63 files changed, 2942 insertions, 2145 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 00f30adc3..4ded81891 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -19,11 +19,13 @@ if HAVE_EXPERIMENTAL
  social 
 #  dv (FTBFS)
 if HAVE_ABE
+if HAVE_JSON
 EXP_DIR += \
    abe \
    credential \
-    identity-attribute \
+    reclaim-attribute \
-    identity-provider 
+    reclaim 
+endif
 endif
 if HAVE_JSON
 EXP_DIR += \
diff --git a/src/arm/test_exponential_backoff.c b/src/arm/test_exponential_backoff.c
index 4a7d51bc7..f15bca2db 100644
--- a/src/arm/test_exponential_backoff.c
+++ b/src/arm/test_exponential_backoff.c
@@ -343,7 +343,10 @@ init ()
  cfg = GNUNET_CONFIGURATION_create ();
  if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg,
                                               "test_arm_api_data.conf"))
+  {
+    GNUNET_CONFIGURATION_destroy (cfg);
    return GNUNET_SYSERR;
+  }
  if (NULL == getcwd (pwd, PATH_MAX))
    return GNUNET_SYSERR;
  GNUNET_assert (0 < GNUNET_asprintf (&binary,
diff --git a/src/cadet/cadet_api.c b/src/cadet/cadet_api.c
index 319279110..92dd39b97 100644
--- a/src/cadet/cadet_api.c
+++ b/src/cadet/cadet_api.c
@@ -841,6 +841,7 @@ handle_mq_error (void *cls,
                                           h);
  GNUNET_MQ_destroy (h->mq);
  h->mq = NULL;
+  GNUNET_assert (NULL == h->reconnect_task);
  h->reconnect_task = GNUNET_SCHEDULER_add_delayed (h->reconnect_time,
                                                    &reconnect_cbk,
                                                    h);
diff --git a/src/core/test_core_api_reliability.c b/src/core/test_core_api_reliability.c
index 4cc5b4bcd..c7c71f1f1 100644
--- a/src/core/test_core_api_reliability.c
+++ b/src/core/test_core_api_reliability.c
@@ -11,7 +11,7 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -143,6 +143,8 @@ do_shutdown (void *cls)
  unsigned long long delta;
  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
  FPRINTF (stderr,
           "\nThroughput was %llu kb/s\n",
           total_bytes * 1000000LL / 1024 / delta);
diff --git a/src/core/test_core_quota_compliance.c b/src/core/test_core_quota_compliance.c
index a15105556..caff045f0 100644
--- a/src/core/test_core_quota_compliance.c
+++ b/src/core/test_core_quota_compliance.c
@@ -11,7 +11,7 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -227,7 +227,8 @@ measurement_stop (void *cls)
  running = GNUNET_NO;
  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
  throughput_out = total_bytes_sent * 1000000LL / delta;     /* convert to bytes/s */
  throughput_in = total_bytes_recv * 1000000LL / delta;      /* convert to bytes/s */
diff --git a/src/datacache/plugin_datacache_sqlite.c b/src/datacache/plugin_datacache_sqlite.c
index 4684e514c..dc4236a8b 100644
--- a/src/datacache/plugin_datacache_sqlite.c
+++ b/src/datacache/plugin_datacache_sqlite.c
@@ -11,7 +11,7 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -749,7 +749,8 @@ libgnunet_plugin_datacache_sqlite_init (void *cls)
                "  value BLOB NOT NULL,"
                "  path BLOB DEFAULT '')");
  SQLITE3_EXEC (dbh, "CREATE INDEX idx_hashidx ON ds091 (key,type,expire)");
-  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_prox_expire ON ds091 (prox,expire)");
+  SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire_only ON ds091 (expire)");
  plugin = GNUNET_new (struct Plugin);
  plugin->env = env;
  plugin->dbh = dbh;
diff --git a/src/identity-provider/identity-token.conf b/src/identity-provider/identity-token.conf
deleted file mode 100644
index f29f6cdf3..000000000
--- a/src/identity-provider/identity-token.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[identity-token]
-BINARY=gnunet-service-identity-token
diff --git a/src/identity-provider/jwt.c b/src/identity-provider/jwt.c
deleted file mode 100644
index 1a984f7b5..000000000
--- a/src/identity-provider/jwt.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
-      This file is part of GNUnet
-      Copyright (C) 2010-2015 GNUnet e.V.
-      GNUnet is free software: you can redistribute it and/or modify it
-      under the terms of the GNU Affero General Public License as published
-      by the Free Software Foundation, either version 3 of the License,
-      or (at your option) any later version.
-      GNUnet is distributed in the hope that it will be useful, but
-      WITHOUT ANY WARRANTY; without even the implied warranty of
-      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-      Affero General Public License for more details.
-     
-      You should have received a copy of the GNU Affero General Public License
-      along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @file identity-provider/jwt.c
- * @brief helper library for JSON-Web-Tokens
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include <jansson.h>
-#define JWT_ALG "alg"
-/*TODO is this the correct way to define new algs? */
-#define JWT_ALG_VALUE "urn:org:gnunet:jwt:alg:ecdsa:ed25519"
-#define JWT_TYP "typ"
-#define JWT_TYP_VALUE "jwt"
-//TODO change server address
-#define SERVER_ADDRESS "https://localhost"
-static char*
-create_jwt_header(void)
-{
-  json_t *root;
-  char *json_str;
-  root = json_object ();
-  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
-  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
-  json_str = json_dumps (root, JSON_INDENT(1));
-  json_decref (root);
-  return json_str;
-}
-/**
- * Create a JWT from attributes
- *
- * @param aud_key the public of the subject
- * @param attrs the attribute list
- * @param priv_key the key used to sign the JWT
- * @return a new base64-encoded JWT string.
- */
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
-{
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_CRYPTO_EcdsaPublicKey sub_key;
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
-  char* audience;
-  char* subject;
-  char* header;
-  char* padding;
-  char* body_str;
-  char* result;
-  char* header_base64;
-  char* body_base64;
-  char* signature_target;
-  char* signature_base64;
-  char* attr_val_str;
-  json_t* body;
-  //exp REQUIRED time expired from config
-  //iat REQUIRED time now
-  //auth_time only if max_age
-  //nonce only if nonce
-  // OPTIONAL acr,amr,azp
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &sub_key);
-  /* TODO maybe we should use a local identity here */
-  subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
-                                                sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
-                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  header = create_jwt_header ();
-  body = json_object ();
-  /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
-  //iss REQUIRED case sensitive server uri with https
-  json_object_set_new (body,
-                       "iss", json_string (SERVER_ADDRESS));
-  //sub REQUIRED public key identity, not exceed 255 ASCII  length
-  json_object_set_new (body,
-                       "sub", json_string (subject));
-  /* TODO what should be in here exactly? */
-  //aud REQUIRED public key client_id must be there
-  json_object_set_new (body,
-                       "aud", json_string (audience));
-  for (le = attrs->list_head; NULL != le; le = le->next)
-  {
-    /**
-     * TODO here we should have a function that
-     * calls the Attribute plugins to create a
-     * json representation for its value
-     */
-    attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
-                                                              le->claim->data,
-                                                              le->claim->data_size);
-    json_object_set_new (body,
-                         le->claim->name,
-                         json_string (attr_val_str));
-    GNUNET_free (attr_val_str);
-  }
-  body_str = json_dumps (body, JSON_INDENT(0));
-  json_decref (body);
-  GNUNET_STRINGS_base64_encode (header,
-                                strlen (header),
-                                &header_base64);
-  //Remove GNUNET padding of base64
-  padding = strtok(header_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-  GNUNET_STRINGS_base64_encode (body_str,
-                                strlen (body_str),
-                                &body_base64);
-  //Remove GNUNET padding of base64
-  padding = strtok(body_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-  GNUNET_free (subject);
-  GNUNET_free (audience);
-  /**
-   * TODO
-   * Creating the JWT signature. This might not be
-   * standards compliant, check.
-   */
-  GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
-  purpose =
-    GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
-                   strlen (signature_target));
-  purpose->size =
-    htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
-  purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
-  GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
-  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
-                                             purpose,
-                                             (struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
-  {
-    GNUNET_free (signature_target);
-    GNUNET_free (body_str);
-    GNUNET_free (body_base64);
-    GNUNET_free (header_base64);
-    GNUNET_free (purpose);
-    return NULL;
-  }
-  GNUNET_STRINGS_base64_encode ((const char*)&signature,
-                                sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
-                                &signature_base64);
-  GNUNET_asprintf (&result, "%s.%s.%s",
-                   header_base64, body_base64, signature_base64);
-  GNUNET_free (signature_target);
-  GNUNET_free (header);
-  GNUNET_free (body_str);
-  GNUNET_free (signature_base64);
-  GNUNET_free (body_base64);
-  GNUNET_free (header_base64);
-  GNUNET_free (purpose);
-  return result;
-}
diff --git a/src/identity-provider/jwt.h b/src/identity-provider/jwt.h
deleted file mode 100644
index 072958973..000000000
--- a/src/identity-provider/jwt.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef JWT_H
-#define JWT_H
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                                                const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
-                                                const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key);
-#endif
diff --git a/src/identity-provider/test_idp.conf b/src/identity-provider/test_idp.conf
deleted file mode 100644
index 3e4df561a..000000000
--- a/src/identity-provider/test_idp.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-@INLINE@ test_idp_defaults.conf
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-peer-1/
-[dht]
-START_ON_DEMAND = YES
-[rest]
-START_ON_DEMAND = YES
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog
-[transport]
-PLUGINS =
-[identity-provider]
-START_ON_DEMAND = YES
-#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog
-[gns]
-#PREFIX = valgrind --leak-check=full --track-origins=yes
-START_ON_DEMAND = YES
-AUTO_IMPORT_PKEY = YES
-MAX_PARALLEL_BACKGROUND_QUERIES = 10
-DEFAULT_LOOKUP_TIMEOUT = 15 s
-RECORD_PUT_INTERVAL = 1 h
-ZONE_PUBLISH_TIME_WINDOW = 1 h
-DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
-[identity-rest-plugin]
-address = http://localhost:8000/#/login
-psw = mysupersecretpassword
-expiration_time = 3600
diff --git a/src/identity-provider/test_idp.sh b/src/identity-provider/test_idp.sh
deleted file mode 100755
index 598d1008c..000000000
--- a/src/identity-provider/test_idp.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-gnunet-idp -e testego -D -c test_idp.conf
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_attribute.sh b/src/identity-provider/test_idp_attribute.sh
deleted file mode 100755
index 7f0f06dac..000000000
--- a/src/identity-provider/test_idp_attribute.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-#curl localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh
deleted file mode 100755
index 11f6865a4..000000000
--- a/src/identity-provider/test_idp_consume.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
-gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/tickets/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_issue.sh b/src/identity-provider/test_idp_issue.sh
deleted file mode 100755
index 90487ee73..000000000
--- a/src/identity-provider/test_idp_issue.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-#gnunet-idp -e testego -D -c test_idp.conf
-gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
-  echo "Failed."
-  exit 1
-fi
-#curl http://localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity-provider/test_idp_revoke.sh b/src/identity-provider/test_idp_revoke.sh
deleted file mode 100755
index 7a3f5d030..000000000
--- a/src/identity-provider/test_idp_revoke.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 77
-fi
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-#  (1) PKEY1.user -> PKEY2.resu.user
-#  (2) PKEY2.resu -> PKEY3
-#  (3) PKEY3.user -> PKEY4
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-gnunet-identity -C alice -c test_idp.conf
-gnunet-identity -C bob -c test_idp.conf
-gnunet-identity -C eve -c test_idp.conf
-ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}')
-BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
-EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-gnunet-idp -e alice -E 15s -a email -V john@doe.gnu -c test_idp.conf 
-gnunet-idp -e alice -E 15s -a name -V John -c test_idp.conf
-TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}')
-#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
-TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}')
-#echo "Consuming $TICKET"
-#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
-gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
-#sleep 6
-gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf 2&>1 >/dev/null
-if test $? == 0
-then 
-  echo "Eve can still resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-gnunet-arm -e -c test_idp.conf
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf 2&>1 >/dev/null
-if test $? != 0
-then
-  echo "Bob cannot resolve attributes..."
-  gnunet-arm -e -c test_idp.conf
-  exit 1
-fi
-gnunet-arm -e -c test_idp.conf
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index 6b8e21806..266f5ccc3 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -371,11 +371,12 @@ handle_get_default_message (void *cls,
  struct GNUNET_MQ_Envelope *env;
  struct GNUNET_SERVICE_Client *client = cls;
  struct Ego *ego;
-  const char *name;
+  char *name;
  char *identifier;
-  name = (const char *) &gdm[1];
+  name = GNUNET_strdup ((const char *) &gdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &gdm[1], name);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received GET_DEFAULT for service `%s' from client\n",
              name);
@@ -387,6 +388,7 @@ handle_get_default_message (void *cls,
  {
    send_result_code (client, 1, gettext_noop ("no default known"));
    GNUNET_SERVICE_client_continue (client);
+    GNUNET_free (name);
    return;
  }
  for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -399,6 +401,7 @@ handle_get_default_message (void *cls,
      GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), env);
      GNUNET_SERVICE_client_continue (client);
      GNUNET_free (identifier);
+      GNUNET_free (name);
      return;
    }
  }
@@ -406,6 +409,7 @@ handle_get_default_message (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Failed to find ego `%s'\n",
              name);
+  GNUNET_free (name);
  send_result_code (client, 1,
                    gettext_noop ("default configured, but ego unknown (internal error)"));
  GNUNET_SERVICE_client_continue (client);
@@ -477,9 +481,11 @@ handle_set_default_message (void *cls,
 {
  struct Ego *ego;
  struct GNUNET_SERVICE_Client *client = cls;
-  const char *str;
+  char *str;
+  str = GNUNET_strdup ((const char *) &sdm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &sdm[1], str);
-  str = (const char *) &sdm[1];
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received SET_DEFAULT for service `%s' from client\n",
              str);
@@ -500,10 +506,12 @@ handle_set_default_message (void *cls,
                    subsystem_cfg_file);
      send_result_code (client, 0, NULL);
      GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
      return;
    }
  }
  send_result_code (client, 1, _("Unknown ego specified for service (internal error)"));
+  GNUNET_free (str);
  GNUNET_SERVICE_client_continue (client);
 }
@@ -585,12 +593,13 @@ handle_create_message (void *cls,
 {
  struct GNUNET_SERVICE_Client *client = cls;
  struct Ego *ego;
-  const char *str;
+  char *str;
  char *fn;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received CREATE message from client\n");
-  str = (const char *) &crm[1];
+  str = GNUNET_strdup ((const char *) &crm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &crm[1], str);
  for (ego = ego_head; NULL != ego; ego = ego->next)
  {
    if (0 == strcmp (ego->identifier,
@@ -598,6 +607,7 @@ handle_create_message (void *cls,
    {
      send_result_code (client, 1, gettext_noop ("identifier already in use for another ego"));
      GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (str);
      return;
    }
  }
@@ -620,6 +630,7 @@ handle_create_message (void *cls,
    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
                              "write", fn);
  GNUNET_free (fn);
+  GNUNET_free (str);
  notify_listeners (ego);
  GNUNET_SERVICE_client_continue (client);
 }
@@ -726,18 +737,22 @@ handle_rename_message (void *cls,
 {
  uint16_t old_name_len;
  struct Ego *ego;
-  const char *old_name;
+  char *old_name;
-  const char *new_name;
+  char *new_name;
  struct RenameContext rename_ctx;
  struct GNUNET_SERVICE_Client *client = cls;
  char *fn_old;
  char *fn_new;
+  const char *old_name_tmp;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received RENAME message from client\n");
  old_name_len = ntohs (rm->old_name_len);
-  old_name = (const char *) &rm[1];
+  old_name_tmp = (const char *) &rm[1];
-  new_name = &old_name[old_name_len];
+  old_name = GNUNET_strdup (old_name_tmp);
+  GNUNET_STRINGS_utf8_tolower (old_name_tmp, old_name);
+  new_name = GNUNET_strdup (&old_name_tmp[old_name_len]);
+  GNUNET_STRINGS_utf8_tolower (&old_name_tmp[old_name_len], old_name);
  /* check if new name is already in use */
  for (ego = ego_head; NULL != ego; ego = ego->next)
@@ -747,6 +762,8 @@ handle_rename_message (void *cls,
    {
      send_result_code (client, 1, gettext_noop ("target name already exists"));
      GNUNET_SERVICE_client_continue (client);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
      return;
    }
  }
@@ -776,6 +793,8 @@ handle_rename_message (void *cls,
        GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "rename", fn_old);
      GNUNET_free (fn_old);
      GNUNET_free (fn_new);
+      GNUNET_free (old_name);
+      GNUNET_free (new_name);
      notify_listeners (ego);
      send_result_code (client, 0, NULL);
      GNUNET_SERVICE_client_continue (client);
@@ -785,6 +804,8 @@ handle_rename_message (void *cls,
  /* failed to locate old name */
  send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (old_name);
+  GNUNET_free (new_name);
  GNUNET_SERVICE_client_continue (client);
 }
@@ -868,13 +889,15 @@ handle_delete_message (void *cls,
                       const struct DeleteMessage *dm)
 {
  struct Ego *ego;
-  const char *name;
+  char *name;
  char *fn;
  struct GNUNET_SERVICE_Client *client = cls;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Received DELETE message from client\n");
-  name = (const char *) &dm[1];
+  name = GNUNET_strdup ((const char *) &dm[1]);
+  GNUNET_STRINGS_utf8_tolower ((const char *) &dm[1], name);
  for (ego = ego_head; NULL != ego; ego = ego->next)
  {
    if (0 == strcmp (ego->identifier,
@@ -901,6 +924,7 @@ handle_delete_message (void *cls,
      notify_listeners (ego);
      GNUNET_free (ego->pk);
      GNUNET_free (ego);
+      GNUNET_free (name);
      send_result_code (client, 0, NULL);
      GNUNET_SERVICE_client_continue (client);
      return;
@@ -908,6 +932,7 @@ handle_delete_message (void *cls,
  }
  send_result_code (client, 1, gettext_noop ("no matching ego found"));
+  GNUNET_free (name);
  GNUNET_SERVICE_client_continue (client);
 }
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 08e9dd156..41b2b1382 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -66,7 +66,7 @@ gnunetinclude_HEADERS = \
  gnunet_hello_lib.h \
  gnunet_helper_lib.h \
  gnunet_identity_service.h \
-  gnunet_identity_provider_service.h \
+  gnunet_reclaim_service.h \
  gnunet_json_lib.h \
  gnunet_jsonapi_lib.h \
  gnunet_jsonapi_util.h \
diff --git a/src/include/gnunet_abe_lib.h b/src/include/gnunet_abe_lib.h
index d380c9b03..554d4488b 100644
--- a/src/include/gnunet_abe_lib.h
+++ b/src/include/gnunet_abe_lib.h
@@ -87,7 +87,7 @@ GNUNET_ABE_cpabe_create_key (struct GNUNET_ABE_AbeMasterKey *key,
 * Delete a CP-ABE key.
 *
 * @param key the key to delete
- * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe)
+ * @param delete_pub GNUNET_YES if the public key should also be freed (bug in gabe)
 * @return fresh private key; free using #GNUNET_free
 */
 void
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 0bffef212..8a591fa09 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -206,14 +206,15 @@ struct GNUNET_CRYPTO_EcdsaSignature
 /**
- * Public ECC key (always for Curve25519) encoded in a format suitable
+ * Public ECC key (always for curve Ed25519) encoded in a format
- * for network transmission and EdDSA signatures.
+ * suitable for network transmission and EdDSA signatures.
 */
 struct GNUNET_CRYPTO_EddsaPublicKey
 {
  /**
-   * Q consists of an x- and a y-value, each mod p (256 bits), given
+   * Point Q consists of a y-value mod p (256 bits); the x-value is
-   * here in affine coordinates and Ed25519 standard compact format.
+   * always positive. The point is stored in Ed25519 standard
+   * compact format.
   */
  unsigned char q_y[256 / 8];
@@ -725,6 +726,23 @@ GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac);
+/**
 * @ingroup hash
 * Calculate HMAC of a message (RFC 2104)
 *
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index 20846238b..693cc6cdb 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -132,6 +132,16 @@ extern "C"
 #define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551
 /**
+ * Record type for reclaim OIDC clients
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552
+/**
+ * Record type for reclaim OIDC redirect URIs
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553
+/**
 * Flags that can be set for a record.
 */
 enum GNUNET_GNSRECORD_Flags
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index 36aa424b4..4400db7e1 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2656,35 +2656,35 @@ extern "C"
 *
 * IDENTITY PROVIDER MESSAGE TYPES
 */
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE 961
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE 962
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START 963
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP 964
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT 965
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT 966
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET 967
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT 968
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET 969
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT 970
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET 971
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT 972
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START 973
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP 974
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT 975
 /**************************************************
 *
diff --git a/src/include/gnunet_identity_attribute_lib.h b/src/include/gnunet_reclaim_attribute_lib.h
index eb01f7ac2..df5356d76 100644
--- a/src/include/gnunet_identity_attribute_lib.h
+++ b/src/include/gnunet_reclaim_attribute_lib.h
@@ -25,8 +25,8 @@
 * @defgroup identity-provider  Identity Provider service
 * @{
 */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H
-#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H
+#define GNUNET_RECLAIM_ATTRIBUTE_LIB_H
 #ifdef __cplusplus
 extern "C"
@@ -42,19 +42,19 @@ extern "C"
 /**
 * No value attribute.
 */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_NONE 0
 /**
 * String attribute.
 */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING 1
 /**
 * An attribute.
