
+  next = cache_head;
+  while ( (NULL != (pos = next)) &&
+          ( (NULL == pos->records_head) ||
+            (0 != strcmp (get_hostname (pos), hostname)) ||
+            (*get_record_type (pos) != record_type) ) )
+  {
+    next = pos->next;
+    remove_if_expired (pos);
+  }
+  if (NULL != pos)
+  {
+    if (GNUNET_NO == remove_if_expired (pos))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "found cache entry for '%s', record type '%u'\n",
+                  hostname,
+                  record_type);
+      struct Record *cache_pos = pos->records_head;
+      while (NULL != cache_pos)
+      {
+        send_reply (cache_pos->record,
+                    request_id,
+                    client);
+        cache_pos = cache_pos->next;
+      }
+      send_end_msg (request_id,
+                    client);
+      return GNUNET_YES;
+    }
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "no cache entry for '%s'\n",
+              hostname);
+  return GNUNET_NO;
 }
 
 
@@ -801,6 +639,23 @@ check_get (void *cls,
 }
 
 
+static void
+process_get (const char *hostname,
+             uint16_t record_type,
+             uint16_t request_id,
+             struct GNUNET_SERVICE_Client *client)
+{
+  if (GNUNET_NO == try_cache (hostname, record_type, request_id, client))
+  {
+    int result = resolve_and_cache (hostname,
+                                    record_type,
+                                    request_id,
+                                    client);
+    GNUNET_assert (GNUNET_OK == result);
+  }
+}
+
+
 /**
  * Handle GET-message.
  *
@@ -812,45 +667,100 @@ handle_get (void *cls,
             const struct GNUNET_RESOLVER_GetMessage *msg)
 {
   struct GNUNET_SERVICE_Client *client = cls;
-  const void *ip;
   int direction;
   int af;
-  uint32_t id;
+  uint16_t request_id;
+  const char *hostname;
 
   direction = ntohl (msg->direction);
   af = ntohl (msg->af);
-  id = ntohl (msg->id);
+  request_id = ntohs (msg->id);
   if (GNUNET_NO == direction)
   {
     /* IP from hostname */
-    const char *hostname;
-
-    hostname = (const char *) &msg[1];
-    get_ip_from_hostname (client,
-                          hostname,
-                          af,
-                          id);
-    return;
+    hostname = GNUNET_strdup ((const char *) &msg[1]);
+    switch (af)
+    {
+      case AF_UNSPEC:
+      {
+        process_get (hostname, GNUNET_DNSPARSER_TYPE_ALL, request_id, client);
+        break;
+      }
+      case AF_INET:
+      {
+        process_get (hostname, GNUNET_DNSPARSER_TYPE_A, request_id, client);
+        break;
+      }
+      case AF_INET6:
+      {
+        process_get (hostname, GNUNET_DNSPARSER_TYPE_AAAA, request_id, client);
+        break;
+      }
+      default:
+      {
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "got invalid af: %d\n",
+                  af);
+        GNUNET_assert (0);
+      }
+    }
+  }
+  else
+  {
+    /* hostname from IP */
+    hostname = make_reverse_hostname (&msg[1], af); 
+    process_get (hostname, GNUNET_DNSPARSER_TYPE_PTR, request_id, client);
   }
-  ip = &msg[1];
+  GNUNET_free_non_null ((char *)hostname);
+  GNUNET_SERVICE_client_continue (client);
+}
 
-#if !defined(GNUNET_CULL_LOGGING)
+
+static void 
+shutdown_task (void *cls)
+{
+  (void) cls;
+  struct ResolveCache *pos;
+
+  while (NULL != (pos = cache_head))
   {
-    char buf[INET6_ADDRSTRLEN];
+    GNUNET_CONTAINER_DLL_remove (cache_head,
+                                 cache_tail,
+                                 pos);
+    free_cache_entry (pos);
+  }
+  GNUNET_DNSSTUB_stop (dnsstub_ctx);
+}
+
 