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim
 {
  /**
   * The name of the attribute. Note "name" must never be individually
@@ -86,35 +86,35 @@ struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 };
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList
 {
  /**
   * List head
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_head;
  /**
   * List tail
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_tail;
 };
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry
 {
  /**
   * DLL
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *prev;
  /**
   * DLL
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *next;
  /**
   * The attribute claim
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
 };
 /**
@@ -126,8 +126,8 @@ struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
 * @param data_size the attribute value size
 * @return the new attribute
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
                                     uint32_t type,
                                     const void* data,
                                     size_t data_size);
@@ -141,13 +141,13 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
 * @return the required buffer size
 */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                                    const char* attr_name,
                                    uint32_t type,
                                    const void* data,
@@ -162,7 +162,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
 * @return length of serialized data
 */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                     char *result);
 /**
@@ -173,8 +173,8 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
 *
 * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                            size_t data_size);
@@ -186,7 +186,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
 * @return the required buffer size
 */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
@@ -199,7 +199,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
 * @return length of serialized data
 */
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                     char *result);
 /**
@@ -210,12 +210,12 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
 *
 * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                       size_t data_size);
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 /**
 * Convert a type name to the corresponding number
@@ -224,7 +224,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 * @return corresponding number, UINT32_MAX on error
 */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename);
 /**
 * Convert human-readable version of a 'claim' of an attribute to the binary
@@ -237,7 +237,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
 * @return #GNUNET_OK on success
 */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                           const char *s,
                                           void **data,
                                           size_t *data_size);
@@ -251,7 +251,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
 * @return NULL on error, otherwise human-readable representation of the claim
 */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                           const void* data,
                                           size_t data_size);
@@ -262,7 +262,7 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
 * @return corresponding typestring, NULL on error
 */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type);
 #if 0                           /* keep Emacsens' auto-indent happy */
@@ -273,9 +273,9 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
 #endif
-/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */
+/* ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H */
 #endif
 /** @} */ /* end of group identity */
-/* end of gnunet_identity_attribute_lib.h */
+/* end of gnunet_reclaim_attribute_lib.h */
diff --git a/src/include/gnunet_identity_attribute_plugin.h b/src/include/gnunet_reclaim_attribute_plugin.h
index 7c399c616..cf0bb141a 100644
--- a/src/include/gnunet_identity_attribute_plugin.h
+++ b/src/include/gnunet_reclaim_attribute_plugin.h
@@ -26,11 +26,11 @@
 * Plugin API for the idp database backend
 * @{
 */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
-#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
+#define GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #ifdef __cplusplus
 extern "C"
@@ -51,7 +51,7 @@ extern "C"
 * @param data_size number of bytes in @a data
 * @return NULL on error, otherwise human-readable representation of the value
 */
-typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
+typedef char * (*GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction) (void *cls,
                                                          uint32_t type,
                                                          const void *data,
                                                          size_t data_size);
@@ -69,7 +69,7 @@ typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
 * @param data_size set to number of bytes in @a data
 * @return #GNUNET_OK on success
 */
-typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
+typedef int (*GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction) (void *cls,
                                                       uint32_t type,
                                                       const char *s,
                                                       void **data,
@@ -84,7 +84,7 @@ typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
 * @param typename name to convert
 * @return corresponding number, UINT32_MAX on error
 */
-typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
+typedef uint32_t (*GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
                                                               const char *typename);
@@ -96,7 +96,7 @@ typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cl
 * @param type number of a type to convert
 * @return corresponding typestring, NULL on error
 */
-typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
+typedef const char * (*GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
                                                                   uint32_t type);
@@ -104,7 +104,7 @@ typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void
 * Each plugin is required to return a pointer to a struct of this
 * type as the return value from its entry point.
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
+struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions
 {
  /**
@@ -115,22 +115,22 @@ struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
  /**
   * Conversion to string.
   */
-  GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string;
+  GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction value_to_string;
  /**
   * Conversion to binary.
   */
-  GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value;
+  GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction string_to_value;
  /**
   * Typename to number.
   */
-  GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
+  GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
  /**
   * Number to typename.
   */
-  GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
+  GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
 };
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_reclaim_plugin.h
index 2330066dd..c400af64c 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_reclaim_plugin.h
@@ -22,15 +22,15 @@
 * @file
 * Plugin API for the idp database backend
 *
- * @defgroup identity-provider-plugin  IdP service plugin API
+ * @defgroup reclaim-plugin  IdP service plugin API
 * Plugin API for the idp database backend
 * @{
 */
-#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H
+#ifndef GNUNET_RECLAIM_PLUGIN_H
-#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H
+#define GNUNET_RECLAIM_PLUGIN_H
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 #ifdef __cplusplus
 extern "C"
@@ -47,15 +47,15 @@ extern "C"
 * @param cls closure
 * @param ticket the ticket
 */
-typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
+typedef void (*GNUNET_RECLAIM_TicketIterator) (void *cls,
-                                                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                                 const struct GNUNET_RECLAIM_Ticket *ticket,
-             const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+             const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 /**
 * @brief struct returned by the initialization function of the plugin
 */
-struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
+struct GNUNET_RECLAIM_PluginFunctions
 {
  /**
@@ -71,8 +71,8 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
   * @return #GNUNET_OK on success, else #GNUNET_SYSERR
   */
  int (*store_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
-      const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+      const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
  /**
   * Delete a ticket from the database.
@@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
   * @return #GNUNET_OK on success, else #GNUNET_SYSERR
   */
  int (*delete_ticket) (void *cls,
-                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                        const struct GNUNET_RECLAIM_Ticket *ticket);
@@ -101,11 +101,11 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
                          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
        int audience,
                          uint64_t offset,
-                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls);
+                          GNUNET_RECLAIM_TicketIterator iter, void *iter_cls);
  int (*get_ticket_attributes) (void* cls,
-                                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                const struct GNUNET_RECLAIM_Ticket *ticket,
-                                GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                GNUNET_RECLAIM_TicketIterator iter,
                                void *iter_cls);
 };
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_reclaim_service.h
index 0c72556e8..7e668cd62 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_reclaim_service.h
@@ -22,11 +22,11 @@
 * @file
 * Identity provider service; implements identity provider for GNUnet
 *
- * @defgroup identity-provider  Identity Provider service
+ * @defgroup reclaim  Identity Provider service
 * @{
 */
-#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
+#ifndef GNUNET_RECLAIM_SERVICE_H
-#define GNUNET_IDENTITY_PROVIDER_SERVICE_H
+#define GNUNET_RECLAIM_SERVICE_H
 #ifdef __cplusplus
 extern "C"
@@ -37,27 +37,27 @@ extern "C"
 #endif
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 /**
 * Version number of GNUnet Identity Provider API.
 */
-#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
+#define GNUNET_RECLAIM_VERSION 0x00000000
 /**
 * Handle to access the identity service.
 */
-struct GNUNET_IDENTITY_PROVIDER_Handle;
+struct GNUNET_RECLAIM_Handle;
 /**
 * Handle for a token.
 */
-struct GNUNET_IDENTITY_PROVIDER_Token;
+struct GNUNET_RECLAIM_Token;
 /**
 * The ticket
 */
-struct GNUNET_IDENTITY_PROVIDER_Ticket
+struct GNUNET_RECLAIM_Ticket
 {
  /**
   * The ticket issuer
@@ -78,7 +78,7 @@ struct GNUNET_IDENTITY_PROVIDER_Ticket
 /**
 * Handle for an operation with the identity provider service.
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation;
+struct GNUNET_RECLAIM_Operation;
 /**
@@ -87,8 +87,8 @@ struct GNUNET_IDENTITY_PROVIDER_Operation;
 * @param cfg Configuration to contact the identity provider service.
 * @return handle to communicate with identity provider service
 */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
+struct GNUNET_RECLAIM_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
 /**
 * Continuation called to notify client about result of the
@@ -101,7 +101,7 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
 * @param emsg NULL on success, otherwise an error message
 */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
+(*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
                                            int32_t success,
                                            const char *emsg);
@@ -118,12 +118,12 @@ typedef void
 * @param cont_cls closure for @a cont
 * @return handle to abort the request
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                          const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                          void *cont_cls);
@@ -135,19 +135,19 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 * @param attr the attribute
 */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
+(*GNUNET_RECLAIM_AttributeResult) (void *cls,
                                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
+                                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
 /**
 * List all attributes for a local identity. 
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
 * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
 *
 * On error (disconnect), @a error_cb will be invoked.
 * On normal completion, @a finish_cb proc will be
@@ -166,36 +166,36 @@ typedef void
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
+struct GNUNET_RECLAIM_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                               GNUNET_SCHEDULER_TaskCallback error_cb,
                                               void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                               void *proc_cls,
                                               GNUNET_SCHEDULER_TaskCallback finish_cb,
                                               void *finish_cb_cls);
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
 * for the next record.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it);
 /**
 * Stops iteration and releases the idp handle for further calls.  Must
 * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it);
 /**
@@ -207,12 +207,12 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
 * @param ticket the ticket
 */
 typedef void
-(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
+(*GNUNET_RECLAIM_TicketCallback)(void *cls,
-                            const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+                            const struct GNUNET_RECLAIM_Ticket *ticket);
 /**
 * Issues a ticket to another identity. The identity may use
- * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket
+ * GNUNET_RECLAIM_ticket_consume to consume the ticket
 * and retrieve the attributes specified in the AttributeList.
 *
 * @param h the identity provider to use
@@ -223,12 +223,12 @@ typedef void
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                       const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                       void *cb_cls);
 /**
@@ -242,11 +242,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                        void *cb_cls);
@@ -262,11 +262,11 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                         void *cb_cls);
 /**
@@ -286,12 +286,12 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
+struct GNUNET_RECLAIM_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                 GNUNET_SCHEDULER_TaskCallback error_cb,
                                                 void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                 void *proc_cls,
                                                 GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                 void *finish_cb_cls);
@@ -313,34 +313,34 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
+struct GNUNET_RECLAIM_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                    GNUNET_SCHEDULER_TaskCallback error_cb,
                                                    void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                    void *proc_cls,
                                                    GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                    void *finish_cb_cls);
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
 * for the next record.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it);
 /**
 * Stops iteration and releases the idp handle for further calls.  Must
 * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it);
 /**
 * Disconnect from identity provider service.
@@ -348,7 +348,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
 * @param h identity provider service to disconnect
 */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h);
 /**
@@ -360,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
 * @param op operation to cancel
 */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op);
 #if 0                           /* keep Emacsens' auto-indent happy */
 {
@@ -370,9 +370,9 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
 #endif
-/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
+/* ifndef GNUNET_RECLAIM_SERVICE_H */
 #endif
 /** @} */ /* end of group identity */
-/* end of gnunet_identity_provider_service.h */
+/* end of gnunet_reclaim_service.h */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index d7accaf2c..829f8be7e 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -151,12 +151,12 @@ extern "C"
 /**
 * Signature for the first round of distributed key generation.
 */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 22
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 21
 /**
 * Signature for the second round of distributed key generation.
 */
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 23
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 22
 /**
 * Signature for cooperatice decryption.
@@ -181,7 +181,7 @@ extern "C"
 /**
 * Signature for a GNUid Ticket
 */
-#define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27
+#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN 27
 /**
 * Signature for a GNUnet credential
diff --git a/src/multicast/gnunet-service-multicast.c b/src/multicast/gnunet-service-multicast.c
index 20d29b906..f8441cc2b 100644
--- a/src/multicast/gnunet-service-multicast.c
+++ b/src/multicast/gnunet-service-multicast.c
@@ -1449,17 +1449,15 @@ check_client_member_join (void *cls,
  struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1];
  uint32_t relay_count = ntohl (msg->relay_count);
-  if (0 == relay_count)
+  if (0 != relay_count)
  {
-    GNUNET_break (0);
+    if (UINT32_MAX / relay_count < sizeof (*relays)){
-    return GNUNET_SYSERR;
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-  }
+                      "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
-  if (UINT32_MAX / relay_count < sizeof (*relays)){
+                (unsigned long)relay_count,
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                sizeof (*relays));
-                    "relay_count (%lu) * sizeof (*relays)  (%lu) exceeds UINT32_MAX!\n",
+        return GNUNET_SYSERR;
-              (unsigned long)relay_count,
+    }
-              sizeof (*relays));
-      return GNUNET_SYSERR;
  }
  uint32_t relay_size = relay_count * sizeof (*relays);
  struct GNUNET_MessageHeader *join_msg = NULL;
diff --git a/src/multicast/test_multicast_multipeer.c b/src/multicast/test_multicast_multipeer.c
index 3a7c6d961..7766ff875 100644
--- a/src/multicast/test_multicast_multipeer.c
+++ b/src/multicast/test_multicast_multipeer.c
@@ -160,6 +160,7 @@ notify (void *cls,
  *data_size = sizeof (struct pingpong_msg);
  GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "Peer #%u sents ping to origin\n", mc_peer->peer);
@@ -328,6 +329,7 @@ origin_notify (void *cls,
  pp_msg->msg = PONG;
  *data_size = sizeof (struct pingpong_msg);
  GNUNET_memcpy(data, pp_msg, *data_size);
+  GNUNET_free (pp_msg);
  GNUNET_log (GNUNET_ERROR_TYPE_INFO, "origin sends pong\n");
diff --git a/src/identity-attribute/Makefile.am b/src/reclaim-attribute/Makefile.am
index 2c73a443e..7db2925b1 100644
--- a/src/identity-attribute/Makefile.am
+++ b/src/reclaim-attribute/Makefile.am
@@ -17,28 +17,28 @@ if USE_COVERAGE
 endif
 lib_LTLIBRARIES = \
-  libgnunetidentityattribute.la
+  libgnunetreclaimattribute.la
-libgnunetidentityattribute_la_SOURCES = \
+libgnunetreclaimattribute_la_SOURCES = \
-  identity_attribute.c
+  reclaim_attribute.c
-libgnunetidentityattribute_la_LIBADD = \
+libgnunetreclaimattribute_la_LIBADD = \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(GN_LIBINTL)
-libgnunetidentityattribute_la_LDFLAGS = \
+libgnunetreclaimattribute_la_LDFLAGS = \
  $(GN_LIB_LDFLAGS) $(WINFLAGS) \
  -version-info 0:0:0
 plugin_LTLIBRARIES = \
-  libgnunet_plugin_identity_attribute_gnuid.la
+  libgnunet_plugin_reclaim_attribute_gnuid.la
-libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_SOURCES = \
-  plugin_identity_attribute_gnuid.c
+  plugin_reclaim_attribute_gnuid.c
-libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_LIBADD = \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(LTLIBINTL)
-libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \
+libgnunet_plugin_reclaim_attribute_gnuid_la_LDFLAGS = \
 $(GN_PLUGIN_LDFLAGS)
diff --git a/src/identity-attribute/plugin_identity_attribute_gnuid.c b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
index c09b167f5..48afc0732 100644
--- a/src/identity-attribute/plugin_identity_attribute_gnuid.c
+++ b/src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
@@ -17,7 +17,7 @@
 */
 /**
- * @file identity-attribute/plugin_identity_attribute_gnuid.c
+ * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c
 * @brief identity attribute plugin to provide the API for fundamental 
 *                 attribute types.
 *
@@ -25,7 +25,7 @@
 */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 #include <inttypes.h>
@@ -47,7 +47,7 @@ gnuid_value_to_string (void *cls,
  switch (type)
  {
-  case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+  case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
    return GNUNET_strndup (data, data_size);
  default:
    return NULL;
@@ -78,7 +78,7 @@ gnuid_string_to_value (void *cls,
  switch (type)
  {
-    case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
+    case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
      *data = GNUNET_strdup (s);
      *data_size = strlen (s);
      return GNUNET_OK;
@@ -96,7 +96,7 @@ static struct {
  const char *name;
  uint32_t number;
 } gnuid_name_map[] = {
-  { "STRING",  GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING },
+  { "STRING",  GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING },
  { NULL, UINT32_MAX }
 };
@@ -151,11 +151,11 @@ gnuid_number_to_typename (void *cls,
 * @return the exported block API
 */
 void *
-libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_init (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
-  api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions);
  api->value_to_string = &gnuid_value_to_string;
  api->string_to_value = &gnuid_string_to_value;
  api->typename_to_number = &gnuid_typename_to_number;
@@ -171,12 +171,12 @@ libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
 * @return NULL
 */
 void *
-libgnunet_plugin_identity_attribute_gnuid_done (void *cls)
+libgnunet_plugin_reclaim_attribute_gnuid_done (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = cls;
  GNUNET_free (api);
  return NULL;
 }
-/* end of plugin_identity_attribute_type_gnuid.c */
+/* end of plugin_reclaim_attribute_type_gnuid.c */
diff --git a/src/identity-attribute/identity_attribute.c b/src/reclaim-attribute/reclaim_attribute.c
index 7d47c46a7..74d668ea8 100644
--- a/src/identity-attribute/identity_attribute.c
+++ b/src/reclaim-attribute/reclaim_attribute.c
@@ -17,14 +17,14 @@
 */
 /**
- * @file identity-attribute/identity_attribute.c
+ * @file reclaim-attribute/reclaim_attribute.c
 * @brief helper library to manage identity attributes
 * @author Martin Schanzenbach
 */
 #include "platform.h"
 #include "gnunet_util_lib.h"
-#include "identity_attribute.h"
+#include "reclaim_attribute.h"
-#include "gnunet_identity_attribute_plugin.h"
+#include "gnunet_reclaim_attribute_plugin.h"
 /**
 * Handle for a plugin
@@ -39,7 +39,7 @@ struct Plugin
  /**
   * Plugin API
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
 };
 /**
@@ -65,7 +65,7 @@ add_plugin (void* cls,
            const char *library_name,
            void *lib_ret)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret;
+  struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = lib_ret;
  struct Plugin *plugin;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -86,7 +86,7 @@ init()
  if (GNUNET_YES == initialized)
    return;
  initialized = GNUNET_YES;
-  GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL,
+  GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attribute_", NULL,
                          &add_plugin, NULL);
 }
@@ -97,7 +97,7 @@ init()
 * @return corresponding number, UINT32_MAX on error
 */
 uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename)
 {
  unsigned int i;
  struct Plugin *plugin;
@@ -121,7 +121,7 @@ GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
 * @return corresponding typestring, NULL on error
 */
 const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type)
 {
  unsigned int i;
  struct Plugin *plugin;
@@ -149,7 +149,7 @@ GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
 * @return #GNUNET_OK on success
 */
 int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
                                           const char *s,
                                           void **data,
                                           size_t *data_size)
@@ -180,7 +180,7 @@ GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
 * @return NULL on error, otherwise human-readable representation of the claim
 */
 char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
                                           const void* data,
                                           size_t data_size)
 {
@@ -210,16 +210,16 @@ GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
 * @param data_size the attribute value size
 * @return the new attribute
 */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
               uint32_t type,
               const void* data,
               size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
  char *write_ptr;
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) +
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) +
                        strlen (attr_name) + 1 +
                        data_size);
  attr->type = type;
@@ -249,15 +249,15 @@ GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
 * @return
 */
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *claim_list,
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *claim_list,
                                    const char* attr_name,
                                    uint32_t type,
                                    const void* data,
                                    size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
-  le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+  le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
                                               type,
                                               data,
                                               data_size);
@@ -267,20 +267,20 @@ GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
 }
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  size_t len = 0;
  for (le = attrs->list_head; NULL != le; le = le->next)
-    len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    len += GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
  return len; 
 }
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                          char *result)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  size_t len;
  size_t total_len;
  char* write_ptr;
@@ -289,7 +289,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
  total_len = 0;
  for (le = attrs->list_head; NULL != le; le = le->next)
  {
-    len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim,
+    len = GNUNET_RECLAIM_ATTRIBUTE_serialize (le->claim,
                               write_ptr);
    total_len += len;
    write_ptr += len;
@@ -297,49 +297,49 @@ GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE
  return total_len;
 }
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
                       size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  size_t attr_len;
  const char* read_ptr;
  if (data_size < sizeof (struct Attribute))
    return NULL;
  
-  attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
  read_ptr = data;
  while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
  {
-    le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+    le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-    le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr,
+    le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (read_ptr,
                                           data_size - (read_ptr - data));
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Deserialized attribute %s\n", le->claim->name);
    GNUNET_CONTAINER_DLL_insert (attrs->list_head,
                                 attrs->list_tail,
                                 le);
-    attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
+    attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
    read_ptr += attr_len;
  }
  return attrs;
 }
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *result_le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *result;
-  result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  result = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
  for (le = attrs->list_head; NULL != le; le = le->next)
  {
-    result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+    result_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-    result_le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (le->claim->name,
+    result_le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (le->claim->name,
                                                     le->claim->type,
                                                     le->claim->data,
                                                     le->claim->data_size);
@@ -352,10 +352,10 @@ GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim
 void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *tmp_le;
  for (le = attrs->list_head; NULL != le;)
  {
@@ -369,7 +369,7 @@ GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimLi
 }
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  return sizeof (struct Attribute) 
    + strlen (attr->name)
@@ -377,7 +377,7 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRI
 }
 size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                     char *result)
 {
  size_t data_len_ser;
@@ -403,11 +403,11 @@ GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Clai
  return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
 }
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
                       size_t data_size)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
  struct Attribute *attr_ser;
  size_t data_len;
  size_t name_len;
@@ -419,7 +419,7 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
  attr_ser = (struct Attribute*)data;
  data_len = ntohs (attr_ser->data_size);
  name_len = ntohs (attr_ser->name_len);
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim)
+  attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim)
                        + data_len + name_len + 1);
  attr->type = ntohs (attr_ser->attribute_type);
  attr->version = ntohl (attr_ser->attribute_version);
@@ -441,4 +441,4 @@ GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
 }
-/* end of identity_attribute.c */
+/* end of reclaim_attribute.c */
diff --git a/src/identity-attribute/identity_attribute.h b/src/reclaim-attribute/reclaim_attribute.h
index 2346dcde1..746d32980 100644
--- a/src/identity-attribute/identity_attribute.h
+++ b/src/reclaim-attribute/reclaim_attribute.h
@@ -17,14 +17,14 @@
   */
 /**
 * @author Martin Schanzenbach
- * @file identity-attribute/identity_attribute.h
+ * @file reclaim-attribute/reclaim_attribute.h
- * @brief GNUnet Identity attributes
+ * @brief GNUnet reclaim identity attributes
 *
 */
-#ifndef IDENTITY_ATTRIBUTE_H
+#ifndef RECLAIM_ATTRIBUTE_H
-#define IDENTITY_ATTRIBUTE_H
+#define RECLAIM_ATTRIBUTE_H
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 struct Attribute
 {
diff --git a/src/identity-provider/.gitignore b/src/reclaim/.gitignore
index ef77fccdc..ef77fccdc 100644
--- a/src/identity-provider/.gitignore
+++ b/src/reclaim/.gitignore
diff --git a/src/identity-provider/Makefile.am b/src/reclaim/Makefile.am
index 2eb699542..2ee43d21a 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -13,12 +13,12 @@ if USE_COVERAGE
 endif
 if HAVE_SQLITE
-SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la
+SQLITE_PLUGIN = libgnunet_plugin_reclaim_sqlite.la
 endif
 EXTRA_DIST = \
-  test_idp_defaults.conf \
+  test_reclaim_defaults.conf \
-        test_idp.conf \
+        test_reclaim.conf \
        $(check_SCRIPTS)
 pkgcfgdir= $(pkgdatadir)/config.d/
@@ -26,46 +26,46 @@ pkgcfgdir= $(pkgdatadir)/config.d/
 libexecdir= $(pkglibdir)/libexec/
 pkgcfg_DATA = \
-  identity-provider.conf
+  reclaim.conf
 lib_LTLIBRARIES = \
-  libgnunetidentityprovider.la
+  libgnunetreclaim.la
 plugin_LTLIBRARIES = \
-        libgnunet_plugin_rest_identity_provider.la \
+        libgnunet_plugin_rest_reclaim.la \
        libgnunet_plugin_rest_openid_connect.la \
-  libgnunet_plugin_gnsrecord_identity_provider.la \
+  libgnunet_plugin_gnsrecord_reclaim.la \
        $(SQLITE_PLUGIN)
 bin_PROGRAMS = \
- gnunet-idp
+ gnunet-reclaim
 libexec_PROGRAMS = \
- gnunet-service-identity-provider
+ gnunet-service-reclaim
-libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \
+libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \
-  plugin_gnsrecord_identity_provider.c
+  plugin_gnsrecord_reclaim.c
-libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \
+libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \
  $(top_builddir)/src/util/libgnunetutil.la \
  $(LTLIBINTL)
-libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \
 $(GN_PLUGIN_LDFLAGS)
-libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \
+libgnunet_plugin_reclaim_sqlite_la_SOURCES = \
-  plugin_identity_provider_sqlite.c
+  plugin_reclaim_sqlite.c
-libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \
+libgnunet_plugin_reclaim_sqlite_la_LIBADD = \
-  libgnunetidentityprovider.la  \
+  libgnunetreclaim.la  \
  $(top_builddir)/src/sq/libgnunetsq.la \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
  $(LTLIBINTL)
-libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
+libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \
 $(GN_PLUGIN_LDFLAGS)
-gnunet_service_identity_provider_SOURCES = \
+gnunet_service_reclaim_SOURCES = \
- gnunet-service-identity-provider.c
+ gnunet-service-reclaim.c
-gnunet_service_identity_provider_LDADD = \
+gnunet_service_reclaim_LDADD = \
 $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
 $(top_builddir)/src/util/libgnunetutil.la \
 $(top_builddir)/src/namestore/libgnunetnamestore.la \
@@ -73,66 +73,67 @@ gnunet_service_identity_provider_LDADD = \
 $(top_builddir)/src/statistics/libgnunetstatistics.la \
 $(top_builddir)/src/abe/libgnunetabe.la \
 $(top_builddir)/src/credential/libgnunetcredential.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
- libgnunetidentityprovider.la \
+ libgnunetreclaim.la \
 $(top_builddir)/src/gns/libgnunetgns.la \
 $(GN_LIBINTL)
-libgnunetidentityprovider_la_SOURCES = \
+libgnunetreclaim_la_SOURCES = \
- identity_provider_api.c \
+ reclaim_api.c \
- identity_provider.h
+ reclaim.h
-libgnunetidentityprovider_la_LIBADD = \
+libgnunetreclaim_la_LIBADD = \
  $(top_builddir)/src/util/libgnunetutil.la \
        $(GN_LIBINTL) $(XLIB)
-libgnunetidentityprovider_la_LDFLAGS = \
+libgnunetreclaim_la_LDFLAGS = \
        $(GN_LIB_LDFLAGS)  $(WINFLAGS) \
        -version-info 0:0:0
-libgnunet_plugin_rest_identity_provider_la_SOURCES = \
+libgnunet_plugin_rest_reclaim_la_SOURCES = \
-  plugin_rest_identity_provider.c \
+  plugin_rest_reclaim.c
-        jwt.c
+libgnunet_plugin_rest_reclaim_la_LIBADD = \
-libgnunet_plugin_rest_identity_provider_la_LIBADD = \
        $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
        $(top_builddir)/src/rest/libgnunetrest.la \
        $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
        $(top_builddir)/src/namestore/libgnunetnamestore.la \
  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
  $(LTLIBINTL) -ljansson -lmicrohttpd
-libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
+libgnunet_plugin_rest_reclaim_la_LDFLAGS = \
 $(GN_PLUGIN_LDFLAGS)
 libgnunet_plugin_rest_openid_connect_la_SOURCES = \
  plugin_rest_openid_connect.c \
-        jwt.c
+        oidc_helper.c
 libgnunet_plugin_rest_openid_connect_la_LIBADD = \
        $(top_builddir)/src/identity/libgnunetidentity.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
        $(top_builddir)/src/rest/libgnunetrest.la \
        $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
        $(top_builddir)/src/namestore/libgnunetnamestore.la \
+        $(top_builddir)/src/gns/libgnunetgns.la \
+        $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
  $(LTLIBINTL) -ljansson -lmicrohttpd
 libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
 $(GN_PLUGIN_LDFLAGS)
-gnunet_idp_SOURCES = \
+gnunet_reclaim_SOURCES = \
- gnunet-idp.c
+ gnunet-reclaim.c
-gnunet_idp_LDADD = \
+gnunet_reclaim_LDADD = \
  $(top_builddir)/src/util/libgnunetutil.la \
        $(top_builddir)/src/namestore/libgnunetnamestore.la \
-        libgnunetidentityprovider.la \
+        libgnunetreclaim.la \
        $(top_builddir)/src/identity/libgnunetidentity.la \
-        $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
+        $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
  $(GN_LIBINTL)
 check_SCRIPTS = \
-        test_idp_attribute.sh \
+        test_reclaim_attribute.sh \
-        test_idp_issue.sh \
+        test_reclaim_issue.sh \
-        test_idp_consume.sh \
+        test_reclaim_consume.sh \
-  test_idp_revoke.sh
+  test_reclaim_revoke.sh
 if ENABLE_TEST_RUN
 AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
diff --git a/src/identity-provider/gnunet-idp.c b/src/reclaim/gnunet-reclaim.c
index 79e4f8d27..9947eac6d 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/reclaim/gnunet-reclaim.c
@@ -17,7 +17,7 @@
   */
 /**
 * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-idp.c
+ * @file src/reclaim/gnunet-reclaim.c
 * @brief Identity Provider utility
 *
 */
@@ -25,7 +25,7 @@
 #include "platform.h"
 #include "gnunet_util_lib.h"
 #include "gnunet_namestore_service.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_signatures.h"
@@ -85,19 +85,19 @@ static char* ego_name;
 static struct GNUNET_IDENTITY_Handle *identity_handle;
 /**
- * IdP handle
+ * reclaim handle
 */
-static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle;
+static struct GNUNET_RECLAIM_Handle *reclaim_handle;
 /**
- * IdP operation
+ * reclaim operation
 */
-static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+static struct GNUNET_RECLAIM_Operation *reclaim_op;
 /**
 * Attribute iterator
 */
-static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator;
+static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator;
 /**
 * Master ABE key
@@ -117,12 +117,12 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
 /**
 * Ticket to consume
 */
-static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+static struct GNUNET_RECLAIM_Ticket ticket;
 /**
 * Attribute list
 */
-static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+static struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
 /**
 * Attribute expiration interval
@@ -139,12 +139,12 @@ do_cleanup(void *cls)
 {
  if (NULL != timeout)
    GNUNET_SCHEDULER_cancel (timeout);
-  if (NULL != idp_op)
+  if (NULL != reclaim_op)
-    GNUNET_IDENTITY_PROVIDER_cancel (idp_op);
+    GNUNET_RECLAIM_cancel (reclaim_op);
  if (NULL != attr_iterator)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator);
+    GNUNET_RECLAIM_get_attributes_stop (attr_iterator);
-  if (NULL != idp_handle)
+  if (NULL != reclaim_handle)
-    GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle);
+    GNUNET_RECLAIM_disconnect (reclaim_handle);
  if (NULL != identity_handle)
    GNUNET_IDENTITY_disconnect (identity_handle);
  if (NULL != abe_key)
@@ -155,13 +155,13 @@ do_cleanup(void *cls)
 static void
 ticket_issue_cb (void* cls,
-                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                 const struct GNUNET_RECLAIM_Ticket *ticket)
 {
  char* ticket_str;
-  idp_op = NULL;
+  reclaim_op = NULL;
  if (NULL != ticket) {
    ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
-                                                      sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                      sizeof (struct GNUNET_RECLAIM_Ticket));
    printf("%s\n",
           ticket_str);
    GNUNET_free (ticket_str);
@@ -174,7 +174,7 @@ store_attr_cont (void *cls,
                 int32_t success,
                 const char*emsg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
  if (GNUNET_SYSERR == success) {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "%s\n", emsg);
@@ -185,12 +185,12 @@ store_attr_cont (void *cls,
 static void
 process_attrs (void *cls,
         const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  char *value_str;
  if (NULL == identity)
  {
-    idp_op = NULL;
+    reclaim_op = NULL;
    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
    return;
  }
@@ -199,9 +199,9 @@ process_attrs (void *cls,
    ret = 1;
    return;
  }
-  value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+  value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
-                                                     attr->data,
+                                                        attr->data,
-                                                     attr->data_size);
+                                                        attr->data_size);
  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
              "%s: %s\n", attr->name, value_str);
 }
@@ -229,7 +229,7 @@ timeout_task (void *cls)
 static void
 process_rvk (void *cls, int success, const char* msg)
 {
-  idp_op = NULL;
+  reclaim_op = NULL;
  if (GNUNET_OK != success)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
@@ -242,7 +242,7 @@ process_rvk (void *cls, int success, const char* msg)
 static void
 iter_finished (void *cls)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
  char *data;
  size_t data_size;
  int type;
@@ -256,21 +256,21 @@ iter_finished (void *cls)
  if (issue_attrs)
  {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
+    reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle,
-                                                    pkey,
+                                              pkey,
-                                                    &rp_key,
+                                              &rp_key,
-                                                    attr_list,
+                                              attr_list,
-                                                    &ticket_issue_cb,
+                                              &ticket_issue_cb,
-                                                    NULL);
+                                              NULL);
    return;
  }
  if (consume_ticket)
  {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
+    reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle,
-                                                      pkey,
+                                                pkey,
-                                                      &ticket,
+                                                &ticket,
-                                                      &process_attrs,
+                                                &process_attrs,
-                                                      NULL);
+                                                NULL);
    timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
                                            &timeout_task,
                                            NULL);
@@ -278,34 +278,34 @@ iter_finished (void *cls)
  }
  if (revoke_ticket)
  {
-    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
+    reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle,
-                                                     pkey,
+                                               pkey,
-                                                     &ticket,
+                                               &ticket,
-                                                     &process_rvk,
+                                               &process_rvk,
-                                                     NULL);
+                                               NULL);
    return;
  }
  if (attr_name)
  {
    if (NULL == type_str)
-      type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING;
+      type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING;
    else
-      type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str);
+      type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str);
-    GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type,
+    GNUNET_assert (GNUNET_SYSERR != GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type,
-                                                                               attr_value,
+                                                                              attr_value,
-                                                                               (void**)&data,
+                                                                              (void**)&data,
-                                                                               &data_size));
+                                                                              &data_size));
-    claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+    claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
                                                 type,
                                                 data,
                                                 data_size);
-    idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
+    reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle,
-                                                       pkey,
+                                                 pkey,
-                                                       claim,
+                                                 claim,
-                                                       &exp_interval,
+                                                 &exp_interval,
-                                                       &store_attr_cont,
+                                                 &store_attr_cont,
-                                                       NULL);
+                                                 NULL);
    return;
  }
  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
@@ -314,9 +314,9 @@ iter_finished (void *cls)
 static void
 iter_cb (void *cls,
         const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+         const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  char *attrs_tmp;
  char *attr_str;
@@ -329,11 +329,11 @@ iter_cb (void *cls,
        attr_str = strtok (NULL, ",");
        continue;
      }
-      le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+      le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-      le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
+      le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
-                                                       attr->type,
+                                                      attr->type,
-                                                       attr->data,
+                                                      attr->data,
-                                                       attr->data_size);
+                                                      attr->data_size);
      GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
                                   attr_list->list_tail,
                                   le);
@@ -344,7 +344,7 @@ iter_cb (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
                "%s: %s\n", attr->name, (char*)attr->data);
  }
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator);
+  GNUNET_RECLAIM_get_attributes_next (attr_iterator);
 }
 static void
@@ -365,24 +365,24 @@ ego_iter_finished (void *cls)
    GNUNET_STRINGS_string_to_data (consume_ticket,
                                   strlen (consume_ticket),
                                   &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
  if (NULL != revoke_ticket)
    GNUNET_STRINGS_string_to_data (revoke_ticket,
                                   strlen (revoke_ticket),
                                   &ticket,
-                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                   sizeof (struct GNUNET_RECLAIM_Ticket));
-  attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
-  attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
+  attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle,
-                                                                 pkey,
+                                                       pkey,
-                                                                 &iter_error,
+                                                       &iter_error,
-                                                                 NULL,
+                                                       NULL,
-                                                                 &iter_cb,
+                                                       &iter_cb,
-                                                                 NULL,
+                                                       NULL,
-                                                                 &iter_finished,
+                                                       &iter_finished,
-                                                                 NULL);
+                                                       NULL);
 }
@@ -439,7 +439,7 @@ run (void *cls,
    return;
  }
-  idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c);
+  reclaim_handle = GNUNET_RECLAIM_connect (c);
  //Get Ego
  identity_handle = GNUNET_IDENTITY_connect (c,
                                             &ego_cb,
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/reclaim/gnunet-service-reclaim.c
index c53e72477..bf8780a92 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/reclaim/gnunet-service-reclaim.c
@@ -17,8 +17,8 @@
   */
 /**
 * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-service-identity-provider.c
+ * @file src/reclaim/gnunet-service-reclaim.c
- * @brief Identity Token Service
+ * @brief reclaim Service
 *
 */
 #include "platform.h"
@@ -32,10 +32,10 @@
 #include "gnunet_credential_service.h"
 #include "gnunet_statistics_service.h"
 #include "gnunet_gns_service.h"
-#include "gnunet_identity_provider_plugin.h"
+#include "gnunet_reclaim_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_signatures.h"
-#include "identity_provider.h"
+#include "reclaim.h"
 /**
 * First pass state
@@ -65,7 +65,7 @@ static struct GNUNET_IDENTITY_Handle *identity_handle;
 /**
 * Database handle
 */
-static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database;
+static struct GNUNET_RECLAIM_PluginFunctions *TKT_database;
 /**
 * Name of DB plugin
@@ -396,7 +396,7 @@ struct AttributeStoreHandle
  /**
   * The attribute to store
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
  /**
   * The attribute expiration interval
@@ -433,7 +433,7 @@ struct ConsumeTicketHandle
  /**
   * Ticket
   */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  /**
   * LookupRequest
@@ -473,7 +473,7 @@ struct ConsumeTicketHandle
  /**
   * Attributes
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
  
  /**
   * Lookup time
@@ -535,12 +535,12 @@ struct TicketRevocationHandle
  /**
   * Attributes to reissue
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
  /**
   * Attributes to revoke
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *rvk_attrs;
  /**
   * Issuer Key
@@ -550,7 +550,7 @@ struct TicketRevocationHandle
  /**
   * Ticket to issue
   */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  /**
   * QueueEntry
@@ -603,7 +603,7 @@ struct TicketIssueHandle
  /**
   * Attributes to issue
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
  /**
   * Issuer Key
@@ -613,7 +613,7 @@ struct TicketIssueHandle
  /**
   * Ticket to issue
   */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  /**
   * QueueEntry
@@ -861,7 +861,7 @@ static void
 cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 {
  if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
  if (NULL != handle->ns_qe)
    GNUNET_NAMESTORE_cancel (handle->ns_qe);
  GNUNET_free (handle);
@@ -871,12 +871,12 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
 static void
 send_ticket_result (struct IdpClient *client,
                    uint32_t r_id,
-                    const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                    const struct GNUNET_RECLAIM_Ticket *ticket,
-                    const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                    const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
  struct TicketResultMessage *irm;
  struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf;
+  struct GNUNET_RECLAIM_Ticket *ticket_buf;
  /* store ticket in DB */
  if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
@@ -889,9 +889,9 @@ send_ticket_result (struct IdpClient *client,
  }
  env = GNUNET_MQ_msg_extra (irm,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
-  ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1];
+  ticket_buf = (struct GNUNET_RECLAIM_Ticket *)&irm[1];
  *ticket_buf = *ticket;
  irm->id = htonl (r_id);
  GNUNET_MQ_send (client->mq,
@@ -927,14 +927,14 @@ store_ticket_issue_cont (void *cls,
 int
-serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+serialize_abe_keyinfo2 (const struct GNUNET_RECLAIM_Ticket *ticket,
-                        const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+                        const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
                        const struct GNUNET_ABE_AbeKey *rp_key,
                        struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
                        char **result)
 {
  struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  char *enc_keyinfo;
  char *serialized_key;
  char *buf;
@@ -1009,7 +1009,7 @@ issue_ticket_after_abe_bootstrap (void *cls,
                                  struct GNUNET_ABE_AbeMasterKey *abe_key)
 {
  struct TicketIssueHandle *ih = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
  struct GNUNET_GNSRECORD_Data code_record[1];
  struct GNUNET_ABE_AbeKey *rp_key;
@@ -1101,7 +1101,7 @@ handle_issue_ticket_message (void *cls,
  ih = GNUNET_new (struct TicketIssueHandle);
  attrs_len = ntohs (im->attr_len);
-  ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
+  ih->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
  ih->r_id = ntohl (im->id);
  ih->client = idp;
  ih->identity = im->identity;
@@ -1132,9 +1132,9 @@ static void
 cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh)
 {
  if (NULL != rh->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->attrs);
  if (NULL != rh->rvk_attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->rvk_attrs);
  if (NULL != rh->abe_key)
    GNUNET_ABE_cpabe_delete_master_key (rh->abe_key);
  if (NULL != rh->ns_qe)
@@ -1157,9 +1157,12 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
 {
  struct GNUNET_MQ_Envelope *env;
  struct RevokeTicketResultMessage *trm;
+  
+  GNUNET_break(TKT_database->delete_ticket (TKT_database->cls,
+                                            &rh->ticket));
  env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT);
  trm->id = htonl (rh->r_id);
  trm->success = htonl (success);
  GNUNET_MQ_send (rh->client->mq,
@@ -1179,8 +1182,8 @@ send_revocation_finished (struct TicketRevocationHandle *rh,
 */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
 static void
 revocation_reissue_tickets (struct TicketRevocationHandle *rh);
@@ -1206,9 +1209,6 @@ reissue_ticket_cont (void *cls,
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
                "Unknown Error\n");
    send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
    cleanup_revoke_ticket_handle (rh);
    return;
  }
@@ -1226,12 +1226,12 @@ reissue_ticket_cont (void *cls,
 */
 static void
 ticket_reissue_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
  struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le_rollover;
  struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
  struct GNUNET_GNSRECORD_Data code_record[1];
  struct GNUNET_ABE_AbeKey *rp_key;
@@ -1258,9 +1258,18 @@ ticket_reissue_proc (void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Do not reissue for this identity.!\n");
+    label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd,
-    rh->offset++;
+                                                 sizeof (uint64_t));
-    GNUNET_SCHEDULER_add_now (&reissue_next, rh);
+    //Delete record
+    rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+                                                &rh->identity,
+                                                label,
+                                                0,
+                                                NULL,
+                                                &reissue_ticket_cont,
+                                                rh);
+    GNUNET_free (label);
    return;
  }
@@ -1374,9 +1383,6 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
  if (GNUNET_NO == ret)
  {
    send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
    cleanup_revoke_ticket_handle (rh);
    return;
  }
@@ -1391,10 +1397,8 @@ check_attr_error (void *cls)
  struct TicketRevocationHandle *rh = cls;
  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
              "Unable to check for existing attribute\n");
+  rh->ns_qe = NULL;
  send_revocation_finished (rh, GNUNET_SYSERR);
-  GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
  cleanup_revoke_ticket_handle (rh);
 }