+static void
+init_cb (void *cls,
+         const struct GNUNET_CONFIGURATION_Handle *cfg,
+         struct GNUNET_SERVICE_Handle *sh)
+{
+  (void) cfg;
+  (void) sh;
+
+  GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
+                                 cls);
+  dnsstub_ctx = GNUNET_DNSSTUB_start (128);
+  char **dns_servers;
+  ssize_t num_dns_servers = lookup_dns_servers (&dns_servers);
+  if (0 == num_dns_servers)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "no DNS server available. DNS resolution will not be possible.\n");
+  }
+  for (int i = 0; i != num_dns_servers; i++)
+  {
+    int result = GNUNET_DNSSTUB_add_dns_ip (dnsstub_ctx, dns_servers[i]);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Resolver asked to look up IP address `%s (request ID %u)'.\n",
-                inet_ntop (af,
-                           ip,
-                           buf,
-                           sizeof (buf)),
-                id);
+                "Adding DNS server '%s': %s\n",
+                dns_servers[i],
+                GNUNET_OK == result ? "success" : "failure");
+    GNUNET_free (dns_servers[i]);
   }
-#endif
-  get_ip_as_string (client,
-                    af,
-                    ip,
-                    id);
+  GNUNET_free_non_null (dns_servers);
 }
 
 
@@ -870,19 +780,6 @@ connect_cb (void *cls,
   (void) cls;
   (void) mq;
 
-#if HAVE_GETADDRINFO_A
-  resolve_result_pipe = GNUNET_DISK_pipe (GNUNET_NO,
-                                          GNUNET_NO,
-                                          GNUNET_NO,
-                                          GNUNET_NO);
-  GNUNET_assert (NULL != resolve_result_pipe);
-  resolve_result_pipe_task =
-    GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
-                                    GNUNET_DISK_pipe_handle (resolve_result_pipe,
-                                                             GNUNET_DISK_PIPE_END_READ),
-                                    &resolve_result_pipe_cb,
-                                    NULL);
-#endif
   return c;
 }
 
@@ -900,19 +797,16 @@ disconnect_cb (void *cls,
                void *internal_cls)
 {
   (void) cls;
+  struct ResolveCache *pos = cache_head; 
 
-#if HAVE_GETADDRINFO_A
-  if (NULL != resolve_result_pipe_task)
-  {
-    GNUNET_SCHEDULER_cancel (resolve_result_pipe_task);
-    resolve_result_pipe_task = NULL;
-  }
-  if (NULL != resolve_result_pipe)
+  while (NULL != pos)
   {
-    GNUNET_DISK_pipe_close (resolve_result_pipe);
-    resolve_result_pipe = NULL;
+    if (pos->client == c)
+    {
+      pos->client = NULL;
+    }
+    pos = pos->next;
   }
-#endif
   GNUNET_assert (c == internal_cls);
 }
 
@@ -923,7 +817,7 @@ disconnect_cb (void *cls,
 GNUNET_SERVICE_MAIN
 ("resolver",
  GNUNET_SERVICE_OPTION_NONE,
- NULL,
+ &init_cb,
  &connect_cb,
  &disconnect_cb,
  NULL,
@@ -950,23 +844,4 @@ GNUNET_RESOLVER_memory_init ()
 #endif
 