@@ -1426,15 +1430,16 @@ check_attr_cb (void *cls,
  char* policy;
  uint32_t attr_ver;
+  rh->ns_qe = NULL;
  if (1 != rd_count) {
    GNUNET_SCHEDULER_add_now (&reenc_next_attribute,
                              rh);
    return;
  }
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
  buf = GNUNET_malloc (buf_size);
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
                                       buf);
  rh->attrs->list_head->claim->version++;
  GNUNET_asprintf (&policy, "%s_%lu",
@@ -1458,9 +1463,6 @@ check_attr_cb (void *cls,
                policy);
    GNUNET_free (policy);
    send_revocation_finished (rh, GNUNET_SYSERR);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
    cleanup_revoke_ticket_handle (rh);
    return;
  }
@@ -1525,8 +1527,9 @@ attr_reenc_cont (void *cls,
                 const char *emsg)
 {
  struct TicketRevocationHandle *rh = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  rh->ns_qe = NULL;
  if (GNUNET_SYSERR == success)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -1558,12 +1561,12 @@ attr_reenc_cont (void *cls,
 static void
 process_attributes_to_update (void *cls,
-                              const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                              const struct GNUNET_RECLAIM_Ticket *ticket,
-                              const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                              const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
  struct TicketRevocationHandle *rh = cls;
-  rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs);
+  rh->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_dup (attrs);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Revocation Phase I: Collecting attributes\n");
  /* Reencrypt all attributes with new key */
@@ -1571,9 +1574,6 @@ process_attributes_to_update (void *cls,
  {
    /* No attributes to reencrypt */
    send_revocation_finished (rh, GNUNET_OK);
-    GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
-                                 rh->client->revoke_op_tail,
-                                 rh);
    cleanup_revoke_ticket_handle (rh);
    return;
  } else {
@@ -1621,11 +1621,11 @@ handle_revoke_ticket_message (void *cls,
 {
  struct TicketRevocationHandle *rh;
  struct IdpClient *idp = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
  rh = GNUNET_new (struct TicketRevocationHandle);
-  ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
+  ticket = (struct GNUNET_RECLAIM_Ticket*)&rm[1];
-  rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  rh->rvk_attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
  rh->ticket = *ticket;
  rh->r_id = ntohl (rm->id);
  rh->client = idp;
@@ -1667,7 +1667,7 @@ cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
    GNUNET_ABE_cpabe_delete_key (handle->key,
                                 GNUNET_YES);
  if (NULL != handle->attrs)
-    GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
+    GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
  GNUNET_free (handle);
 }
@@ -1698,7 +1698,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  struct ConsumeTicketHandle *handle = parallel_lookup->handle;
  struct ConsumeTicketResultMessage *crm;
  struct GNUNET_MQ_Envelope *env;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le;
  struct GNUNET_TIME_Absolute decrypt_duration;
  char *data;
  char *data_tmp;
@@ -1741,8 +1741,8 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
                                1,
                                GNUNET_YES);
-      attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+      attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-      attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data,
+      attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (data,
                                                              attr_len);
      attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
      GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
@@ -1766,15 +1766,15 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
  }
  GNUNET_SCHEDULER_cancel (handle->kill_task);
-  attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs);
+  attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (handle->attrs);
  env = GNUNET_MQ_msg_extra (crm,
                             attrs_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT);
  crm->id = htonl (handle->r_id);
  crm->attrs_len = htons (attrs_len);
  crm->identity = handle->ticket.identity;
  data_tmp = (char *) &crm[1];
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (handle->attrs,
                                            data_tmp);
  GNUNET_MQ_send (handle->client->mq, env);
  GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
@@ -1805,7 +1805,7 @@ abort_parallel_lookups2 (void *cls)
    lu = tmp;
  }
  env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
  arm->id = htonl (handle->r_id);
  arm->attr_len = htons (0);
  GNUNET_MQ_send (handle->client->mq, env);
@@ -1918,10 +1918,10 @@ handle_consume_ticket_message (void *cls,
  ch->r_id = ntohl (cm->id);
  ch->client = idp;
  ch->identity = cm->identity;
-  ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+  ch->attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
  GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
                                      &ch->identity_pub);
-  ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
+  ch->ticket = *((struct GNUNET_RECLAIM_Ticket*)&cm[1]);
  rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
                                                   sizeof (uint64_t));
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -1967,7 +1967,7 @@ attr_store_cont (void *cls,
  struct AttributeStoreHandle *as_handle = cls;
  struct GNUNET_MQ_Envelope *env;
  struct AttributeStoreResultMessage *acr_msg;
-  
  as_handle->ns_qe = NULL;
  GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
                               as_handle->client->store_op_tail,
@@ -1986,7 +1986,7 @@ attr_store_cont (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Sending ATTRIBUTE_STORE_RESPONSE message\n");
  env = GNUNET_MQ_msg (acr_msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE);
  acr_msg->id = htonl (as_handle->r_id);
  acr_msg->op_result = htonl (GNUNET_OK);
  GNUNET_MQ_send (as_handle->client->mq,
@@ -2009,10 +2009,10 @@ attr_store_task (void *cls)
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Storing attribute\n");
-  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim);
+  buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (as_handle->claim);
  buf = GNUNET_malloc (buf_size);
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (as_handle->claim,
                                       buf);
  GNUNET_asprintf (&policy,
@@ -2111,7 +2111,7 @@ handle_attribute_store_message (void *cls,
  data_len = ntohs (sam->attr_len);
  as_handle = GNUNET_new (struct AttributeStoreHandle);
-  as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1],
+  as_handle->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&sam[1],
                                                            data_len);
  as_handle->r_id = ntohl (sam->id);
@@ -2158,7 +2158,7 @@ attr_iter_finished (void *cls)
  struct AttributeResultMessage *arm;
  env = GNUNET_MQ_msg (arm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
  arm->id = htonl (ai->request_id);
  arm->attr_len = htons (0);
  GNUNET_MQ_send (ai->client->mq, env);
@@ -2189,14 +2189,14 @@ attr_iter_cb (void *cls,
  if (rd_count != 1)
  {
    GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
    return;
  }
  if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type)
  {
    GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
    return;
  }
  attr_ver = ntohl(*((uint32_t*)rd->data));
@@ -2213,7 +2213,7 @@ attr_iter_cb (void *cls,
  if (GNUNET_SYSERR == msg_extra_len)
  {
    GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                         1);
+                                         1);
    return;
  }
@@ -2224,7 +2224,7 @@ attr_iter_cb (void *cls,
              "Found attribute: %s\n", label);
  env = GNUNET_MQ_msg_extra (arm,
                             msg_extra_len,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
  arm->id = htonl (ai->request_id);
  arm->attr_len = htons (msg_extra_len);
  GNUNET_CRYPTO_ecdsa_key_get_public (zone,
@@ -2264,7 +2264,7 @@ iterate_next_after_abe_bootstrap (void *cls,
  struct AttributeIterator *ai = cls;
  ai->abe_key = abe_key;
  GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
-                                       1);
+                                       1);
 }
@@ -2406,8 +2406,8 @@ cleanup_ticket_iter_handle (struct TicketIteration *ti)
 */
 static void
 ticket_iterate_proc (void *cls,
-                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                     const struct GNUNET_RECLAIM_Ticket *ticket,
-                     const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                     const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
  struct TicketIterationProcResult *proc = cls;
@@ -2467,7 +2467,7 @@ run_ticket_iteration_round (struct TicketIteration *ti)
  }
  /* send empty response to indicate end of list */
  env = GNUNET_MQ_msg (trm,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
  trm->id = htonl (ti->r_id);
  GNUNET_MQ_send (ti->client->mq,
                  env);
@@ -2572,7 +2572,7 @@ run (void *cls,
  char *database;
  cfg = c;
-  stats = GNUNET_STATISTICS_create ("identity-provider", cfg);
+  stats = GNUNET_STATISTICS_create ("reclaim", cfg);
  //Connect to identity and namestore services
  ns_handle = GNUNET_NAMESTORE_connect (cfg);
@@ -2597,13 +2597,13 @@ run (void *cls,
  /* Loading DB plugin */
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_string (cfg,
-                                             "identity-provider",
+                                             "reclaim",
                                             "database",
                                             &database))
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "No database backend configured\n");
  GNUNET_asprintf (&db_lib_name,
-                   "libgnunet_plugin_identity_provider_%s",
+                   "libgnunet_plugin_reclaim_%s",
                   database);
  TKT_database = GNUNET_PLUGIN_load (db_lib_name,
                                     (void *) cfg);
@@ -2619,7 +2619,7 @@ run (void *cls,
  if (GNUNET_OK ==
      GNUNET_CONFIGURATION_get_value_time (cfg,
-                                           "identity-provider",
+                                           "reclaim",
                                           "TOKEN_EXPIRATION_INTERVAL",
                                           &token_expiration_interval))
  {
@@ -2736,51 +2736,51 @@ client_connect_cb (void *cls,
 * Define "main" method using service macro.
 */
 GNUNET_SERVICE_MAIN
-("identity-provider",
+("reclaim",
 GNUNET_SERVICE_OPTION_NONE,
 &run,
 &client_connect_cb,
 &client_disconnect_cb,
 NULL,
 GNUNET_MQ_hd_var_size (attribute_store_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE,
                        struct AttributeStoreMessage,
                        NULL),
 GNUNET_MQ_hd_fixed_size (iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START,
                          struct AttributeIterationStartMessage,
                          NULL),
 GNUNET_MQ_hd_fixed_size (iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT,
                          struct AttributeIterationNextMessage,
                          NULL),
 GNUNET_MQ_hd_fixed_size (iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP,
                          struct AttributeIterationStopMessage,
                          NULL),
 GNUNET_MQ_hd_var_size (issue_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET,
                        struct IssueTicketMessage,
                        NULL),
 GNUNET_MQ_hd_var_size (consume_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET,
                        struct ConsumeTicketMessage,
                        NULL),
 GNUNET_MQ_hd_fixed_size (ticket_iteration_start, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START,
                          struct TicketIterationStartMessage,
                          NULL),
 GNUNET_MQ_hd_fixed_size (ticket_iteration_next, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT,
                          struct TicketIterationNextMessage,
                          NULL),
 GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, 
-                          GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP,
+                          GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP,
                          struct TicketIterationStopMessage,
                          NULL),
 GNUNET_MQ_hd_var_size (revoke_ticket_message,
-                        GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET,
+                        GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET,
                        struct RevokeTicketMessage,
                        NULL),
 GNUNET_MQ_handler_end());
-/* end of gnunet-service-identity-provider.c */
+/* end of gnunet-service-reclaim.c */
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/src/reclaim/jwt.c
@@ -0,0 +1 @@
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c
new file mode 100644
index 000000000..1e9e64fec
--- /dev/null
+++ b/src/reclaim/oidc_helper.c
@@ -0,0 +1,440 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @file reclaim/oidc_helper.c
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "oidc_helper.h"
+static char*
+create_jwt_header(void)
+{
+  json_t *root;
+  char *json_str;
+  root = json_object ();
+  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
+  json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root);
+  return json_str;
+}
+static void
+replace_char(char* str, char find, char replace){
+  char *current_pos = strchr(str,find);
+  while (current_pos){
+    *current_pos = replace;
+    current_pos = strchr(current_pos,find);
+  }
+}
+//RFC4648
+static void
+fix_base64(char* str) {
+  char *padding;
+  //First, remove trailing padding '='
+  padding = strtok(str, "=");
+  while (NULL != padding)
+    padding = strtok(NULL, "=");
+  //Replace + with -
+  replace_char (str, '+', '-');
+  //Replace / with _
+  replace_char (str, '/', '_');
+}
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key)
+{
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_HashCode signature;
+  struct GNUNET_TIME_Absolute exp_time;
+  struct GNUNET_TIME_Absolute time_now;
+  char* audience;
+  char* subject;
+  char* header;
+  char* body_str;
+  char* result;
+  char* header_base64;
+  char* body_base64;
+  char* signature_target;
+  char* signature_base64;
+  char* attr_val_str;
+  json_t* body;
+  //iat REQUIRED time now
+  time_now = GNUNET_TIME_absolute_get();
+  //exp REQUIRED time expired from config
+  exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
+  //auth_time only if max_age
+  //nonce only if nonce
+  // OPTIONAL acr,amr,azp
+  subject = GNUNET_STRINGS_data_to_string_alloc (sub_key,
+                                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  header = create_jwt_header ();
+  body = json_object ();
+  //iss REQUIRED case sensitive server uri with https
+  //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid)
+  json_object_set_new (body,
+                       "iss", json_string (SERVER_ADDRESS));
+  //sub REQUIRED public key identity, not exceed 255 ASCII  length
+  json_object_set_new (body,
+                       "sub", json_string (subject));
+  //aud REQUIRED public key client_id must be there
+  json_object_set_new (body,
+                       "aud", json_string (audience));
+  //iat
+  json_object_set_new (body,
+                       "iat", json_integer (time_now.abs_value_us / (1000*1000)));
+  //exp
+  json_object_set_new (body,
+                       "exp", json_integer (exp_time.abs_value_us / (1000*1000)));
+  //nbf
+  json_object_set_new (body,
+                       "nbf", json_integer (time_now.abs_value_us / (1000*1000)));
+  //nonce
+  if (NULL != nonce)
+    json_object_set_new (body,
+                         "nonce", json_string (nonce));
+  for (le = attrs->list_head; NULL != le; le = le->next)
+  {
+    attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
+                                                             le->claim->data,
+                                                             le->claim->data_size);
+    json_object_set_new (body,
+                         le->claim->name,
+                         json_string (attr_val_str));
+    GNUNET_free (attr_val_str);
+  }
+  body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (body);
+  GNUNET_STRINGS_base64_encode (header,
+                                strlen (header),
+                                &header_base64);
+  fix_base64(header_base64);
+  GNUNET_STRINGS_base64_encode (body_str,
+                                strlen (body_str),
+                                &body_base64);
+  fix_base64(body_base64);
+  GNUNET_free (subject);
+  GNUNET_free (audience);
+  /**
+   * Creating the JWT signature. This might not be
+   * standards compliant, check.
+   */
+  GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+  GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature);
+  GNUNET_STRINGS_base64_encode ((const char*)&signature,
+                                sizeof (struct GNUNET_HashCode),
+                                &signature_base64);
+  fix_base64(signature_base64);
+  GNUNET_asprintf (&result, "%s.%s.%s",
+                   header_base64, body_base64, signature_base64);
+  GNUNET_free (signature_target);
+  GNUNET_free (header);
+  GNUNET_free (body_str);
+  GNUNET_free (signature_base64);
+  GNUNET_free (body_base64);
+  GNUNET_free (header_base64);
+  return result;
+}
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce)
+{
+  char *ticket_str;
+  json_t *code_json;
+  char *signature_payload;
+  char *signature_str;
+  char *authz_code;
+  size_t signature_payload_len;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce)
+    signature_payload_len += strlen (nonce);
+  signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload;
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  memcpy (&purpose[1],
+          ticket,
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (NULL != nonce)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce,
+            strlen (nonce));
+  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer,
+                                                 purpose,
+                                                 &signature))
+  {
+    GNUNET_free (signature_payload);
+    return NULL;
+  }
+  signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature,
+                                                       sizeof (signature));
+  ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
+  code_json = json_object ();
+  json_object_set_new (code_json,
+                       "ticket",
+                       json_string (ticket_str));
+  if (NULL != nonce)
+    json_object_set_new (code_json,
+                         "nonce",
+                         json_string (nonce));
+  json_object_set_new (code_json,
+                       "signature",
+                       json_string (signature_str));
+  authz_code = json_dumps (code_json,
+                           JSON_INDENT(0) | JSON_COMPACT);
+  GNUNET_free (signature_payload);
+  GNUNET_free (signature_str);
+  GNUNET_free (ticket_str);
+  json_decref (code_json);
+  return authz_code;
+}
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce)
+{
+  json_error_t error;
+  json_t *code_json;
+  json_t *ticket_json;
+  json_t *nonce_json;
+  json_t *signature_json;
+  const char *ticket_str;
+  const char *signature_str;
+  const char *nonce_str;
+  char *code_output;
+  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+  struct GNUNET_CRYPTO_EcdsaSignature signature;
+  size_t signature_payload_len;
+  code_output = NULL; 
+  GNUNET_STRINGS_base64_decode (code,
+                                strlen(code),
+                                (void**)&code_output);
+  code_json = json_loads (code_output, 0 , &error);
+  GNUNET_free (code_output);
+  ticket_json = json_object_get (code_json, "ticket");
+  nonce_json = json_object_get (code_json, "nonce");
+  signature_json = json_object_get (code_json, "signature");
+  *ticket = NULL;
+  *nonce = NULL;
+  if ((NULL == ticket_json || !json_is_string (ticket_json)) ||
+      (NULL == signature_json || !json_is_string (signature_json)))
+  {
+    json_decref (code_json);
+    return GNUNET_SYSERR;
+  }
+  ticket_str = json_string_value (ticket_json);
+  signature_str = json_string_value (signature_json);
+  nonce_str = NULL;
+  if (NULL != nonce_json)
+    nonce_str = json_string_value (nonce_json);
+  signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+  if (NULL != nonce_str)
+    signature_payload_len += strlen (nonce_str);
+  purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+                           signature_payload_len);
+  purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+  purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str,
+                                                  strlen (ticket_str),
+                                                  &purpose[1],
+                                                  sizeof (struct GNUNET_RECLAIM_Ticket)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse ticket!\n");
+    return GNUNET_SYSERR;
+  }
+  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str,
+                                                  strlen (signature_str),
+                                                  &signature,
+                                                  sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
+  {
+    GNUNET_free (purpose);
+    json_decref (code_json);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Cannot parse signature!\n");
+    return GNUNET_SYSERR;
+  }
+  *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
+  memcpy (*ticket,
+          &purpose[1],
+          sizeof (struct GNUNET_RECLAIM_Ticket));
+  if (0 != memcmp (audience,
+                   &(*ticket)->audience,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Audience in ticket does not match client!\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL != nonce_str)
+    memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+            nonce_str,
+            strlen (nonce_str));
+  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+                                               purpose,
+                                               &signature,
+                                               &(*ticket)->identity))
+  {
+    GNUNET_free (purpose);
+    GNUNET_free (*ticket);
+    json_decref (code_json);
+    *ticket = NULL;
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Signature of authZ code invalid!\n");
+    return GNUNET_SYSERR;
+  }
+  *nonce = GNUNET_strdup (nonce_str);
+  return GNUNET_OK;
+}
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response)
+{
+  json_t *root_json;
+  root_json = json_object ();
+  GNUNET_assert (NULL != access_token);
+  GNUNET_assert (NULL != id_token);
+  GNUNET_assert (NULL != expiration_time);
+  json_object_set_new (root_json,
+                       "access_token",
+                       json_string (access_token));
+  json_object_set_new (root_json,
+                       "token_type",
+                       json_string ("Bearer"));
+  json_object_set_new (root_json,
+                       "expires_in",
+                       json_integer (expiration_time->rel_value_us / (1000 * 1000)));
+  json_object_set_new (root_json,
+                       "id_token",
+                       json_string (id_token));
+  *token_response = json_dumps (root_json,
+                                JSON_INDENT(0) | JSON_COMPACT);
+  json_decref (root_json);
+}
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ()
+{
+  char* access_token_number;
+  char* access_token;
+  uint64_t random_number;
+  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+  GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number);
+  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
+  return access_token;
+}
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h
new file mode 100644
index 000000000..7a0f45bf9
--- /dev/null
+++ b/src/reclaim/oidc_helper.h
@@ -0,0 +1,109 @@
+/*
+      This file is part of GNUnet
+      Copyright (C) 2010-2015 GNUnet e.V.
+      GNUnet is free software: you can redistribute it and/or modify it
+      under the terms of the GNU Affero General Public License as published
+      by the Free Software Foundation, either version 3 of the License,
+      or (at your option) any later version.
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      Affero General Public License for more details.
+     
+      You should have received a copy of the GNU Affero General Public License
+      along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @file reclaim/oidc_helper.h
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+#ifndef JWT_H
+#define JWT_H
+#define JWT_ALG "alg"
+/* Use 512bit HMAC */
+#define JWT_ALG_VALUE "HS512"
+#define JWT_TYP "typ"
+#define JWT_TYP_VALUE "jwt"
+#define SERVER_ADDRESS "https://reclaim.id"
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+                   const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+                   const struct GNUNET_TIME_Relative *expiration_time,
+                   const char *nonce,
+                   const char *secret_key);
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+                       const struct GNUNET_RECLAIM_Ticket *ticket,
+                       const char* nonce);
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+                       const char* code,
+                       struct GNUNET_RECLAIM_Ticket **ticket,
+                       char **nonce);
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+                           const char *id_token,
+                           const struct GNUNET_TIME_Relative *expiration_time,
+                           char **token_response);
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ();
+#endif
diff --git a/src/identity-provider/plugin_gnsrecord_identity_provider.c b/src/reclaim/plugin_gnsrecord_reclaim.c
index f0dc563dc..781b88abc 100644
--- a/src/identity-provider/plugin_gnsrecord_identity_provider.c
+++ b/src/reclaim/plugin_gnsrecord_reclaim.c
@@ -17,7 +17,7 @@
 */
 /**
- * @file identity-provider/plugin_gnsrecord_identity_provider.c
+ * @file reclaim/plugin_gnsrecord_reclaim.c
 * @brief gnsrecord plugin to provide the API for identity records
 * @author Martin Schanzenbach
 */
@@ -54,6 +54,8 @@ value_to_string (void *cls,
    case GNUNET_GNSRECORD_TYPE_ID_ATTR:
      return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
    case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
      return GNUNET_strndup (data, data_size);
    case GNUNET_GNSRECORD_TYPE_ABE_KEY:
    case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
@@ -113,6 +115,8 @@ string_to_value (void *cls,
                                            *data,
                                            *data_size);
    case GNUNET_GNSRECORD_TYPE_ID_TOKEN:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+    case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
      *data = GNUNET_strdup (s);
      *data_size = strlen (s);
      return GNUNET_OK;
@@ -181,6 +185,8 @@ static struct {
  { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
  { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
  { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
+  { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT },
+  { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT },
  { NULL, UINT32_MAX }
 };
@@ -234,7 +240,7 @@ number_to_typename (void *cls,
 * @return the exported block API
 */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_init (void *cls)
 {
  struct GNUNET_GNSRECORD_PluginFunctions *api;
@@ -254,7 +260,7 @@ libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
 * @return NULL
 */
 void *
-libgnunet_plugin_gnsrecord_identity_provider_done (void *cls)
+libgnunet_plugin_gnsrecord_reclaim_done (void *cls)
 {
  struct GNUNET_GNSRECORD_PluginFunctions *api = cls;
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/reclaim/plugin_reclaim_sqlite.c
index f2a8b7b54..b545a94e8 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/reclaim/plugin_reclaim_sqlite.c
@@ -17,15 +17,15 @@
  */
 /**
- * @file identity-provider/plugin_identity_provider_sqlite.c
+ * @file reclaim/plugin_reclaim_sqlite.c
 * @brief sqlite-based idp backend
 * @author Martin Schanzenbach
 */
 #include "platform.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
-#include "gnunet_identity_provider_plugin.h"
+#include "gnunet_reclaim_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
 #include "gnunet_sq_lib.h"
 #include <sqlite3.h>
@@ -47,9 +47,9 @@
 * a failure of the command 'cmd' on file 'filename'
 * with the message given by strerror(errno).