 
-/**
- * Free globals on exit.
- */
-void __attribute__ ((destructor))
-GNUNET_RESOLVER_memory_done ()
-{
-  struct IPCache *pos;
-
-  while (NULL != (pos = cache_head))
-  {
-    GNUNET_CONTAINER_DLL_remove (cache_head,
-                                 cache_tail,
-                                 pos);
-    GNUNET_free_non_null (pos->addr);
-    GNUNET_free (pos);
-  }
-}
-
-
 /* end of gnunet-service-resolver.c */
diff --git a/src/util/gnunet-timeout-w32.c b/src/util/gnunet-timeout-w32.c
new file mode 100644
index 000000000..78b268fe2
--- /dev/null
+++ b/src/util/gnunet-timeout-w32.c
@@ -0,0 +1,191 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2010 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License, or
+     (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file src/util/gnunet-timeout-w32.c
+ * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
+ * @author LRN
+ */
+
+#include <windows.h>
+#include <sys/types.h>
+#include <stdio.h>
+
+int
+main (int argc, char *argv[])
+{
+  int i;
+  DWORD wait_result;
+  wchar_t *commandline;
+  wchar_t **wargv;
+  wchar_t *arg;
+  unsigned int cmdlen;
+  STARTUPINFOW start;
+  PROCESS_INFORMATION proc;
+
+  wchar_t wpath[MAX_PATH + 1];
+
+  wchar_t *pathbuf;
+  DWORD pathbuf_len, alloc_len;
+  wchar_t *ptr;
+  wchar_t *non_const_filename;
+  wchar_t *wcmd;
+  int wargc;
+  int timeout = 0;
+  ssize_t wrote;
+
+  HANDLE job;
+
+  if (argc < 3)
+    {
+      printf
+        ("arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
+      exit (1);
+    }
+
+  timeout = atoi (argv[1]);
+
+  if (timeout == 0)
+    timeout = 600;
+
+  commandline =  GetCommandLineW ();
+  if (commandline == NULL)
+  {
+    printf ("Failed to get commandline: %lu\n", GetLastError ());
+    exit (2);
+  }
+
+  wargv = CommandLineToArgvW (commandline, &wargc);
+  if (wargv == NULL || wargc <= 1)
+  {
+    printf ("Failed to get parse commandline: %lu\n", GetLastError ());
+    exit (3);
+  }
+
+  job = CreateJobObject (NULL, NULL);
+  if (job == NULL)
+  {
+    printf ("Failed to create a job: %lu\n", GetLastError ());
+    exit (4);
+  }
+
+  pathbuf_len = GetEnvironmentVariableW (L"PATH", (wchar_t *) &pathbuf, 0);
+
+  alloc_len = pathbuf_len + 1;
+
+  pathbuf = malloc (alloc_len * sizeof (wchar_t));
+
+  ptr = pathbuf;
+
+  alloc_len = GetEnvironmentVariableW (L"PATH", ptr, pathbuf_len);
+
+  cmdlen = wcslen (wargv[2]);
+  if (cmdlen < 5 || wcscmp (&wargv[2][cmdlen - 4], L".exe") != 0)
+  {
+    non_const_filename = malloc (sizeof (wchar_t) * (cmdlen + 5));
+    swprintf (non_const_filename, cmdlen + 5, L"%S.exe", wargv[2]);
+  }
+  else
+  {
+    non_const_filename = wcsdup (wargv[2]);
+  }
+
+  /* Check that this is the full path. If it isn't, search. */
+  if (non_const_filename[1] == L':')
+    swprintf (wpath, sizeof (wpath) / sizeof (wchar_t), L"%S", non_const_filename);
+  else if (!SearchPathW
+           (pathbuf, non_const_filename, NULL, sizeof (wpath) / sizeof (wchar_t),
+            wpath, NULL))
+  {
+    printf ("Failed to get find executable: %lu\n", GetLastError ());
+    exit (5);
+  }
+  free (pathbuf);
+  free (non_const_filename);
+
+  cmdlen = wcslen (wpath) + 4;
+  i = 3;
+  while (NULL != (arg = wargv[i++]))
+    cmdlen += wcslen (arg) + 4;
+
+  wcmd = malloc (sizeof (wchar_t) * (cmdlen + 1));
+  wrote = 0;
+  i = 2;
+  while (NULL != (arg = wargv[i++]))
+  {
+    /* This is to escape trailing slash */
+    wchar_t arg_lastchar = arg[wcslen (arg) - 1];
+    if (wrote == 0)
+    {
+      wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\" ", wpath,
+          arg_lastchar == L'\\' ? L"\\" : L"");
+    }
+    else
+    {
+      if (wcschr (arg, L' ') != NULL)
+        wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\"%S", arg,
+            arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
+      else
+        wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"%S%S%S", arg,
+            arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
+    }
+  }
+
+  LocalFree (wargv);
+