 */
-#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
+#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "reclaim", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-sqlite", __VA_ARGS__)
 /**
@@ -180,12 +180,12 @@ database_setup (struct Plugin *plugin)
  if (GNUNET_OK !=
      GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
-                                               "identity-provider-sqlite",
+                                               "reclaim-sqlite",
                                               "FILENAME",
                                               &afsdir))
  {
    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-                               "identity-provider-sqlite",
+                               "reclaim-sqlite",
                               "FILENAME");
    return GNUNET_SYSERR;
  }
@@ -370,9 +370,9 @@ database_shutdown (struct Plugin *plugin)
 * @return #GNUNET_OK on success, else #GNUNET_SYSERR
 */
 static int
-identity_provider_sqlite_store_ticket (void *cls,
+reclaim_sqlite_store_ticket (void *cls,
-                                       const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                       const struct GNUNET_RECLAIM_Ticket *ticket,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
 {
  struct Plugin *plugin = cls;
  size_t attrs_len;
@@ -401,9 +401,9 @@ identity_provider_sqlite_store_ticket (void *cls,
    GNUNET_SQ_reset (plugin->dbh,
                     plugin->delete_ticket);
    
-    attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+    attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
    attrs_ser = GNUNET_malloc (attrs_len);
-    GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+    GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                              attrs_ser);
    struct GNUNET_SQ_QueryParam sparams[] = {
      GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
@@ -458,8 +458,8 @@ identity_provider_sqlite_store_ticket (void *cls,
 * @return #GNUNET_OK on success, else #GNUNET_SYSERR
 */
 static int
-identity_provider_sqlite_delete_ticket (void *cls,
+reclaim_sqlite_delete_ticket (void *cls,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                                        const struct GNUNET_RECLAIM_Ticket *ticket)
 {
  struct Plugin *plugin = cls;
  int n;
@@ -521,11 +521,11 @@ identity_provider_sqlite_delete_ticket (void *cls,
 static int
 get_ticket_and_call_iterator (struct Plugin *plugin,
                              sqlite3_stmt *stmt,
-                              GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                              GNUNET_RECLAIM_TicketIterator iter,
                              void *iter_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
  int ret;
  int sret;
  size_t attrs_len;
@@ -552,13 +552,13 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
    }
    else
    {
-      attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser,
+      attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
                                          attrs_len);
      if (NULL != iter)
        iter (iter_cls,
              &ticket,
              attrs);
-      GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+      GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
      ret = GNUNET_YES;
    }
    GNUNET_SQ_cleanup_result (rs);
@@ -586,9 +586,9 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
 * @return #GNUNET_OK on success, else #GNUNET_SYSERR
 */
 static int
-identity_provider_sqlite_ticket_get_attrs (void *cls,
+reclaim_sqlite_ticket_get_attrs (void *cls,
-                                           const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                           const struct GNUNET_RECLAIM_Ticket *ticket,
-                                           GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                           GNUNET_RECLAIM_TicketIterator iter,
                                           void *iter_cls)
 {
  struct Plugin *plugin = cls;
@@ -628,11 +628,11 @@ identity_provider_sqlite_ticket_get_attrs (void *cls,
 * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
 */
 static int
-identity_provider_sqlite_iterate_tickets (void *cls,
+reclaim_sqlite_iterate_tickets (void *cls,
                                          const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                          int audience,
                                          uint64_t offset,
-                                          GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
+                                          GNUNET_RECLAIM_TicketIterator iter,
                                          void *iter_cls)
 {
  struct Plugin *plugin = cls;
@@ -680,15 +680,15 @@ identity_provider_sqlite_iterate_tickets (void *cls,
 /**
 * Entry point for the plugin.
 *
- * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*"
+ * @param cls the "struct GNUNET_RECLAIM_PluginEnvironment*"
 * @return NULL on error, otherwise the plugin context
 */
 void *
-libgnunet_plugin_identity_provider_sqlite_init (void *cls)
+libgnunet_plugin_reclaim_sqlite_init (void *cls)
 {
  static struct Plugin plugin;
  const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api;
+  struct GNUNET_RECLAIM_PluginFunctions *api;
  if (NULL != plugin.cfg)
    return NULL;                /* can only initialize once! */
@@ -699,12 +699,12 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
    database_shutdown (&plugin);
    return NULL;
  }
-  api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions);
+  api = GNUNET_new (struct GNUNET_RECLAIM_PluginFunctions);
  api->cls = &plugin;
-  api->store_ticket = &identity_provider_sqlite_store_ticket;
+  api->store_ticket = &reclaim_sqlite_store_ticket;
-  api->delete_ticket = &identity_provider_sqlite_delete_ticket;
+  api->delete_ticket = &reclaim_sqlite_delete_ticket;
-  api->iterate_tickets = &identity_provider_sqlite_iterate_tickets;
+  api->iterate_tickets = &reclaim_sqlite_iterate_tickets;
-  api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs;
+  api->get_ticket_attributes = &reclaim_sqlite_ticket_get_attrs;
  LOG (GNUNET_ERROR_TYPE_INFO,
       _("Sqlite database running\n"));
  return api;
@@ -718,9 +718,9 @@ libgnunet_plugin_identity_provider_sqlite_init (void *cls)
 * @return always NULL
 */
 void *
-libgnunet_plugin_identity_provider_sqlite_done (void *cls)
+libgnunet_plugin_reclaim_sqlite_done (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls;
+  struct GNUNET_RECLAIM_PluginFunctions *api = cls;
  struct Plugin *plugin = api->cls;
  database_shutdown (plugin);
@@ -731,4 +731,4 @@ libgnunet_plugin_identity_provider_sqlite_done (void *cls)
  return NULL;
 }
-/* end of plugin_identity_provider_sqlite.c */
+/* end of plugin_reclaim_sqlite.c */
diff --git a/src/identity-provider/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index d87a345cf..24673c692 100644
--- a/src/identity-provider/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -36,9 +36,9 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
-#include "jwt.h"
+#include "oidc_helper.h"
 /**
 * REST root namespace
@@ -68,7 +68,7 @@
 /**
 * Attribute key
 */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 /**
 * Ticket key
@@ -79,7 +79,7 @@
 /**
 * Value key
 */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 /**
 * State while collecting all egos
@@ -168,7 +168,6 @@ static char* OIDC_ignored_parameter_array [] =
 {
  "display",
  "prompt",
-  "max_age",
  "ui_locales", 
  "response_mode",
  "id_token_hint",
@@ -230,12 +229,6 @@ struct OIDC_Variables
  char *client_id;
  /**
-   * GNUNET_YES if there is a delegation to 
-   * this RP or if it is a local identity
-   */
-  int is_client_trusted;
-  /**
   * The OIDC redirect uri
   */
  char *redirect_uri;
@@ -347,6 +340,16 @@ struct RequestHandle
  struct GNUNET_REST_RequestHandle *rest_handle;
  /**
+   * GNS handle
+   */
+  struct GNUNET_GNS_Handle *gns_handle;
+  /**
+   * GNS lookup op
+   */
+  struct GNUNET_GNS_LookupRequest *gns_op;
+  /**
   * Handle to NAMESTORE
   */
  struct GNUNET_NAMESTORE_Handle *namestore_handle;
@@ -359,7 +362,7 @@ struct RequestHandle
  /**
   * Attribute claim list
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
  /**
   * IDENTITY Operation
@@ -369,27 +372,27 @@ struct RequestHandle
  /**
   * Identity Provider
   */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
  /**
   * Idp Operation
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
  /**
   * Attribute iterator
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
  /**
   * Ticket iterator
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
  /**
   * A ticket
   */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  /**
   * Desired timeout for the lookup (default is no timeout).
@@ -422,6 +425,16 @@ struct RequestHandle
  char *tld;
  /**
+   * The redirect prefix
+   */
+  char *redirect_prefix;
+  /**
+   * The redirect suffix
+   */
+  char *redirect_suffix;
+  /**
   * Error response message
   */
  char *emsg;
@@ -450,8 +463,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
  struct EgoEntry *ego_entry;
  struct EgoEntry *ego_tmp;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -463,19 +476,28 @@ cleanup_handle (struct RequestHandle *handle)
  if (NULL != handle->identity_handle)
    GNUNET_IDENTITY_disconnect (handle->identity_handle);
  if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
  if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
  if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
  if (NULL != handle->url)
    GNUNET_free (handle->url);
  if (NULL != handle->tld)
    GNUNET_free (handle->tld);
+  if (NULL != handle->redirect_prefix)
+    GNUNET_free (handle->redirect_prefix);
+  if (NULL != handle->redirect_suffix)
+    GNUNET_free (handle->redirect_suffix);
  if (NULL != handle->emsg)
    GNUNET_free (handle->emsg);
  if (NULL != handle->edesc)
    GNUNET_free (handle->edesc);
+  if (NULL != handle->gns_op)
+    GNUNET_GNS_lookup_cancel (handle->gns_op);
+  if (NULL != handle->gns_handle)
+    GNUNET_GNS_disconnect (handle->gns_handle);
  if (NULL != handle->namestore_handle)
    GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
  if (NULL != handle->oidc)
@@ -732,6 +754,8 @@ cookie_identity_interpretation (struct RequestHandle *handle)
      {
        handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY);
        handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity);
+      } else {
+        handle->oidc->login_identity = NULL;
      }
    }
    else
@@ -753,7 +777,7 @@ login_redirection(void *cls)
  struct RequestHandle *handle = cls;
  if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
                                                 "address", &login_base_url) )
  {
    GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
@@ -799,11 +823,12 @@ oidc_iteration_error (void *cls)
  GNUNET_SCHEDULER_add_now (&do_error, handle);
 }
-static void get_client_name_result (void *cls,
+static void
-                                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+get_client_name_result (void *cls,
-                                    const char *label,
+                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                                    unsigned int rd_count,
+                        const char *label,
-                                    const struct GNUNET_GNSRECORD_Data *rd)
+                        unsigned int rd_count,
+                        const struct GNUNET_GNSRECORD_Data *rd)
 {
  struct RequestHandle *handle = cls;
  struct MHD_Response *resp;
@@ -811,46 +836,33 @@ static void get_client_name_result (void *cls,
  char *redirect_uri;
  char *code_json_string;
  char *code_base64_final_string;
-  char *redirect_path;
-  char *tmp;
-  char *tmp_prefix;
-  char *prefix;
  ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
-                                                    sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                                                    sizeof (struct GNUNET_RECLAIM_Ticket));
  //TODO change if more attributes are needed (see max_age)
-  GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
+  code_json_string = OIDC_build_authz_code (&handle->priv_key,
-                   ticket_str,
+                                            &handle->ticket,
-                   (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
+                                            handle->oidc->nonce);
-                   (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
-                   (NULL != handle->oidc->nonce) ? "\"" : "");
  code_base64_final_string = base_64_encode(code_json_string);
-  tmp = GNUNET_strdup (handle->oidc->redirect_uri);
-  redirect_path = strtok (tmp, "/");
-  redirect_path = strtok (NULL, "/");
-  redirect_path = strtok (NULL, "/");
-  tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri);
-  prefix = strrchr (tmp_prefix,
-                    (unsigned char) '.');
-  *prefix = '\0';
  GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
-                   tmp_prefix,
+                   handle->redirect_prefix,
                   handle->tld,
-                   redirect_path,
+                   handle->redirect_suffix,
                   handle->oidc->response_type,
                   code_base64_final_string, handle->oidc->state);
  resp = GNUNET_REST_create_response ("");
  MHD_add_response_header (resp, "Location", redirect_uri);
  handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
  GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
-  GNUNET_free (tmp);
-  GNUNET_free (tmp_prefix);
  GNUNET_free (redirect_uri);
  GNUNET_free (ticket_str);
  GNUNET_free (code_json_string);
  GNUNET_free (code_base64_final_string);
  return;
 }
 static void
 get_client_name_error (void *cls)
 {
@@ -861,32 +873,93 @@ get_client_name_error (void *cls)
  GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
-/**
- * Issues ticket and redirects to relying party with the authorization code as
- * parameter. Otherwise redirects with error
- */
 static void
-oidc_ticket_issue_cb (void* cls,
+lookup_redirect_uri_result (void *cls,
-                      const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                            uint32_t rd_count,
+                            const struct GNUNET_GNSRECORD_Data *rd)
 {
  struct RequestHandle *handle = cls;
-  handle->idp_op = NULL;
+  char *tmp;
-  handle->ticket = *ticket;
+  char *tmp_key_str;
-  if (NULL != ticket) {
+  char *pos;
+  struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
+  handle->gns_op = NULL;
+  if (0 == rd_count)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  for (int i = 0; i < rd_count; i++)
+  {
+    if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+      continue;
+    if (0 != strcmp (rd[i].data,
+                     handle->oidc->redirect_uri))
+      continue;
+    tmp = GNUNET_strdup (rd[i].data);
+    pos = strrchr (tmp,
+                   (unsigned char) '.');
+    *pos = '\0';
+    handle->redirect_prefix = GNUNET_strdup (tmp);
+    tmp_key_str = pos + 1;
+    pos = strchr (tmp_key_str,
+                  (unsigned char) '/');
+    *pos = '\0';
+    handle->redirect_suffix = GNUNET_strdup (pos + 1);
+    GNUNET_STRINGS_string_to_data (tmp_key_str,
+                                   strlen (tmp_key_str),
+                                   &redirect_zone,
+                                   sizeof (redirect_zone));
    GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
                                   &handle->priv_key,
-                                   &handle->oidc->client_pkey,
+                                   &redirect_zone,
                                   &get_client_name_error,
                                   handle,
                                   &get_client_name_result,
                                   handle);
+    GNUNET_free (tmp);
    return;
  }
  handle->emsg = GNUNET_strdup("server_error");
-  handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+  handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
  GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
 }
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
+static void
+oidc_ticket_issue_cb (void* cls,
+                      const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+  struct RequestHandle *handle = cls;
+  handle->idp_op = NULL;
+  handle->ticket = *ticket;
+  if (NULL == ticket)
+  {
+    handle->emsg = GNUNET_strdup("server_error");
+    handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+    return;
+  }
+  handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle,
+                                      "+",
+                                      &handle->oidc->client_pkey,
+                                      GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
+                                      GNUNET_GNS_LO_DEFAULT,
+                                      &lookup_redirect_uri_result,
+                                      handle);
+}
 static void
 oidc_collect_finished_cb (void *cls)
 {
@@ -900,12 +973,12 @@ oidc_collect_finished_cb (void *cls)
    GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
    return;
  }
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp,
+  handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
-                                                          &handle->priv_key,
+                                                &handle->priv_key,
-                                                          &handle->oidc->client_pkey,
+                                                &handle->oidc->client_pkey,
-                                                          handle->attr_list,
+                                                handle->attr_list,
-                                                          &oidc_ticket_issue_cb,
+                                                &oidc_ticket_issue_cb,
-                                                          handle);
+                                                handle);
 }
@@ -915,17 +988,17 @@ oidc_collect_finished_cb (void *cls)
 static void
 oidc_attr_collect (void *cls,
                   const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                   const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                   const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  struct RequestHandle *handle = cls;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
  char* scope_variables;
  char* scope_variable;
  char delimiter[]=" ";
  if ( (NULL == attr->name) || (NULL == attr->data) )
  {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
    return;
  }
@@ -941,18 +1014,18 @@ oidc_attr_collect (void *cls,
  }
  if ( NULL == scope_variable )
  {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
    GNUNET_free(scope_variables);
    return;
  }
  GNUNET_free(scope_variables);
-  le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+  le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
-  le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type,
+  le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type,
-                                                   attr->data, attr->data_size);
+                                                  attr->data, attr->data_size);
  GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
                              handle->attr_list->list_tail, le);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
@@ -1005,88 +1078,33 @@ login_check (void *cls)
          handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
                                                                   handle->ego_entry->ego);
          handle->resp_object = GNUNET_JSONAPI_document_new ();
-          handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+          handle->idp = GNUNET_RECLAIM_connect (cfg);
          handle->attr_list = GNUNET_new(
-                                         struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+                                         struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
-          handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
+          handle->attr_it = GNUNET_RECLAIM_get_attributes_start (
-                                                                           handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
+                                                                 handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
-                                                                           &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
+                                                                 &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
          return;
        }
      }
-      handle->emsg = GNUNET_strdup("invalid_cookie");
+      //handle->emsg = GNUNET_strdup("invalid_cookie");
-      handle->edesc = GNUNET_strdup(
+      //handle->edesc = GNUNET_strdup(
-                                    "The cookie of the login identity is not valid");
+      //                              "The cookie of the login identity is not valid");
-      GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+      GNUNET_SCHEDULER_add_now (&login_redirection,handle);
      return;
    }
  }
 }
 /**
- * Searches for client_id in namestore. If found trust status stored in handle
- * Else continues to search
- *
- * @param handle the RequestHandle
- */
-static void
-namestore_iteration_callback (
-                              void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
-                              const char *rname, unsigned int rd_len,
-                              const struct GNUNET_GNSRECORD_Data *rd)
-{
-  struct RequestHandle *handle = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
-  struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
-  int i;
-  for (i = 0; i < rd_len; i++)
-  {
-    if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
-      continue;
-    if ( NULL != handle->oidc->login_identity )
-    {
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (
-                                                  handle->oidc->login_identity,
-                                                  strlen (handle->oidc->login_identity),
-                                                  &login_identity_pkey);
-      GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
-                                          &current_zone_pkey);
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        if ( 0 == memcmp (&login_identity_pkey, &current_zone_pkey,
-                          sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-        {
-          handle->oidc->is_client_trusted = GNUNET_YES;
-        }
-      }
-    }
-    else
-    {
-      if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
-                        sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
-      {
-        handle->oidc->is_client_trusted = GNUNET_YES;
-      }
-    }
-  }
-  GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it,
-                                       1);
-}
-/**
 * Iteration over all results finished, build final
 * response.
 *
 * @param cls the `struct RequestHandle`
 */
 static void
-namestore_iteration_finished (void *cls)
+build_authz_response (void *cls)
 {
  struct RequestHandle *handle = cls;
  struct GNUNET_HashCode cache_key;
@@ -1096,25 +1114,6 @@ namestore_iteration_finished (void *cls)
  int number_of_ignored_parameter, iterator;
-  handle->ego_entry = handle->ego_entry->next;
-  if(NULL != handle->ego_entry)
-  {
-    handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
-    handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key,
-                                                                         &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
-                                                                         &namestore_iteration_finished, handle);
-    return;
-  }
-  if (GNUNET_NO == handle->oidc->is_client_trusted)
-  {
-    handle->emsg = GNUNET_strdup("unauthorized_client");
-    handle->edesc = GNUNET_strdup("The client is not authorized to request an "
-                                  "authorization code using this method.");
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    return;
-  }
  // REQUIRED value: redirect_uri
  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                      &cache_key);
@@ -1244,8 +1243,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  struct GNUNET_HashCode cache_key;
  struct EgoEntry *tmp_ego;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
  cookie_identity_interpretation(handle);
@@ -1299,9 +1298,8 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  handle->ego_entry = handle->ego_head;
  handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
-  handle->oidc->is_client_trusted = GNUNET_NO;
+  //If we know this identity, translated the corresponding TLD
+  //TODO: We might want to have a reverse lookup functionality for TLDs?
-  //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config
  for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
  {
    priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
@@ -1311,17 +1309,10 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
                      sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
    {
      handle->tld = GNUNET_strdup (tmp_ego->identifier);
-      handle->oidc->is_client_trusted = GNUNET_YES;
      handle->ego_entry = handle->ego_tail;
    }
-  }
+  } 
+  GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
-  // Checks if client_id is valid:
-  handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
-                                                                       handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
-                                                                       handle, &namestore_iteration_callback, handle,
-                                                                       &namestore_iteration_finished, handle);
 }
 /**
@@ -1359,8 +1350,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
    current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
    *current_time = GNUNET_TIME_relative_to_absolute (
-                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
+                                                      GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                     30));
+                                                                                     5));
    last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
    if (NULL != last_time)
    {
@@ -1382,37 +1373,19 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
  return;
 }
-/**
+static int 
- * Responds to token url-encoded POST request
+check_authorization (struct RequestHandle *handle,
- *
+                     struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
-                const char* url,
-                void *cls)
 {
-  //TODO static strings
-  struct RequestHandle *handle = cls;
  struct GNUNET_HashCode cache_key;
-  char *authorization, *credentials;
+  char *authorization;
-  char delimiter[]=" ";
+  char *credentials;
-  char delimiter_user_psw[]=":";
+  char *basic_authorization;
-  char *grant_type, *code;
+  char *client_id;
-  char *user_psw = NULL, *client_id, *psw;
+  char *pass;
-  char *expected_psw;
+  char *expected_pass;
  int client_exists = GNUNET_NO;
-  struct MHD_Response *resp;
-  char* code_output;
-  json_t *root, *ticket_string, *nonce, *max_age;
-  json_error_t error;
-  char *json_response;
-  /*
-   * Check Authorization
-   */
  GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                      strlen (OIDC_AUTHORIZATION_HEADER_KEY),
                      &cache_key);
@@ -1422,80 +1395,75 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->edesc=GNUNET_strdup("missing authorization");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
-  authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
+  authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+                                                     &cache_key);
  //split header in "Basic" and [content]
-  credentials = strtok (authorization, delimiter);
+  credentials = strtok (authorization, " ");
-  if (0 != strcmp ("Basic",credentials))
+  if (0 != strcmp ("Basic", credentials))
  {
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
-  credentials = strtok(NULL, delimiter);
+  credentials = strtok(NULL, " ");
  if (NULL == credentials)
  {
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
-  GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw);
+  GNUNET_STRINGS_base64_decode (credentials,
+                                strlen (credentials),
+                                (void**)&basic_authorization);
-  if ( NULL == user_psw )
+  if ( NULL == basic_authorization )
  {
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
-  client_id = strtok (user_psw, delimiter_user_psw);
+  client_id = strtok (basic_authorization, ":");
  if ( NULL == client_id )
  {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
-  psw = strtok (NULL, delimiter_user_psw);
+  pass = strtok (NULL, ":");
-  if (NULL == psw)
+  if (NULL == pass)
  {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
  //check client password
  if ( GNUNET_OK
-       == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+       == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
-                                                 "psw", &expected_psw) )
+                                                 "psw", &expected_pass) )
  {
-    if (0 != strcmp (expected_psw, psw))
+    if (0 != strcmp (expected_pass, pass))
    {
-      GNUNET_free_non_null(user_psw);
+      GNUNET_free_non_null(basic_authorization);
-      GNUNET_free(expected_psw);
+      GNUNET_free(expected_pass);
      handle->emsg=GNUNET_strdup("invalid_client");
      handle->response_code = MHD_HTTP_UNAUTHORIZED;
-      GNUNET_SCHEDULER_add_now (&do_error, handle);
+      return GNUNET_SYSERR;
-      return;
    }
-    GNUNET_free(expected_psw);
+    GNUNET_free(expected_pass);
  }
  else
  {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
    handle->emsg = GNUNET_strdup("server_error");
    handle->edesc = GNUNET_strdup ("gnunet configuration failed");
    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return GNUNET_SYSERR;
-    return;
  }
  //check client_id
@@ -1510,9 +1478,107 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  }
  if (GNUNET_NO == client_exists)
  {
-    GNUNET_free_non_null(user_psw);
+    GNUNET_free_non_null(basic_authorization);
    handle->emsg=GNUNET_strdup("invalid_client");
    handle->response_code = MHD_HTTP_UNAUTHORIZED;
+    return GNUNET_SYSERR;
+  }
+  GNUNET_STRINGS_string_to_data (client_id,
+                                 strlen(client_id),
+                                 cid,
+                                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  GNUNET_free (basic_authorization);
+  return GNUNET_OK;
+}
+static int
+ego_exists (struct RequestHandle *handle,
+            struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+{
+  struct EgoEntry *ego_entry;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  {
+    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+    if (0 == memcmp (&pub_key,
+                     test_key,
+                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+    {
+      break;
+    }
+  }
+  if (NULL == ego_entry)
+    return GNUNET_NO;
+  return GNUNET_YES;
+}
+static void
+store_ticket_reference (const struct RequestHandle *handle,
+                        const char* access_token,
+                        const struct GNUNET_RECLAIM_Ticket *ticket,
+                        const struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+{
+  struct GNUNET_HashCode cache_key;
+  char *id_ticket_combination;
+  char *ticket_string;
+  char *client_id;
+  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
+  client_id = GNUNET_STRINGS_data_to_string_alloc (cid,
+                                                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                       sizeof (struct GNUNET_RECLAIM_Ticket));
+  GNUNET_asprintf(&id_ticket_combination,
+                  "%s;%s",
+                  client_id,
+                  ticket_string);
+  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
+                                    &cache_key,
+                                    id_ticket_combination,
+                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+  GNUNET_free (client_id);
+  GNUNET_free (ticket_string);
+}
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+                const char* url,
+                void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct GNUNET_TIME_Relative expiration_time;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl; 
+  struct GNUNET_RECLAIM_Ticket *ticket;
+  struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+  struct GNUNET_HashCode cache_key;
+  struct MHD_Response *resp;
+  char *grant_type;
+  char *code;
+  char *json_response;
+  char *id_token;
+  char *access_token;
+  char *jwt_secret;
+  char *nonce;
+  int i = 1;
+  /*
+   * Check Authorization
+   */
+  if (GNUNET_SYSERR == check_authorization (handle,
+                                            &cid))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "OIDC authorization for token endpoint failed\n");
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
@@ -1524,27 +1590,25 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  //TODO Do not allow multiple equal parameter names
  //REQUIRED grant_type
  GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
-  if ( GNUNET_NO
+  if (GNUNET_NO ==
-       == GNUNET_CONTAINER_multihashmap_contains (
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+                                              &cache_key))
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
    handle->edesc = GNUNET_strdup("missing parameter grant_type");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
-  grant_type = GNUNET_CONTAINER_multihashmap_get (
+  grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
-                                                  handle->rest_handle->url_param_map, &cache_key);
+                                                  &cache_key);
  //REQUIRED code
  GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
-  if ( GNUNET_NO
+  if (GNUNET_NO ==
-       == GNUNET_CONTAINER_multihashmap_contains (
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+                                              &cache_key))
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
    handle->edesc = GNUNET_strdup("missing parameter code");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1557,11 +1621,10 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  //REQUIRED redirect_uri
  GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
                      &cache_key);
-  if ( GNUNET_NO
+  if (GNUNET_NO ==
-       == GNUNET_CONTAINER_multihashmap_contains (
+      GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
-                                                  handle->rest_handle->url_param_map, &cache_key) )
+                                              &cache_key) )
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
    handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1572,21 +1635,18 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  //Check parameter grant_type == "authorization_code"
  if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg=GNUNET_strdup("unsupported_grant_type");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
  GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
-  int i = 1;
+  if (GNUNET_SYSERR ==
-  if ( GNUNET_SYSERR
+      GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
-       == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+                                         &cache_key,
-                                             &cache_key,
+                                         &i,
-                                             &i,
+                                         GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
-                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
    handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1595,16 +1655,11 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  }
  //decode code
-  GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output);
+  if(GNUNET_OK != OIDC_parse_authz_code (&cid,
-  root = json_loads (code_output, 0, &error);
+                                         code,
-  GNUNET_free(code_output);
+                                         &ticket,
-  ticket_string = json_object_get (root, "ticket");
+                                         &nonce))
-  nonce = json_object_get (root, "nonce");
-  max_age = json_object_get (root, "max_age");
-  if(ticket_string == NULL && !json_is_string(ticket_string))
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
    handle->edesc = GNUNET_strdup("invalid code");
    handle->response_code = MHD_HTTP_BAD_REQUEST;
@@ -1612,42 +1667,13 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
-  if ( GNUNET_OK
-       != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
-                                         strlen (json_string_value(ticket_string)),
-                                         ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
-  // this is the current client (relying party)
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
-  GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
-  if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
-  {
-    GNUNET_free_non_null(user_psw);
-    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
-    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    GNUNET_free(ticket);
-    return;
-  }
  //create jwt
-  unsigned long long int expiration_time;
+  if (GNUNET_OK !=
-  if ( GNUNET_OK
+      GNUNET_CONFIGURATION_get_value_time(cfg,
-       != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
+                                          "reclaim-rest-plugin",
-                                                "expiration_time", &expiration_time) )
+                                          "expiration_time",
+                                          &expiration_time))
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("server_error");
    handle->edesc = GNUNET_strdup ("gnunet configuration failed");
    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1656,118 +1682,56 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-  //aud REQUIRED public key client_id must be there
-  GNUNET_IDENTITY_ATTRIBUTE_list_add(cl,
-                                     "aud",
-                                     GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                     client_id,
-                                     strlen(client_id));
-  //exp REQUIRED time expired from config
-  struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
-                                                                           GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
-                                                                                                          expiration_time));
-  const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "exp",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      exp_time_string,
-                                      strlen(exp_time_string));
-  //iat REQUIRED time now
-  struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
-  const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
-  GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                      "iat",
-                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                      time_now_string,
-                                      strlen(time_now_string));
-  //nonce only if nonce is provided
-  if ( NULL != nonce && json_is_string(nonce) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "nonce",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(nonce),
-                                        strlen(json_string_value(nonce)));
-  }
-  //auth_time only if max_age is provided
-  if ( NULL != max_age && json_is_string(max_age) )
-  {
-    GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
-                                        "auth_time",
-                                        GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
-                                        json_string_value(max_age),
-                                        strlen(json_string_value(max_age)));
-  }
-  //TODO OPTIONAL acr,amr,azp
-  struct EgoEntry *ego_entry;
+  //TODO OPTIONAL acr,amr,azp
-  for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+  if (GNUNET_NO == ego_exists (handle,
+                               &ticket->audience))
  {
-    GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+    handle->emsg = GNUNET_strdup("invalid_request");
-    if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+    handle->edesc = GNUNET_strdup("invalid code...");
-    {
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
-      break;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
-    }
+    GNUNET_free(ticket);
  }
-  if ( NULL == ego_entry )
+  if ( GNUNET_OK
+       != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+                                                 "jwt_secret", &jwt_secret) )
  {
-    GNUNET_free_non_null(user_psw);
    handle->emsg = GNUNET_strdup("invalid_request");
-    handle->edesc = GNUNET_strdup("invalid code....");
+    handle->edesc = GNUNET_strdup("No signing secret configured!");
-    handle->response_code = MHD_HTTP_BAD_REQUEST;
+    handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    GNUNET_free(ticket);
    return;
  }
-  char *id_token = jwt_create_from_list(&ticket->audience,
+  //TODO We should collect the attributes here. cl always empty
-                                        cl,
+  cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
-                                        GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
+  id_token = OIDC_id_token_new (&ticket->audience,
+                                &ticket->identity,
-  //Create random access_token
+                                cl,
-  char* access_token_number;
+                                &expiration_time,
-  char* access_token;
+                                (NULL != nonce) ? nonce : NULL,
-  uint64_t random_number;
+                                jwt_secret);
-  random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+  access_token = OIDC_access_token_new (); 
-  GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number);
+  OIDC_build_token_response (access_token,
-  GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
+                             id_token,
+                             &expiration_time,
+                             &json_response);
-  //TODO OPTIONAL add refresh_token and scope
+  store_ticket_reference (handle,
-  GNUNET_asprintf (&json_response,
+                          access_token,
-                   "{ \"access_token\" : \"%s\", "
+                          ticket,
-                   "\"token_type\" : \"Bearer\", "
+                          &cid);
-                   "\"expires_in\" : %d, "
-                   "\"id_token\" : \"%s\"}",
-                   access_token,
-                   expiration_time,
-                   id_token);
-  GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
-  char *id_ticket_combination;
-  GNUNET_asprintf(&id_ticket_combination,
-                  "%s;%s",
-                  client_id,
-                  json_string_value(ticket_string));
-  GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
-                                    &cache_key,
-                                    id_ticket_combination,
-                                    GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
  resp = GNUNET_REST_create_response (json_response);
  MHD_add_response_header (resp, "Cache-Control", "no-store");
  MHD_add_response_header (resp, "Pragma", "no-cache");
  MHD_add_response_header (resp, "Content-Type", "application/json");
  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+  GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl);
-  GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
-  GNUNET_free(access_token_number);
  GNUNET_free(access_token);
-  GNUNET_free(user_psw);
  GNUNET_free(json_response);
  GNUNET_free(ticket);
  GNUNET_free(id_token);
-  json_decref (root);
  GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
 }
@@ -1777,7 +1741,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_ticket (void *cls,
                const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-                const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+                const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  struct RequestHandle *handle = cls;
  char *tmp_value;
@@ -1789,9 +1753,9 @@ consume_ticket (void *cls,
    return;
  }
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
-                                                         attr->data,
+                                                        attr->data,
-                                                         attr->data_size);
+                                                        attr->data_size);
  value = json_string (tmp_value);
@@ -1820,7 +1784,7 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  struct GNUNET_HashCode cache_key;
  char *authorization, *authorization_type, *authorization_access_token;
  char *client_ticket, *client, *ticket_str;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  struct GNUNET_RECLAIM_Ticket *ticket;
  GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
                      strlen (OIDC_AUTHORIZATION_HEADER_KEY),
@@ -1918,12 +1882,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
    GNUNET_free(client_ticket);
    return;
  }
-  ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
+  ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket);
  if ( GNUNET_OK
       != GNUNET_STRINGS_string_to_data (ticket_str,
                                         strlen (ticket_str),
                                         ticket,
-                                         sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
+                                         sizeof(struct GNUNET_RECLAIM_Ticket)))
  {
    handle->emsg = GNUNET_strdup("invalid_token");
    handle->edesc = GNUNET_strdup("The Access Token expired");
@@ -1935,15 +1899,15 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
  handle->oidc->response = json_object();
  json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (
-                                                            handle->idp,
+                                                  handle->idp,
-                                                            GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
+                                                  GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
-                                                            ticket,
+                                                  ticket,
-                                                            consume_ticket,
+                                                  consume_ticket,
-                                                            handle);
+                                                  handle);
  GNUNET_free(ticket);
  GNUNET_free(authorization);
  GNUNET_free(client_ticket);
@@ -2103,6 +2067,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
  handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
                                                     &list_ego,
                                                     handle);
+  handle->gns_handle = GNUNET_GNS_connect (cfg);
  handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
  handle->timeout_task =
    GNUNET_SCHEDULER_add_delayed (handle->timeout,
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/reclaim/plugin_rest_reclaim.c
index a83163db2..38ffc4ddb 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -18,8 +18,8 @@
 /**
 * @author Martin Schanzenbach
 * @author Philippe Buschmann
- * @file identity/plugin_rest_identity.c
+ * @file reclaim/plugin_rest_reclaim.c
- * @brief GNUnet Namestore REST plugin
+ * @brief GNUnet reclaim REST plugin
 *
 */
@@ -36,38 +36,38 @@
 #include <jansson.h>
 #include <inttypes.h>
 #include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
 /**
 * REST root namespace
 */
-#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
+#define GNUNET_REST_API_NS_RECLAIM "/reclaim"
 /**
 * Attribute namespace
 */
-#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes"
+#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes"
 /**
 * Ticket namespace
 */
-#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets"
+#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets"
 /**
 * Revoke namespace
 */
-#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke"
+#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke"
 /**
 * Revoke namespace
 */
-#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume"
+#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume"
 /**
 * Attribute key
 */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
 /**
 * Ticket key
@@ -78,7 +78,7 @@
 /**
 * Value key
 */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
 /**
 * State while collecting all egos
@@ -190,7 +190,7 @@ struct RequestHandle
  /**
   * Attribute claim list
   */
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
  /**
   * IDENTITY Operation
@@ -200,27 +200,27 @@ struct RequestHandle
  /**
   * Identity Provider
   */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
+  struct GNUNET_RECLAIM_Handle *idp;
  /**
   * Idp Operation
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
+  struct GNUNET_RECLAIM_Operation *idp_op;
  /**
   * Attribute iterator
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
+  struct GNUNET_RECLAIM_AttributeIterator *attr_it;
  /**
   * Ticket iterator
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it;
  /**
   * A ticket
   */
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  /**
   * Desired timeout for the lookup (default is no timeout).
@@ -271,8 +271,8 @@ struct RequestHandle
 static void
 cleanup_handle (struct RequestHandle *handle)
 {
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
-  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
+  struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
  struct EgoEntry *ego_entry;
  struct EgoEntry *ego_tmp;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -284,11 +284,11 @@ cleanup_handle (struct RequestHandle *handle)
  if (NULL != handle->identity_handle)
    GNUNET_IDENTITY_disconnect (handle->identity_handle);
  if (NULL != handle->attr_it)
-    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
  if (NULL != handle->ticket_it)
-    GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
+    GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
  if (NULL != handle->idp)
-    GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
+    GNUNET_RECLAIM_disconnect (handle->idp);
  if (NULL != handle->url)
    GNUNET_free (handle->url);
  if (NULL != handle->emsg)
@@ -435,7 +435,7 @@ collect_finished_cb (void *cls)
 */
 static void
 ticket_collect (void *cls,
-                const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
+                const struct GNUNET_RECLAIM_Ticket *ticket)
 {
  struct GNUNET_JSONAPI_Resource *json_resource;
  struct RequestHandle *handle = cls;
@@ -474,7 +474,7 @@ ticket_collect (void *cls,
                                    value);
  GNUNET_free (tmp);
  json_decref (value);
-  GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it);
+  GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it);
 }
@@ -523,8 +523,8 @@ list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
  priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
-  handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp,
+  handle->ticket_it = GNUNET_RECLAIM_ticket_iteration_start (handle->idp,
                                                                       priv_key,
                                                                       &collect_error_cb,
                                                                       handle,
@@ -549,7 +549,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  struct EgoEntry *ego_entry;
  struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
+  struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attribute;
  struct GNUNET_JSONAPI_Document *json_obj;
  struct GNUNET_JSONAPI_Resource *json_res;
  struct GNUNET_TIME_Relative exp;
@@ -565,14 +565,14 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n",
              handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
       strlen (handle->url))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
  for (ego_entry = handle->ego_head;
       NULL != ego_entry;
@@ -625,7 +625,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  }
  json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
  if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
-                                                       GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE))
+                                                       GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Unsupported JSON data type\n");
@@ -651,12 +651,12 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                  "value");
  value_str = json_string_value (value_json);
-  attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str,
+  attribute = GNUNET_RECLAIM_ATTRIBUTE_claim_new (name_str,
-                                                      GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
+                                                      GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
                                                      value_str,
                                                      strlen (value_str) + 1);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
+  handle->idp_op = GNUNET_RECLAIM_attribute_store (handle->idp,
                                                             identity_priv,
                                                             attribute,
                                                             &exp,
@@ -675,7 +675,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 attr_collect (void *cls,
              const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  struct GNUNET_JSONAPI_Resource *json_resource;
  struct RequestHandle *handle = cls;
@@ -684,17 +684,17 @@ attr_collect (void *cls,
  
  if ((NULL == attr->name) || (NULL == attr->data))
  {
-    GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+    GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
    return;
  }
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
              attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                               attr->name);
  GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
-  tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+  tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
                                           attr->data,
                                           attr->data_size);
@@ -705,7 +705,7 @@ attr_collect (void *cls,
                                    value);
  json_decref (value);
  GNUNET_free(tmp_value);
-  GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+  GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
 }
@@ -729,14 +729,14 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n",
              handle->url);
-  if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
+  if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
       strlen (handle->url))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
    GNUNET_SCHEDULER_add_now (&do_error, handle);
    return;
  }
-  identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
+  identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
  for (ego_entry = handle->ego_head;
       NULL != ego_entry;
@@ -755,8 +755,8 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
  priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
-  handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp,
+  handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp,
                                                                   priv_key,
                                                                   &collect_error_cb,
                                                                   handle,
@@ -780,7 +780,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  struct EgoEntry *ego_entry;
  struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  struct GNUNET_JSONAPI_Document *json_obj;
  struct GNUNET_JSONAPI_Resource *json_res;
  struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -844,7 +844,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
  rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                "rnd");
  identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
-                                                     "identity");
+                                                     "issuer");
  audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                     "audience");
  rnd_str = json_string_value (rnd_json);
@@ -884,8 +884,8 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
  }
  identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp,
+  handle->idp_op = GNUNET_RECLAIM_ticket_revoke (handle->idp,
                                                           identity_priv,
                                                           &ticket,
                                                           &finished_cont,
@@ -896,7 +896,7 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
 static void
 consume_cont (void *cls,
              const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
-              const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+              const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
 {
  struct RequestHandle *handle = cls;
  struct GNUNET_JSONAPI_Resource *json_resource;
@@ -910,7 +910,7 @@ consume_cont (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
              attr->name);
-  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
+  json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
                                               attr->name);
  GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
@@ -934,7 +934,7 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  struct EgoEntry *ego_entry;
  struct MHD_Response *resp;
-  struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+  struct GNUNET_RECLAIM_Ticket ticket;
  struct GNUNET_JSONAPI_Document *json_obj;
  struct GNUNET_JSONAPI_Resource *json_res;
  struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
@@ -1038,8 +1038,8 @@ consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
  }
  identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
  handle->resp_object = GNUNET_JSONAPI_document_new ();
-  handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
+  handle->idp = GNUNET_RECLAIM_connect (cfg);
-  handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp,
+  handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
                                                            identity_priv,
                                                            &ticket,
                                                            &consume_cont,
@@ -1084,12 +1084,12 @@ init_cont (struct RequestHandle *handle)
 {
  struct GNUNET_REST_RequestHandlerError err;
  static const struct GNUNET_REST_RequestHandler handlers[] = {
-    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont},
-    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
+    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont},
    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
    {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
-    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM,
      &options_cont},
    GNUNET_REST_HANDLER_END
  };
@@ -1202,7 +1202,7 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
 * @return NULL on error, otherwise the plugin context
 */
 void *
-libgnunet_plugin_rest_identity_provider_init (void *cls)
+libgnunet_plugin_rest_reclaim_init (void *cls)
 {
  static struct Plugin plugin;
  struct GNUNET_REST_Plugin *api;
@@ -1214,7 +1214,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
  plugin.cfg = cfg;
  api = GNUNET_new (struct GNUNET_REST_Plugin);
  api->cls = &plugin;
-  api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
+  api->name = GNUNET_REST_API_NS_RECLAIM;
  api->process_request = &rest_identity_process_request;
  GNUNET_asprintf (&allow_methods,
                   "%s, %s, %s, %s, %s",
@@ -1237,7 +1237,7 @@ libgnunet_plugin_rest_identity_provider_init (void *cls)
 * @return always NULL
 */
 void *
-libgnunet_plugin_rest_identity_provider_done (void *cls)
+libgnunet_plugin_rest_reclaim_done (void *cls)
 {
  struct GNUNET_REST_Plugin *api = cls;
  struct Plugin *plugin = api->cls;
@@ -1250,4 +1250,4 @@ libgnunet_plugin_rest_identity_provider_done (void *cls)
  return NULL;
 }
-/* end of plugin_rest_identity_provider.c */
+/* end of plugin_rest_reclaim.c */
diff --git a/src/identity-provider/identity-provider.conf b/src/reclaim/reclaim.conf
index cc50152a1..cf0a0dc5e 100644
--- a/src/identity-provider/identity-provider.conf
+++ b/src/reclaim/reclaim.conf
@@ -1,22 +1,23 @@
-[identity-provider]
+[reclaim]
 START_ON_DEMAND = NO
 RUN_PER_USER = YES
 #PORT = 2108
 HOSTNAME = localhost
-BINARY = gnunet-service-identity-provider
+BINARY = gnunet-service-reclaim
 ACCEPT_FROM = 127.0.0.1;
 ACCEPT_FROM6 = ::1;
-UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock
 UNIX_MATCH_UID = NO
 UNIX_MATCH_GID = YES
 TOKEN_EXPIRATION_INTERVAL = 30 m
 DATABASE = sqlite
-[identity-rest-plugin]
+[reclaim-rest-plugin]
 #ADDRESS = https://identity.gnu:8000#/login
 ADDRESS = https://reclaim.ui/#/login
 PSW = secret
-EXPIRATION_TIME = 3600
+JWT_SECRET = secret
+EXPIRATION_TIME = 1d
-[identity-provider-sqlite]
+[reclaim-sqlite]
-FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db
+FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db
diff --git a/src/identity-provider/identity_provider.h b/src/reclaim/reclaim.h
index 6a4b7769f..d2c84686d 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/reclaim/reclaim.h
@@ -18,13 +18,13 @@
 /**
 * @author Martin Schanzenbach
- * @file identity-provider/identity_provider.h
+ * @file reclaim/reclaim.h
 *
 * @brief Common type definitions for the identity provider
 *        service and API.