+  memset (&start, 0, sizeof (start));
+  start.cb = sizeof (start);
+
+  if (!CreateProcessW (wpath, wcmd, NULL, NULL, TRUE, CREATE_SUSPENDED,
+       NULL, NULL, &start, &proc))
+  {
+    wprintf (L"Failed to get spawn process `%S' with arguments `%S': %lu\n", wpath, wcmd, GetLastError ());
+    exit (6);
+  }
+
+  AssignProcessToJobObject (job, proc.hProcess);
+
+  ResumeThread (proc.hThread);
+  CloseHandle (proc.hThread);
+
+  free (wcmd);
+
+  wait_result = WaitForSingleObject (proc.hProcess, timeout * 1000);
+  if (wait_result == WAIT_OBJECT_0)
+  {
+    DWORD status;
+    wait_result = GetExitCodeProcess (proc.hProcess, &status);
+    CloseHandle (proc.hProcess);
+    if (wait_result != 0)
+    {
+      printf ("Test process exited with result %lu\n", status);
+      TerminateJobObject (job, status);
+      exit (status);
+    }
+    printf ("Test process exited (failed to obtain exit status)\n");
+    TerminateJobObject (job, 0);
+    exit (0);
+  }
+  printf ("Child processes were killed after timeout of %u seconds\n",
+          timeout);
+  TerminateJobObject (job, 1);
+  CloseHandle (proc.hProcess);
+  exit (1);
+}
+
+/* end of timeout_watchdog_w32.c */
diff --git a/src/util/gnunet-timeout.c b/src/util/gnunet-timeout.c
new file mode 100644
index 000000000..8dfb6ad17
--- /dev/null
+++ b/src/util/gnunet-timeout.c
@@ -0,0 +1,128 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2010 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License, or
+     (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file src/util/gnunet-timeout.c
+ * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
+ * @author Matthias Wachs
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+static pid_t child;
+
+
+static void
+sigchld_handler (int val)
+{
+  int status = 0;
+  int ret = 0;
+
+  (void) val;
+  waitpid (child,
+           &status,
+           0);
+  if (WIFEXITED (status) != 0)
+  {
+    ret = WEXITSTATUS (status);
+    fprintf (stderr,
+             "Process exited with result %u\n",
+             ret);
+    exit (ret); /* return same status code */
+  }
+  if (WIFSIGNALED (status) != 0)
+  {
+    ret = WTERMSIG (status);
+    fprintf (stderr,
+             "Process received signal %u\n",
+             ret);
+    kill (getpid (),
+          ret); /* kill self with the same signal */
+  }
+  exit (-1);
+}
+
+
+static void
+sigint_handler (int val)
+{
+  kill (0,
+        val);
+  exit (val);
+}
+
+
+int
+main (int argc,
+      char *argv[])
+{
+  int timeout = 0;
+  pid_t gpid = 0;
+
+  if (argc < 3)
+  {
+    fprintf (stderr,
+             "arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
+    exit (-1);
+  }
+
+  timeout = atoi (argv[1]);
+
+  if (timeout == 0)
+    timeout = 600;
+
+  /* with getpgid() it does not compile, but getpgrp is the BSD version and working */
+  gpid = getpgrp ();
+
+  signal (SIGCHLD, sigchld_handler);
+  signal (SIGABRT, sigint_handler);
+  signal (SIGFPE, sigint_handler);
+  signal (SIGILL, sigint_handler);
+  signal (SIGINT, sigint_handler);
+  signal (SIGSEGV, sigint_handler);
+  signal (SIGTERM, sigint_handler);
+
+  child = fork ();
+  if (child == 0)
+  {
+    /*  int setpgrp(pid_t pid, pid_t pgid); is not working on this machine */
+    //setpgrp (0, pid_t gpid);
+    if (-1 != gpid)
+      setpgid (0, gpid);
+    execvp (argv[2],
+            &argv[2]);
+    exit (-1);
+  }
+  if (child > 0)
+  {
+    sleep (timeout);
+    printf ("Child processes were killed after timeout of %u seconds\n",
+            timeout);
+    kill (0,
+          SIGTERM);
+    exit (3);
+  }
+  exit (-1);
+}
+
+/* end of timeout_watchdog.c */
diff --git a/src/util/resolver.h b/src/util/resolver.h
index a0f105afa..07851d052 100644
--- a/src/util/resolver.h
+++ b/src/util/resolver.h
@@ -60,7 +60,7 @@ struct GNUNET_RESOLVER_GetMessage
    * identifies the request and is contained in the response message. The
    * client has to match response to request by this identifier.
    */
-  uint32_t id GNUNET_PACKED;
+  uint16_t id GNUNET_PACKED;
 