 */
-#ifndef IDENTITY_PROVIDER_H
+#ifndef RECLAIM_H
-#define IDENTITY_PROVIDER_H
+#define RECLAIM_H
 #include "gnunet_common.h"
@@ -152,7 +152,7 @@ struct AttributeIterationStartMessage
 struct AttributeIterationNextMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT
   */
  struct GNUNET_MessageHeader header;
@@ -170,7 +170,7 @@ struct AttributeIterationNextMessage
 struct AttributeIterationStopMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP
   */
  struct GNUNET_MessageHeader header;
@@ -214,7 +214,7 @@ struct TicketIterationStartMessage
 struct TicketIterationNextMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT
   */
  struct GNUNET_MessageHeader header;
@@ -232,7 +232,7 @@ struct TicketIterationNextMessage
 struct TicketIterationStopMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP
   */
  struct GNUNET_MessageHeader header;
@@ -251,7 +251,7 @@ struct TicketIterationStopMessage
 struct IssueTicketMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET
   */
  struct GNUNET_MessageHeader header;
@@ -284,7 +284,7 @@ struct IssueTicketMessage
 struct RevokeTicketMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET
   */
  struct GNUNET_MessageHeader header;
@@ -312,7 +312,7 @@ struct RevokeTicketMessage
 struct RevokeTicketResultMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
   */
  struct GNUNET_MessageHeader header;
@@ -334,7 +334,7 @@ struct RevokeTicketResultMessage
 struct TicketResultMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
   */
  struct GNUNET_MessageHeader header;
@@ -351,7 +351,7 @@ struct TicketResultMessage
 struct ConsumeTicketMessage
 {
  /**
-   * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET
+   * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET
   */
  struct GNUNET_MessageHeader header;
diff --git a/src/identity-provider/identity_provider_api.c b/src/reclaim/reclaim_api.c
index 772b4a244..3f1584ccd 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/reclaim/reclaim_api.c
@@ -17,8 +17,8 @@
 */
 /**
- * @file identity-provider/identity_provider_api.c
+ * @file reclaim/reclaim_api.c
- * @brief api to interact with the identity provider service
+ * @brief api to interact with the reclaim service
 * @author Martin Schanzenbach
 */
 #include "platform.h"
@@ -26,33 +26,33 @@
 #include "gnunet_constants.h"
 #include "gnunet_protocols.h"
 #include "gnunet_mq_lib.h"
-#include "gnunet_identity_provider_service.h"
+#include "gnunet_reclaim_service.h"
-#include "gnunet_identity_attribute_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
-#include "identity_provider.h"
+#include "reclaim.h"
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-api",__VA_ARGS__)
 /**
 * Handle for an operation with the service.
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation
+struct GNUNET_RECLAIM_Operation
 {
  /**
   * Main handle.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
  /**
   * We keep operations in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *next;
+  struct GNUNET_RECLAIM_Operation *next;
  /**
   * We keep operations in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *prev;
+  struct GNUNET_RECLAIM_Operation *prev;
  /**
   * Message to send to the service.
@@ -63,22 +63,22 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
  /**
   * Continuation to invoke after attribute store call
   */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus as_cb;
  /**
   * Attribute result callback
   */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb;
+  GNUNET_RECLAIM_AttributeResult ar_cb;
  /**
   * Revocation result callback
   */
-  GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb;
+  GNUNET_RECLAIM_ContinuationWithStatus rvk_cb;
  /**
   * Ticket result callback
   */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
  /**
   * Envelope with the message for this queue entry.
@@ -100,23 +100,23 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
 /**
 * Handle for a ticket iterator operation
 */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator
+struct GNUNET_RECLAIM_TicketIterator
 {
  /**
   * Kept in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next;
+  struct GNUNET_RECLAIM_TicketIterator *next;
  /**
   * Kept in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev;
+  struct GNUNET_RECLAIM_TicketIterator *prev;
  /**
   * Main handle to access the idp.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
  /**
   * Function to call on completion.
@@ -131,7 +131,7 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
  /**
   * The continuation to call with the results
   */
-  GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
+  GNUNET_RECLAIM_TicketCallback tr_cb;
  /**
   * Closure for @e tr_cb.
@@ -165,23 +165,23 @@ struct GNUNET_IDENTITY_PROVIDER_TicketIterator
 /**
 * Handle for a attribute iterator operation
 */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
+struct GNUNET_RECLAIM_AttributeIterator
 {
  /**
   * Kept in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next;
+  struct GNUNET_RECLAIM_AttributeIterator *next;
  /**
   * Kept in a DLL.
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev;
+  struct GNUNET_RECLAIM_AttributeIterator *prev;
  /**
   * Main handle to access the idp.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
  /**
   * Function to call on completion.
@@ -196,7 +196,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
  /**
   * The continuation to call with the results
   */
-  GNUNET_IDENTITY_PROVIDER_AttributeResult proc;
+  GNUNET_RECLAIM_AttributeResult proc;
  /**
   * Closure for @e proc.
@@ -235,7 +235,7 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
 /**
 * Handle for the service.
 */
-struct GNUNET_IDENTITY_PROVIDER_Handle
+struct GNUNET_RECLAIM_Handle
 {
  /**
   * Configuration to use.
@@ -255,32 +255,32 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
  /**
   * Head of active operations.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_head;
+  struct GNUNET_RECLAIM_Operation *op_head;
  /**
   * Tail of active operations.
   */
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail;
+  struct GNUNET_RECLAIM_Operation *op_tail;
  /**
   * Head of active iterations
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head;
+  struct GNUNET_RECLAIM_AttributeIterator *it_head;
  /**
   * Tail of active iterations
   */
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail;
+  struct GNUNET_RECLAIM_AttributeIterator *it_tail;
  /**
   * Head of active iterations
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_head;
  /**
   * Tail of active iterations
   */
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail;
+  struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail;
  /**
@@ -318,10 +318,10 @@ struct GNUNET_IDENTITY_PROVIDER_Handle
 /**
 * Try again to connect to the service.
 *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
 */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+reconnect (struct GNUNET_RECLAIM_Handle *h);
 /**
 * Reconnect
@@ -331,7 +331,7 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
 static void
 reconnect_task (void *cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
  handle->reconnect_task = NULL;
  reconnect (handle);
@@ -344,7 +344,7 @@ reconnect_task (void *cls)
 * @param handle our service
 */
 static void
-force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
+force_reconnect (struct GNUNET_RECLAIM_Handle *handle)
 {
  GNUNET_MQ_destroy (handle->mq);
  handle->mq = NULL;
@@ -362,9 +362,9 @@ force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
 * @param it entry to free
 */
 static void
-free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+free_it (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
  GNUNET_CONTAINER_DLL_remove (h->it_head,
                               h->it_tail,
@@ -375,7 +375,7 @@ free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
 }
 static void
-free_op (struct GNUNET_IDENTITY_PROVIDER_Operation* op)
+free_op (struct GNUNET_RECLAIM_Operation* op)
 {
  if (NULL == op)
    return;
@@ -397,7 +397,7 @@ static void
 mq_error_handler (void *cls,
                  enum GNUNET_MQ_Error error)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
  force_reconnect (handle);
 }
@@ -412,8 +412,8 @@ static void
 handle_attribute_store_response (void *cls,
                              const struct AttributeStoreResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
+  struct GNUNET_RECLAIM_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  uint32_t r_id = ntohl (msg->id);
  int res;
  const char *emsg;
@@ -448,7 +448,7 @@ handle_attribute_store_response (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -474,7 +474,7 @@ check_consume_ticket_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -483,8 +483,8 @@ static void
 handle_consume_ticket_result (void *cls,
                              const struct ConsumeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
+  struct GNUNET_RECLAIM_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  size_t attrs_len;
  uint32_t r_id = ntohl (msg->id);
@@ -500,9 +500,9 @@ handle_consume_ticket_result (void *cls,
    return;
  {
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
-    struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+    struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
-    attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1],
+    attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&msg[1],
                                        attrs_len);
    if (NULL != op->ar_cb)
    {
@@ -518,7 +518,7 @@ handle_consume_ticket_result (void *cls,
          op->ar_cb (op->cls,
                     &msg->identity,
                     le->claim);
-        GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
+        GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
      }
    }
    if (NULL != op)
@@ -539,7 +539,7 @@ handle_consume_ticket_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -565,7 +565,7 @@ check_attribute_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -575,9 +575,9 @@ handle_attribute_result (void *cls,
                         const struct AttributeResultMessage *msg)
 {
  static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
+  struct GNUNET_RECLAIM_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  size_t attr_len;
  uint32_t r_id = ntohl (msg->id);
@@ -627,8 +627,8 @@ handle_attribute_result (void *cls,
  }
  {
-    struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
+    struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
-    attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1],
+    attr = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&msg[1],
                                                  attr_len);
    if (NULL != it)
    {
@@ -652,7 +652,7 @@ handle_attribute_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -677,7 +677,7 @@ check_ticket_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -686,10 +686,10 @@ static void
 handle_ticket_result (void *cls,
                      const struct TicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
+  struct GNUNET_RECLAIM_Handle *handle = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
-  const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
+  const struct GNUNET_RECLAIM_Ticket *ticket;
  uint32_t r_id = ntohl (msg->id);
  size_t msg_len;
@@ -712,7 +712,7 @@ handle_ticket_result (void *cls,
      if (NULL != op->tr_cb)
        op->tr_cb (op->cls, NULL);
    } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
      if (NULL != op->tr_cb)
        op->tr_cb (op->cls, ticket);
    }
@@ -728,7 +728,7 @@ handle_ticket_result (void *cls,
      it->finish_cb (it->finish_cb_cls);
      GNUNET_free (it);
    } else {
-      ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
+      ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
      if (NULL != it->tr_cb)
        it->tr_cb (it->cls, ticket);
    }
@@ -740,7 +740,7 @@ handle_ticket_result (void *cls,
 /**
 * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
 *
 * @param cls
 * @param msg the message we received
@@ -749,8 +749,8 @@ static void
 handle_revoke_ticket_result (void *cls,
                             const struct RevokeTicketResultMessage *msg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
+  struct GNUNET_RECLAIM_Handle *h = cls;
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  uint32_t r_id = ntohl (msg->id);
  int32_t success;
@@ -785,42 +785,42 @@ handle_revoke_ticket_result (void *cls,
 /**
 * Try again to connect to the service.
 *
- * @param h handle to the identity provider service.
+ * @param h handle to the reclaim service.
 */
 static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+reconnect (struct GNUNET_RECLAIM_Handle *h)
 {
  struct GNUNET_MQ_MessageHandler handlers[] = {
    GNUNET_MQ_hd_fixed_size (attribute_store_response,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE,
                             struct AttributeStoreResultMessage,
                             h),
    GNUNET_MQ_hd_var_size (attribute_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT,
                           struct AttributeResultMessage,
                           h),
    GNUNET_MQ_hd_var_size (ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT,
                           struct TicketResultMessage,
                           h),
    GNUNET_MQ_hd_var_size (consume_ticket_result,
-                           GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT,
+                           GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT,
                           struct ConsumeTicketResultMessage,
                           h),
    GNUNET_MQ_hd_fixed_size (revoke_ticket_result,
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT,
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT,
                             struct RevokeTicketResultMessage,
                             h),
    GNUNET_MQ_handler_end ()
  };
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  GNUNET_assert (NULL == h->mq);
  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       "Connecting to identity provider service.\n");
+       "Connecting to reclaim service.\n");
  h->mq = GNUNET_CLIENT_connect (h->cfg,
-                                 "identity-provider",
+                                 "reclaim",
                                 handlers,
                                 &mq_error_handler,
                                 h);
@@ -833,17 +833,17 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 /**
- * Connect to the identity provider service.
+ * Connect to the reclaim service.
 *
 * @param cfg the configuration to use
 * @return handle to use
 */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
+struct GNUNET_RECLAIM_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h;
+  struct GNUNET_RECLAIM_Handle *h;
-  h = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Handle);
+  h = GNUNET_new (struct GNUNET_RECLAIM_Handle);
  h->cfg = cfg;
  reconnect (h);
  if (NULL == h->mq)
@@ -864,9 +864,9 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
 * @param op operation to cancel
 */
 void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = op->h;
+  struct GNUNET_RECLAIM_Handle *h = op->h;
  GNUNET_CONTAINER_DLL_remove (h->op_head,
                               h->op_tail,
@@ -881,7 +881,7 @@ GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
 * @param h handle to destroy
 */
 void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h)
 {
  GNUNET_assert (NULL != h);
  if (NULL != h->mq)
@@ -902,7 +902,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 * Store an attribute.  If the attribute is already present,
 * it is replaced with the new attribute.
 *
- * @param h handle to the identity provider
+ * @param h handle to the reclaim
 * @param pkey private key of the identity
 * @param attr the attribute value
 * @param exp_interval the relative expiration interval for the attribute
@@ -910,19 +910,19 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 * @param cont_cls closure for @a cont
 * @return handle to abort the request
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
-                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
                                          const struct GNUNET_TIME_Relative *exp_interval,
-                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
+                                          GNUNET_RECLAIM_ContinuationWithStatus cont,
                                          void *cont_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  struct AttributeStoreMessage *sam;
  size_t attr_len;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
  op->h = h;
  op->as_cb = cont;
  op->cls = cont_cls;
@@ -930,15 +930,15 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
  GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                    h->op_tail,
                                    op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (attr);
  op->env = GNUNET_MQ_msg_extra (sam,
                                 attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE);
  sam->identity = *pkey;
  sam->id = htonl (op->r_id);
  sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
-  GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
+  GNUNET_RECLAIM_ATTRIBUTE_serialize (attr,
                                       (char*)&sam[1]);
  sam->attr_len = htons (attr_len);
@@ -952,11 +952,11 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 /**
 * List all attributes for a local identity.
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
 * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
 *
 * On error (disconnect), @a error_cb will be invoked.
 * On normal completion, @a finish_cb proc will be
@@ -975,23 +975,23 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
+struct GNUNET_RECLAIM_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
                                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                               GNUNET_SCHEDULER_TaskCallback error_cb,
                                               void *error_cb_cls,
-                                               GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
+                                               GNUNET_RECLAIM_AttributeResult proc,
                                               void *proc_cls,
                                               GNUNET_SCHEDULER_TaskCallback finish_cb,
                                               void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
+  struct GNUNET_RECLAIM_AttributeIterator *it;
  struct GNUNET_MQ_Envelope *env;
  struct AttributeIterationStartMessage *msg;
  uint32_t rid;
  rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator);
  it->h = h;
  it->error_cb = error_cb;
  it->error_cb_cls = error_cb_cls;
@@ -1005,7 +1005,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
                                    h->it_tail,
                                    it);
  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START);
  msg->id = htonl (rid);
  msg->identity = *identity;
  if (NULL == h->mq)
@@ -1018,20 +1018,20 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_H
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
 * for the next record.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
  struct AttributeIterationNextMessage *msg;
  struct GNUNET_MQ_Envelope *env;
  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT);
  msg->id = htonl (it->r_id);
  GNUNET_MQ_send (h->mq,
                  env);
@@ -1041,21 +1041,21 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_At
 /**
 * Stops iteration and releases the idp handle for further calls.  Must
 * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
  struct GNUNET_MQ_Envelope *env;
  struct AttributeIterationStopMessage *msg;
  if (NULL != h->mq)
  {
    env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP);
    msg->id = htonl (it->r_id);
    GNUNET_MQ_send (h->mq,
                    env);
@@ -1066,10 +1066,10 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
 /** TODO
 * Issues a ticket to another identity. The identity may use
- * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
+ * @GNUNET_RECLAIM_authorization_ticket_consume to consume the ticket
 * and retrieve the attributes specified in the AttributeList.
 *
- * @param h the identity provider to use
+ * @param h the reclaim to use
 * @param iss the issuing identity
 * @param rp the subject of the ticket (the relying party)
 * @param attrs the attributes that the relying party is given access to
@@ -1077,19 +1077,19 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
                                       const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
                                       const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
-                                       const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
+                                       const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
-                                       GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
+                                       GNUNET_RECLAIM_TicketCallback cb,
                                       void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  struct IssueTicketMessage *tim;
  size_t attr_len;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
  op->h = h;
  op->tr_cb = cb;
  op->cls = cb_cls;
@@ -1097,15 +1097,15 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
  GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                    h->op_tail,
                                    op);
-  attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
+  attr_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
  op->env = GNUNET_MQ_msg_extra (tim,
                                 attr_len,
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET);
  tim->identity = *iss;
  tim->rp = *rp;
  tim->id = htonl (op->r_id);
-  GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
+  GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
                                            (char*)&tim[1]);
  tim->attr_len = htons (attr_len);
@@ -1119,24 +1119,24 @@ GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h
 * Consumes an issued ticket. The ticket is persisted
 * and used to retrieve identity information from the issuer
 *
- * @param h the identity provider to use
+ * @param h the reclaim to use
 * @param identity the identity that is the subject of the issued ticket (the relying party)
 * @param ticket the issued ticket to consume
 * @param cb the callback to call
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
                                         const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                         const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                         const struct GNUNET_RECLAIM_Ticket *ticket,
-                                         GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
+                                         GNUNET_RECLAIM_AttributeResult cb,
                                         void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
  struct ConsumeTicketMessage *ctm;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
  op->h = h;
  op->ar_cb = cb;
  op->cls = cb_cls;
@@ -1145,14 +1145,14 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
                                    h->op_tail,
                                    op);
  op->env = GNUNET_MQ_msg_extra (ctm,
-                                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket),
+                                 sizeof (const struct GNUNET_RECLAIM_Ticket),
-                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET);
+                                 GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET);
  ctm->identity = *identity;
  ctm->id = htonl (op->r_id);
  GNUNET_memcpy ((char*)&ctm[1],
                 ticket,
-                 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                 sizeof (const struct GNUNET_RECLAIM_Ticket));
  if (NULL != h->mq)
    GNUNET_MQ_send_copy (h->mq,
@@ -1166,7 +1166,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
 * Lists all tickets that have been issued to remote
 * identites (relying parties)
 *
- * @param h the identity provider to use
+ * @param h the reclaim to use
 * @param identity the issuing identity
 * @param error_cb function to call on error (i.e. disconnect),
 *        the handle is afterwards invalid
@@ -1179,17 +1179,17 @@ GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
+struct GNUNET_RECLAIM_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
                                                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
                                                 GNUNET_SCHEDULER_TaskCallback error_cb,
                                                 void *error_cb_cls,
-                                                 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                 GNUNET_RECLAIM_TicketCallback proc,
                                                 void *proc_cls,
                                                 GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                 void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
  struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
  struct GNUNET_MQ_Envelope *env;
  struct TicketIterationStartMessage *msg;
@@ -1198,7 +1198,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
  GNUNET_CRYPTO_ecdsa_key_get_public (identity,
                                      &identity_pub);
  rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
  it->h = h;
  it->error_cb = error_cb;
  it->error_cb_cls = error_cb_cls;
@@ -1211,7 +1211,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
                                    h->ticket_it_tail,
                                    it);
  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
  msg->id = htonl (rid);
  msg->identity = identity_pub;
  msg->is_audience = htonl (GNUNET_NO);
@@ -1229,7 +1229,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
 * Lists all tickets that have been issued to remote
 * identites (relying parties)
 *
- * @param h the identity provider to use
+ * @param h the reclaim to use
 * @param identity the issuing identity
 * @param error_cb function to call on error (i.e. disconnect),
 *        the handle is afterwards invalid
@@ -1242,23 +1242,23 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER
 * @param finish_cb_cls closure for @a finish_cb
 * @return an iterator handle to use for iteration
 */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
+struct GNUNET_RECLAIM_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
                                                    const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
                                                    GNUNET_SCHEDULER_TaskCallback error_cb,
                                                    void *error_cb_cls,
-                                                    GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
+                                                    GNUNET_RECLAIM_TicketCallback proc,
                                                    void *proc_cls,
                                                    GNUNET_SCHEDULER_TaskCallback finish_cb,
                                                    void *finish_cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
+  struct GNUNET_RECLAIM_TicketIterator *it;
  struct GNUNET_MQ_Envelope *env;
  struct TicketIterationStartMessage *msg;
  uint32_t rid;
  rid = h->r_id_gen++;
-  it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
+  it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
  it->h = h;
  it->error_cb = error_cb;
  it->error_cb_cls = error_cb_cls;
@@ -1271,7 +1271,7 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
                                    h->ticket_it_tail,
                                    it);
  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
  msg->id = htonl (rid);
  msg->identity = *identity;
  msg->is_audience = htonl (GNUNET_YES);
@@ -1286,20 +1286,20 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVI
 }
 /**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
 * for the next record.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
  struct TicketIterationNextMessage *msg;
  struct GNUNET_MQ_Envelope *env;
  env = GNUNET_MQ_msg (msg,
-                       GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT);
+                       GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT);
  msg->id = htonl (it->r_id);
  GNUNET_MQ_send (h->mq,
                  env);
@@ -1309,21 +1309,21 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_
 /**
 * Stops iteration and releases the idp handle for further calls.  Must
 * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
+ * #GNUNET_RECLAIM_disconnect.
 *
 * @param it the iterator
 */
 void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
+  struct GNUNET_RECLAIM_Handle *h = it->h;
  struct GNUNET_MQ_Envelope *env;
  struct TicketIterationStopMessage *msg;
  if (NULL != h->mq)
  {
    env = GNUNET_MQ_msg (msg,
-                         GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP);
+                         GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP);
    msg->id = htonl (it->r_id);
    GNUNET_MQ_send (h->mq,
                    env);
@@ -1335,27 +1335,26 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_
 * Revoked an issued ticket. The relying party will be unable to retrieve
 * updated attributes.