   /* followed by 0-terminated string for A/AAAA-lookup or
      by 'struct in_addr' / 'struct in6_addr' for reverse lookup */
@@ -79,7 +79,7 @@ struct GNUNET_RESOLVER_ResponseMessage
   * identifies the request this message responds to. The client
   * has to match response to request by this identifier.
   */
-  uint32_t id GNUNET_PACKED;
+  uint16_t id GNUNET_PACKED;
 
   /* followed by 0-terminated string for response to a reverse lookup
    * or by 'struct in_addr' / 'struct in6_addr' for response to
diff --git a/src/util/resolver_api.c b/src/util/resolver_api.c
index b94819f06..8a054327b 100644
--- a/src/util/resolver_api.c
+++ b/src/util/resolver_api.c
@@ -68,10 +68,10 @@ static struct GNUNET_RESOLVER_RequestHandle *req_head;
  */
 static struct GNUNET_RESOLVER_RequestHandle *req_tail;
 
-/**
- * ID of the last request we sent to the service
- */
-static uint32_t last_request_id;
+///**
+// * ID of the last request we sent to the service
+// */
+//static uint16_t last_request_id;
 
 /**
  * How long should we wait to reconnect?
@@ -445,7 +445,7 @@ process_requests ()
                              GNUNET_MESSAGE_TYPE_RESOLVER_REQUEST);
   msg->direction = htonl (rh->direction);
   msg->af = htonl (rh->af);
-  msg->id = htonl (rh->id);
+  msg->id = htons (rh->id);
   GNUNET_memcpy (&msg[1],
                  &rh[1],
                  rh->data_len);
@@ -491,7 +491,7 @@ handle_response (void *cls,
   struct GNUNET_RESOLVER_RequestHandle *rh = req_head;
   uint16_t size;
   char *nret;
-  uint32_t request_id = msg->id;
+  uint16_t request_id = msg->id;
 
   for (; rh != NULL; rh = rh->next)
   {
@@ -911,6 +911,14 @@ handle_lookup_timeout (void *cls)
 }
 
 
+static uint16_t
+get_request_id ()
+{
+  return (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
+                                              UINT16_MAX);
+}
+
+
 /**
  * Convert a string to one or more IP addresses.
  *
@@ -945,7 +953,8 @@ GNUNET_RESOLVER_ip_get (const char *hostname,
        hostname);
   rh = GNUNET_malloc (sizeof (struct GNUNET_RESOLVER_RequestHandle) + slen);
   rh->af = af;
-  rh->id = ++last_request_id;
+  //rh->id = ++last_request_id;
+  rh->id = get_request_id ();
   rh->addr_callback = callback;
   rh->cls = callback_cls;
   GNUNET_memcpy (&rh[1],
@@ -1092,7 +1101,8 @@ GNUNET_RESOLVER_hostname_get (const struct sockaddr *sa,
   rh->name_callback = callback;
   rh->cls = cls;
   rh->af = sa->sa_family;
-  rh->id = ++last_request_id;
+  //rh->id = ++last_request_id;
+  rh->id = get_request_id ();
   rh->timeout = GNUNET_TIME_relative_to_absolute (timeout);
   GNUNET_memcpy (&rh[1],
                  ip,
diff --git a/src/util/scheduler.c b/src/util/scheduler.c
index 93d133d1b..5d3836639 100644
--- a/src/util/scheduler.c
+++ b/src/util/scheduler.c
@@ -965,8 +965,6 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task)
 
   /* scheduler must be running */
   GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert ( (NULL != active_task) ||
-      (GNUNET_NO == task->lifeness) );
   is_fd_task = (NULL != task->fds);
   if (is_fd_task)
   {
@@ -1056,9 +1054,9 @@ GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback tas
 {
   struct GNUNET_SCHEDULER_Task *t;
 
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
-  GNUNET_assert ((NULL != active_task) ||
-                 (GNUNET_SCHEDULER_REASON_STARTUP == reason));
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->read_fd = -1;
   t->write_fd = -1;
@@ -1099,7 +1097,8 @@ GNUNET_SCHEDULER_add_at_with_priority (struct GNUNET_TIME_Absolute at,
   struct GNUNET_SCHEDULER_Task *pos;
   struct GNUNET_SCHEDULER_Task *prev;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->callback = task;
@@ -1286,7 +1285,8 @@ GNUNET_SCHEDULER_add_shutdown (GNUNET_SCHEDULER_TaskCallback task,
 {
   struct GNUNET_SCHEDULER_Task *t;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   t->callback = task;
@@ -1403,7 +1403,8 @@ add_without_sets (struct GNUNET_TIME_Relative delay,
 {
   struct GNUNET_SCHEDULER_Task *t;
 
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
   GNUNET_assert (NULL != task);
   t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
   init_fd_info (t,
@@ -1832,7 +1833,6 @@ GNUNET_SCHEDULER_add_select (enum GNUNET_SCHEDULER_Priority prio,
 
   /* scheduler must be running */
   GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert (NULL != active_task);
   GNUNET_assert (NULL != task);
   int no_rs = (NULL == rs);
   int no_ws = (NULL == ws);
@@ -2022,99 +2022,109 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
     if (timeout.abs_value_us > now.abs_value_us)
     {
       /**
-       * The driver called this function before the current timeout was
-       * reached (and no FD tasks are ready). This can happen in the
-       * rare case when the system time is changed while the driver is
-       * waiting for the timeout, so we handle this gracefully. It might
-       * also be a programming error in the driver though.
+       * The event loop called this function before the current timeout was
+       * reached (and no FD tasks are ready). This is acceptable if
+       *
+       * - the system time was changed while the driver was waiting for
+       *   the timeout
+       * - an external event loop called GNUnet API functions outside of
+       *   the callbacks called in GNUNET_SCHEDULER_do_work and thus 
+       *   wasn't notified about the new timeout
+       *
+       * It might also mean we are busy-waiting because of a programming
+       * error in the external event loop.
        */
       LOG (GNUNET_ERROR_TYPE_DEBUG,
            "GNUNET_SCHEDULER_do_work did not find any ready "
            "tasks and timeout has not been reached yet.\n");
-      return GNUNET_NO;
     }
-    /**
-     * the current timeout was reached but no ready tasks were found,
-     * internal scheduler error!
-     */
-    GNUNET_assert (0);
-  }
-
-  /* find out which task priority level we are going to
-     process this time */
-  max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
-  GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
-  /* yes, p>0 is correct, 0 is "KEEP" which should
-   * always be an empty queue (see assertion)! */
-  for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
-  {
-    pos = ready_head[p];
-    if (NULL != pos)
-      break;
+    else
+    {
+      /**
+       * the current timeout was reached but no ready tasks were found,
+       * internal scheduler error!
+       */
+      GNUNET_assert (0);
+    }
   }
-  GNUNET_assert (NULL != pos);        /* ready_count wrong? */
-
-  /* process all tasks at this priority level, then yield */
-  while (NULL != (pos = ready_head[p]))
+  else
   {
-    GNUNET_CONTAINER_DLL_remove (ready_head[p],
-         ready_tail[p],
-         pos);
-    ready_count--;
-    current_priority = pos->priority;
-    current_lifeness = pos->lifeness;
-    active_task = pos;
-#if PROFILE_DELAYS
-    if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
-        DELAY_THRESHOLD.rel_value_us)
+    /* find out which task priority level we are going to
+       process this time */
+    max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
+    GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
+    /* yes, p>0 is correct, 0 is "KEEP" which should
+     * always be an empty queue (see assertion)! */
+    for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
     {
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Task %p took %s to be scheduled\n",
-           pos,
-           GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
-                                                   GNUNET_YES));
+      pos = ready_head[p];
+      if (NULL != pos)
+        break;
     }
-#endif
-    tc.reason = pos->reason;
-    GNUNET_NETWORK_fdset_zero (sh->rs);
-    GNUNET_NETWORK_fdset_zero (sh->ws);
-    // FIXME: do we have to remove FdInfos from fds if they are not ready?
-    tc.fds_len = pos->fds_len;
-    tc.fds = pos->fds;
-    for (unsigned int i = 0; i != pos->fds_len; ++i)
+    GNUNET_assert (NULL != pos);        /* ready_count wrong? */
+
+    /* process all tasks at this priority level, then yield */
+    while (NULL != (pos = ready_head[p]))
     {
-      struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
-      if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+      GNUNET_CONTAINER_DLL_remove (ready_head[p],
+           ready_tail[p],
+           pos);
+      ready_count--;
+      current_priority = pos->priority;
+      current_lifeness = pos->lifeness;
+      active_task = pos;
+#if PROFILE_DELAYS
+      if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
+          DELAY_THRESHOLD.rel_value_us)
       {
-        GNUNET_NETWORK_fdset_set_native (sh->rs,
-                                         fdi->sock);
+        LOG (GNUNET_ERROR_TYPE_DEBUG,
+             "Task %p took %s to be scheduled\n",
+             pos,
+             GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
+                                                     GNUNET_YES));
       }
-      if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+#endif
+      tc.reason = pos->reason;
+      GNUNET_NETWORK_fdset_zero (sh->rs);
+      GNUNET_NETWORK_fdset_zero (sh->ws);
+      // FIXME: do we have to remove FdInfos from fds if they are not ready?
+      tc.fds_len = pos->fds_len;
+      tc.fds = pos->fds;
+      for (unsigned int i = 0; i != pos->fds_len; ++i)
       {
-        GNUNET_NETWORK_fdset_set_native (sh->ws,
-                                         fdi->sock);
+        struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
+        if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->rs,
+                                           fdi->sock);
+        }
+        if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->ws,
+                                           fdi->sock);
+        }
       }
-    }
-    tc.read_ready = sh->rs;
-    tc.write_ready = sh->ws;
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-         "Running task %p\n",
-         pos);
-    GNUNET_assert (NULL != pos->callback);
-    pos->callback (pos->callback_cls);
-    if (NULL != pos->fds)
-    {
-      int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
-      if (GNUNET_OK != del_result)
+      tc.read_ready = sh->rs;
+      tc.write_ready = sh->ws;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "Running task %p\n",
+           pos);
+      GNUNET_assert (NULL != pos->callback);
+      pos->callback (pos->callback_cls);
+      if (NULL != pos->fds)
       {
-        LOG (GNUNET_ERROR_TYPE_ERROR,
-           "driver could not delete task %p\n", pos);
-        GNUNET_assert (0);
+        int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
+        if (GNUNET_OK != del_result)
+        {
+          LOG (GNUNET_ERROR_TYPE_ERROR,
+             "driver could not delete task %p\n", pos);
+          GNUNET_assert (0);
+        }
       }
+      active_task = NULL;
+      dump_backtrace (pos);
+      destroy_task (pos);
     }
-    active_task = NULL;
-    dump_backtrace (pos);
-    destroy_task (pos);
   }
   shutdown_if_no_lifeness ();
   if (0 == ready_count)
@@ -2164,12 +2174,12 @@ struct GNUNET_SCHEDULER_Handle *
 GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
 {
   struct GNUNET_SCHEDULER_Handle *sh;
-  struct GNUNET_SCHEDULER_Task tsk;
   const struct GNUNET_DISK_FileHandle *pr;
 
-  /* general set-up */
-  GNUNET_assert (NULL == active_task);
+  /* scheduler must not be running */
+  GNUNET_assert (NULL == scheduler_driver);
   GNUNET_assert (NULL == shutdown_pipe_handle);
+  /* general set-up */
   sh = GNUNET_new (struct GNUNET_SCHEDULER_Handle);
   shutdown_pipe_handle = GNUNET_DISK_pipe (GNUNET_NO,
                                            GNUNET_NO,
@@ -2204,10 +2214,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
   /* Setup initial tasks */
   current_priority = GNUNET_SCHEDULER_PRIORITY_DEFAULT;
   current_lifeness = GNUNET_NO;
-  memset (&tsk,
-          0,
-          sizeof (tsk));
-  active_task = &tsk;
   install_parent_control_task =
     GNUNET_SCHEDULER_add_now (&install_parent_control_handler,
                               NULL);
@@ -2217,7 +2223,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
                                     &shutdown_pipe_cb,
                                     NULL);
   current_lifeness = GNUNET_YES;
-  active_task = NULL;
   scheduler_driver->set_wakeup (scheduler_driver->cls,
                                 get_timeout ());
   /* begin main event loop */
diff --git a/src/util/strings.c b/src/util/strings.c
index 5ed195933..ea3c8cfb9 100644
--- a/src/util/strings.c
+++ b/src/util/strings.c
@@ -11,7 +11,7 @@
      WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Affero General Public License for more details.
-    
+
      You should have received a copy of the GNU Affero General Public License
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -1947,27 +1947,27 @@ static char *cvt =
 /**
  * Encode into Base64.
  *
- * @param data the data to encode
+ * @param in the data to encode
  * @param len the length of the input
  * @param output where to write the output (*output should be NULL,
  *   is allocated)
  * @return the size of the output
  */
 size_t
-GNUNET_STRINGS_base64_encode (const char *data,
+GNUNET_STRINGS_base64_encode (const void *in,
                               size_t len,
                               char **output)
 {
-  size_t i;
-  char c;
+  const char *data = in;
   size_t ret;
   char *opt;
 
   ret = 0;
   opt = GNUNET_malloc (2 + (len * 4 / 3) + 8);
-  *output = opt;
-  for (i = 0; i < len; ++i)
+  for (size_t i = 0; i < len; ++i)
   {
+    char c;
+
     c = (data[i] >> 2) & 0x3f;
     opt[ret++] = cvt[(int) c];
     c = (data[i] << 4) & 0x3f;
@@ -1997,6 +1997,7 @@ GNUNET_STRINGS_base64_encode (const char *data,
     }
   }
   opt[ret++] = FILLCHAR;
+  *output = opt;
   return ret;
 }
 
@@ -2018,11 +2019,10 @@ GNUNET_STRINGS_base64_encode (const char *data,
  */
 size_t
 GNUNET_STRINGS_base64_decode (const char *data,
-                              size_t len, char **output)
+                              size_t len,
+                              void **out)
 {
-  size_t i;
-  char c;
-  char c1;
+  char *output;
   size_t ret = 0;
 
 #define CHECK_CRLF  while (data[i] == '\r' || data[i] == '\n') {\
@@ -2031,12 +2031,15 @@ GNUNET_STRINGS_base64_decode (const char *data,
                         if (i >= len) goto END;  \
                 }
 
-  *output = GNUNET_malloc ((len * 3 / 4) + 8);
+  output = GNUNET_malloc ((len * 3 / 4) + 8);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "base64_decode decoding len=%d\n",
               (int) len);
-  for (i = 0; i < len; ++i)
+  for (size_t i = 0; i < len; ++i)
   {
+    char c;
+    char c1;
+
     CHECK_CRLF;
     if (FILLCHAR == data[i])
       break;
@@ -2045,7 +2048,7 @@ GNUNET_STRINGS_base64_decode (const char *data,
     CHECK_CRLF;
     c1 = (char) cvtfind (data[i]);
     c = (c << 2) | ((c1 >> 4) & 0x3);
-    (*output)[ret++] = c;
+    output[ret++] = c;
     if (++i < len)
     {
       CHECK_CRLF;
@@ -2054,7 +2057,7 @@ GNUNET_STRINGS_base64_decode (const char *data,
         break;
       c = (char) cvtfind (c);
       c1 = ((c1 << 4) & 0xf0) | ((c >> 2) & 0xf);
-      (*output)[ret++] = c1;
+      output[ret++] = c1;
     }
     if (++i < len)
     {
@@ -2065,15 +2068,13 @@ GNUNET_STRINGS_base64_decode (const char *data,
 
       c1 = (char) cvtfind (c1);
       c = ((c << 6) & 0xc0) | c1;
-      (*output)[ret++] = c;
+      output[ret++] = c;
     }
   }
 END:
+  *out = output;
   return ret;
 }
 
 
-
-
-
 /* end of strings.c */