 *
- * @param h the identity provider to use
+ * @param h the reclaim to use
 * @param identity the issuing identity
 * @param ticket the ticket to revoke
 * @param cb the callback
 * @param cb_cls the callback closure
 * @return handle to abort the operation
 */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
+struct GNUNET_RECLAIM_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
                                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
-                                        const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+                                        const struct GNUNET_RECLAIM_Ticket *ticket,
-                                        GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
+                                        GNUNET_RECLAIM_ContinuationWithStatus cb,
                                        void *cb_cls)
 {
-  struct GNUNET_IDENTITY_PROVIDER_Operation *op;
+  struct GNUNET_RECLAIM_Operation *op;
-  struct GNUNET_MQ_Envelope *env;
  struct RevokeTicketMessage *msg;
  uint32_t rid;
  rid = h->r_id_gen++;
-  op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
+  op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
  op->h = h;
  op->rvk_cb = cb;
  op->cls = cb_cls;
@@ -1363,22 +1362,22 @@ GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *
  GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
                                    h->op_tail,
                                    op);
-  env = GNUNET_MQ_msg_extra (msg,
+  op->env = GNUNET_MQ_msg_extra (msg,
-                             sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
+                             sizeof (struct GNUNET_RECLAIM_Ticket),
-                             GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET);
+                             GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET);
  msg->id = htonl (rid);
  msg->identity = *identity;
  GNUNET_memcpy (&msg[1],
                 ticket,
-                 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+                 sizeof (struct GNUNET_RECLAIM_Ticket));
-  if (NULL == h->mq)
+  if (NULL != h->mq) {
-    op->env = env;
-  else
    GNUNET_MQ_send (h->mq,
-                    env);
+                    op->env);
+    op->env = NULL;
+  }
  return op;
 }
-/* end of identity_provider_api.c */
+/* end of reclaim_api.c */
diff --git a/src/reclaim/test_reclaim.sh b/src/reclaim/test_reclaim.sh
new file mode 100755
index 000000000..311f5382a
--- /dev/null
+++ b/src/reclaim/test_reclaim.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_attribute.sh b/src/reclaim/test_reclaim_attribute.sh
new file mode 100755
index 000000000..39bd715b7
--- /dev/null
+++ b/src/reclaim/test_reclaim_attribute.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+#curl localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_consume.sh b/src/reclaim/test_reclaim_consume.sh
new file mode 100755
index 000000000..36c8052d0
--- /dev/null
+++ b/src/reclaim/test_reclaim_consume.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}')
+gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/tickets/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/identity-provider/test_idp_defaults.conf b/src/reclaim/test_reclaim_defaults.conf
index a9a197dea..a9a197dea 100644
--- a/src/identity-provider/test_idp_defaults.conf
+++ b/src/reclaim/test_reclaim_defaults.conf
diff --git a/src/reclaim/test_reclaim_issue.sh b/src/reclaim/test_reclaim_issue.sh
new file mode 100755
index 000000000..6a71470e1
--- /dev/null
+++ b/src/reclaim/test_reclaim_issue.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf > /dev/null 2>&1
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+#gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+  echo "Failed."
+  exit 1
+fi
+#curl http://localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/reclaim/test_reclaim_revoke.sh b/src/reclaim/test_reclaim_revoke.sh
new file mode 100755
index 000000000..595752fd8
--- /dev/null
+++ b/src/reclaim/test_reclaim_revoke.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+  LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+        exit 77
+fi
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+#  (1) PKEY1.user -> PKEY2.resu.user
+#  (2) PKEY2.resu -> PKEY3
+#  (3) PKEY3.user -> PKEY4
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+gnunet-identity -C alice -c test_reclaim.conf
+gnunet-identity -C bob -c test_reclaim.conf
+gnunet-identity -C eve -c test_reclaim.conf
+ALICE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep alice | awk '{print $3}')
+BOB_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep bob | awk '{print $3}')
+EVE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep eve | awk '{print $3}')
+gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf 
+gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf
+TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}')
+#gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf
+TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}')
+#echo "Consuming $TICKET"
+#gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf
+gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf
+#sleep 6
+gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf 2&>1 >/dev/null
+if test $? == 0
+then 
+  echo "Eve can still resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+gnunet-arm -e -c test_reclaim.conf
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf 2&>1 >/dev/null
+if test $? != 0
+then
+  echo "Bob cannot resolve attributes..."
+  gnunet-arm -e -c test_reclaim.conf
+  exit 1
+fi
+gnunet-arm -e -c test_reclaim.conf
diff --git a/src/rest/Makefile.am b/src/rest/Makefile.am
index ebfb98024..ce0454d53 100644
--- a/src/rest/Makefile.am
+++ b/src/rest/Makefile.am
@@ -29,6 +29,18 @@ libexec_PROGRAMS = \
 EXTRA_DIST = \
 rest.conf
+plugin_LTLIBRARIES = libgnunet_plugin_rest_copying.la
+libgnunet_plugin_rest_copying_la_SOURCES = \
+  plugin_rest_copying.c
+libgnunet_plugin_rest_copying_la_LIBADD = \
+        $(top_builddir)/src/rest/libgnunetrest.la \
+  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+  $(LTLIBINTL) -lmicrohttpd
+libgnunet_plugin_rest_copying_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
 gnunet_rest_server_SOURCES = \
 gnunet-rest-server.c
diff --git a/src/rest/plugin_rest_copying.c b/src/rest/plugin_rest_copying.c
new file mode 100644
index 000000000..668dc5d38
--- /dev/null
+++ b/src/rest/plugin_rest_copying.c
@@ -0,0 +1,231 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2018 GNUnet e.V.
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+  
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   */
+/**
+ * @author Martin Schanzenbach
+ * @file gns/plugin_rest_copying.c
+ * @brief REST plugin that serves licensing information.
+ *
+ */
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include <gnunet_rest_lib.h>
+#define GNUNET_REST_API_NS_COPYING "/copying"
+#define GNUNET_REST_COPYING_TEXT "GNU Affero General Public License version 3 or later. See also: <http://www.gnu.org/licenses/>"
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+struct RequestHandle
+{
+  /**
+   * Handle to rest request
+   */
+  struct GNUNET_REST_RequestHandle *rest_handle;
+  /**
+   * The plugin result processor
+   */
+  GNUNET_REST_ResultProcessor proc;
+  /**
+   * The closure of the result processor
+   */
+  void *proc_cls;
+  /**
+   * HTTP response code
+   */
+  int response_code;
+};
+/**
+ * Cleanup request handle.
+ *
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cleaning up\n");
+  GNUNET_free (handle);
+}
+/**
+ * Task run on shutdown.  Cleans up everything.
+ *
+ * @param cls unused
+ * @param tc scheduler context
+ */
+static void
+do_error (void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+  resp = GNUNET_REST_create_response (NULL);
+  handle->proc (handle->proc_cls, resp, handle->response_code);
+  cleanup_handle (handle);
+}
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+get_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+  resp = GNUNET_REST_create_response (GNUNET_REST_COPYING_TEXT);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char* url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+  resp = GNUNET_REST_create_response (NULL);
+  MHD_add_response_header (resp,
+                           "Access-Control-Allow-Methods",
+                           MHD_HTTP_METHOD_GET);
+  handle->proc (handle->proc_cls,
+                resp,
+                MHD_HTTP_OK);
+  cleanup_handle (handle);
+}
+/**
+ * Function processing the REST call
+ *
+ * @param method HTTP method
+ * @param url URL of the HTTP request
+ * @param data body of the HTTP request (optional)
+ * @param data_size length of the body
+ * @param proc callback function for the result
+ * @param proc_cls closure for @a proc
+ * @return #GNUNET_OK if request accepted
+ */
+static void
+rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle,
+                              GNUNET_REST_ResultProcessor proc,
+                              void *proc_cls)
+{
+  static const struct GNUNET_REST_RequestHandler handlers[] = {
+    {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_COPYING, &get_cont},
+    {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_COPYING, &options_cont},
+    GNUNET_REST_HANDLER_END
+  };
+  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+  struct GNUNET_REST_RequestHandlerError err;
+  handle->proc_cls = proc_cls;
+  handle->proc = proc;
+  handle->rest_handle = conndata_handle;
+  if (GNUNET_NO == GNUNET_REST_handle_request (conndata_handle,
+                                               handlers,
+                                               &err,
+                                               handle))
+  {
+    handle->response_code = err.error_code;
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+  }
+}
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*"
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_copying_init (void *cls)
+{
+  static struct Plugin plugin;
+  cfg = cls;
+  struct GNUNET_REST_Plugin *api;
+  if (NULL != plugin.cfg)
+    return NULL;                /* can only initialize once! */
+  memset (&plugin, 0, sizeof (struct Plugin));
+  plugin.cfg = cfg;
+  api = GNUNET_new (struct GNUNET_REST_Plugin);
+  api->cls = &plugin;
+  api->name = GNUNET_REST_API_NS_COPYING;
+  api->process_request = &rest_copying_process_request;
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              _("COPYING REST API initialized\n"));
+  return api;
+}
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_copying_done (void *cls)
+{
+  struct GNUNET_REST_Plugin *api = cls;
+  struct Plugin *plugin = api->cls;
+  plugin->cfg = NULL;
+  GNUNET_free (api);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "COPYING REST plugin is finished\n");
+  return NULL;
+}
+/* end of plugin_rest_copying.c */
diff --git a/src/rps/gnunet-rps-profiler.c b/src/rps/gnunet-rps-profiler.c
index 16f23e86c..49714872f 100644
--- a/src/rps/gnunet-rps-profiler.c
+++ b/src/rps/gnunet-rps-profiler.c
@@ -49,7 +49,11 @@ static unsigned bits_needed;
 /**
 * How long do we run the test?
 */
-//#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)
+static struct GNUNET_TIME_Relative duration;
+/**
+ * When do we do a hard shutdown?
+ */
 static struct GNUNET_TIME_Relative timeout;
@@ -446,6 +450,10 @@ struct RPSPeer
   * @brief statistics values
   */
  uint64_t stats[STAT_TYPE_MAX];
+  /**
+   * @brief Handle for the statistics get request
+   */
+  struct GNUNET_STATISTICS_GetHandle *h_stat_get[STAT_TYPE_MAX];
 };
 /**
@@ -489,15 +497,16 @@ static unsigned int view_sizes;
 static int ok;
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the task that runs after the test to collect results
 */
 static struct GNUNET_SCHEDULER_Task *post_test_task;
 /**
- * Identifier for the churn task that runs periodically
+ * Identifier for the shutdown task
 */
 static struct GNUNET_SCHEDULER_Task *shutdown_task;
 /**
 * Identifier for the churn task that runs periodically
 */
@@ -874,6 +883,75 @@ static int check_statistics_collect_completed ()
  return GNUNET_YES;
 }
+static void
+rps_disconnect_adapter (void *cls,
+                        void *op_result);
+static void
+cancel_pending_req (struct PendingRequest *pending_req)
+{
+  struct RPSPeer *rps_peer;
+  rps_peer = pending_req->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
+                               rps_peer->pending_req_tail,
+                               pending_req);
+  rps_peer->num_pending_reqs--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling pending rps get request\n");
+  GNUNET_SCHEDULER_cancel (pending_req->request_task);
+  GNUNET_free (pending_req);
+}
+static void
+cancel_request (struct PendingReply *pending_rep)
+{
+  struct RPSPeer *rps_peer;
+  rps_peer = pending_rep->rps_peer;
+  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
+                               rps_peer->pending_rep_tail,
+                               pending_rep);
+  rps_peer->num_pending_reps--;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Cancelling rps get reply\n");
+  GNUNET_RPS_request_cancel (pending_rep->req_handle);
+  GNUNET_free (pending_rep);
+}
+void
+clean_peer (unsigned peer_index)
+{
+  struct PendingRequest *pending_req;
+  while (NULL != (pending_req = rps_peers[peer_index].pending_req_head))
+  {
+    cancel_pending_req (pending_req);
+  }
+  pending_req = rps_peers[peer_index].pending_req_head;
+  rps_disconnect_adapter (&rps_peers[peer_index],
+                          &rps_peers[peer_index].rps_handle);
+  for (unsigned stat_type = STAT_TYPE_ROUNDS;
+       stat_type < STAT_TYPE_MAX;
+       stat_type++)
+  {
+    if (NULL != rps_peers[peer_index].h_stat_get[stat_type])
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "(%u) did not yet receive stat value for `%s'\n",
+                  rps_peers[peer_index].index,
+                  stat_type_2_str (stat_type));
+      GNUNET_STATISTICS_get_cancel (
+          rps_peers[peer_index].h_stat_get[stat_type]);
+    }
+  }
+  if (NULL != rps_peers[peer_index].op)
+  {
+    GNUNET_TESTBED_operation_done (rps_peers[peer_index].op);
+    rps_peers[peer_index].op = NULL;
+  }
+}
 /**
 * Task run on timeout to shut everything down.
 */
@@ -881,35 +959,55 @@ static void
 shutdown_op (void *cls)
 {
  unsigned int i;
+  struct OpListEntry *entry;
-  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
              "Shutdown task scheduled, going down.\n");
  in_shutdown = GNUNET_YES;
+  if (NULL != shutdown_task)
+  {
+    GNUNET_SCHEDULER_cancel (shutdown_task);
+    shutdown_task = NULL;
+  }
  if (NULL != post_test_task)
  {
    GNUNET_SCHEDULER_cancel (post_test_task);
+    post_test_task = NULL;
  }
  if (NULL != churn_task)
  {
    GNUNET_SCHEDULER_cancel (churn_task);
    churn_task = NULL;
  }
+  entry = oplist_head;
+  while (NULL != (entry = oplist_head))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Operation still pending on shutdown (%u)\n",
+                entry->index);
+    GNUNET_TESTBED_operation_done (entry->op);
+    GNUNET_CONTAINER_DLL_remove (oplist_head, oplist_tail, entry);
+    GNUNET_free (entry);
+  }
  for (i = 0; i < num_peers; i++)
  {
-    if (NULL != rps_peers[i].rps_handle)
+    clean_peer (i);
-    {
-      GNUNET_RPS_disconnect (rps_peers[i].rps_handle);
-    }
-    if (NULL != rps_peers[i].op)
-    {
-      GNUNET_TESTBED_operation_done (rps_peers[i].op);
-    }
  }
 }
+static void
+trigger_shutdown (void *cls)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Shutdown was triggerd by timeout, going down.\n");
+  shutdown_task = NULL;
+  GNUNET_SCHEDULER_shutdown ();
+}
 /**
- * Task run on timeout to collect statistics and potentially shut down.
+ * Task run after #duration to collect statistics and potentially shut down.
 */
 static void
 post_test_op (void *cls)
@@ -919,7 +1017,7 @@ post_test_op (void *cls)
  post_test_task = NULL;
  post_test = GNUNET_YES;
  GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-              "Post test task scheduled, going down.\n");
+              "Post test task scheduled.\n");
  if (NULL != churn_task)
  {
    GNUNET_SCHEDULER_cancel (churn_task);
@@ -943,7 +1041,7 @@ post_test_op (void *cls)
      GNUNET_YES == check_statistics_collect_completed())
  {
    GNUNET_SCHEDULER_cancel (shutdown_task);
-    shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL);
+    shutdown_task = NULL;
    GNUNET_SCHEDULER_shutdown ();
  }
 }
@@ -1030,9 +1128,9 @@ info_cb (void *cb_cls,
 */
 static void
 rps_connect_complete_cb (void *cls,
-                         struct GNUNET_TESTBED_Operation *op,
+                         struct GNUNET_TESTBED_Operation *op,
-                         void *ca_result,
+                         void *ca_result,
-                         const char *emsg)
+                         const char *emsg)
 {
  struct RPSPeer *rps_peer = cls;
  struct GNUNET_RPS_Handle *rps = ca_result;
@@ -1057,7 +1155,9 @@ rps_connect_complete_cb (void *cls,
    return;
  }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Started client successfully\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Started client successfully (%u)\n",
+              rps_peer->index);
  cur_test_run.main_test (rps_peer);
 }
@@ -1075,7 +1175,7 @@ rps_connect_complete_cb (void *cls,
 */
 static void *
 rps_connect_adapter (void *cls,
-                                 const struct GNUNET_CONFIGURATION_Handle *cfg)
+                     const struct GNUNET_CONFIGURATION_Handle *cfg)
 {
  struct GNUNET_RPS_Handle *h;
@@ -1167,15 +1267,26 @@ stat_complete_cb (void *cls, struct GNUNET_TESTBED_Operation *op,
 */
 static void
 rps_disconnect_adapter (void *cls,
-                                          void *op_result)
+                        void *op_result)
 {
  struct RPSPeer *peer = cls;
  struct GNUNET_RPS_Handle *h = op_result;
+  struct PendingReply *pending_rep;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n");
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "disconnect_adapter (%u)\n",
+              peer->index);
  GNUNET_assert (NULL != peer);
-  GNUNET_RPS_disconnect (h);
+  if (NULL != peer->rps_handle)
-  peer->rps_handle = NULL;
+  {
+    while (NULL != (pending_rep = peer->pending_rep_head))
+    {
+      cancel_request (pending_rep);
+    }
+    GNUNET_assert (h == peer->rps_handle);
+    GNUNET_RPS_disconnect (h);
+    peer->rps_handle = NULL;
+  }
 }
@@ -1219,13 +1330,15 @@ default_reply_handle (void *cls,
    rps_peer->num_recv_ids++;
  }
-  if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit)
+  if (GNUNET_YES != post_test) return;
+  if (HAVE_QUICK_QUIT != cur_test_run.have_quick_quit) return;
+  if (0 == evaluate())
  {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before timeout\n");
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-    GNUNET_assert (NULL != post_test_task);
+                "Test succeeded before end of duration\n");
-    GNUNET_SCHEDULER_cancel (post_test_task);
+    if (NULL != post_test_task) GNUNET_SCHEDULER_cancel (post_test_task);
    post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL);
-    GNUNET_assert (NULL!= post_test_task);
+    GNUNET_assert (NULL != post_test_task);
  }
 }
@@ -1239,13 +1352,13 @@ request_peers (void *cls)
  struct RPSPeer *rps_peer;
  struct PendingReply *pending_rep;
-  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test)
-    return;
  rps_peer = pending_req->rps_peer;
  GNUNET_assert (1 <= rps_peer->num_pending_reqs);
  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
                               rps_peer->pending_req_tail,
                               pending_req);
+  rps_peer->num_pending_reqs--;
+  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) return;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Requesting one peer\n");
  pending_rep = GNUNET_new (struct PendingReply);
@@ -1258,39 +1371,6 @@ request_peers (void *cls)
                                    rps_peer->pending_rep_tail,
                                    pending_rep);
  rps_peer->num_pending_reps++;
-  rps_peer->num_pending_reqs--;
-}
-static void
-cancel_pending_req (struct PendingRequest *pending_req)
-{
-  struct RPSPeer *rps_peer;
-  rps_peer = pending_req->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
-                               rps_peer->pending_req_tail,
-                               pending_req);
-  rps_peer->num_pending_reqs--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling pending request\n");
-  GNUNET_SCHEDULER_cancel (pending_req->request_task);
-  GNUNET_free (pending_req);
-}
-static void
-cancel_request (struct PendingReply *pending_rep)
-{
-  struct RPSPeer *rps_peer;
-  rps_peer = pending_rep->rps_peer;
-  GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
-                               rps_peer->pending_rep_tail,
-                               pending_rep);
-  rps_peer->num_pending_reps--;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Cancelling request\n");
-  GNUNET_RPS_request_cancel (pending_rep->req_handle);
-  GNUNET_free (pending_rep);
 }
@@ -2261,12 +2341,6 @@ void write_final_stats (void){
         stat_type < STAT_TYPE_MAX;
         stat_type++)
    {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                 "Add to sum (%" PRIu64 ") %" PRIu64 " of stat type %u - %s\n",
-                  sums[stat_type],
-                  rps_peers[i].stats[stat_type],
-                  stat_type,
-                  stat_type_2_str (stat_type));
      sums[stat_type] += rps_peers[i].stats[stat_type];
    }
  }
@@ -2312,6 +2386,8 @@ post_test_shutdown_ready_cb (void *cls,
 {
  struct STATcls *stat_cls = (struct STATcls *) cls;
  struct RPSPeer *rps_peer = stat_cls->rps_peer;
+  rps_peer->h_stat_get[stat_cls->stat_type] = NULL;
  if (GNUNET_OK == success)
  {
    /* set flag that we we got the value */
@@ -2363,6 +2439,7 @@ stat_iterator (void *cls,
 {
  const struct STATcls *stat_cls = (const struct STATcls *) cls;
  struct RPSPeer *rps_peer = (struct RPSPeer *) stat_cls->rps_peer;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got stat value: %s - %" PRIu64 "\n",
      //stat_type_2_str (stat_cls->stat_type),
      name,
@@ -2455,12 +2532,13 @@ void post_profiler (struct RPSPeer *rps_peer)
      stat_cls->stat_type = stat_type;
      rps_peer->file_name_stats =
        store_prefix_file_name (rps_peer->peer_id, "stats");
-      GNUNET_STATISTICS_get (rps_peer->stats_h,
+      rps_peer->h_stat_get[stat_type] = GNUNET_STATISTICS_get (
-                             "rps",
+          rps_peer->stats_h,
-                             stat_type_2_str (stat_type),
+          "rps",
-                             post_test_shutdown_ready_cb,
+          stat_type_2_str (stat_type),
-                             stat_iterator,
+          post_test_shutdown_ready_cb,
-                             (struct STATcls *) stat_cls);
+          stat_iterator,
+          (struct STATcls *) stat_cls);
      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
          "Requested statistics for %s (peer %" PRIu32 ")\n",
          stat_type_2_str (stat_type),
@@ -2555,6 +2633,8 @@ test_run (void *cls,
    /* Connect all peers to statistics service */
    if (COLLECT_STATISTICS == cur_test_run.have_collect_statistics)
    {
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                 "Connecting to statistics service\n");
      rps_peers[i].stat_op =
        GNUNET_TESTBED_service_connect (NULL,
                                        peers[i],
@@ -2569,11 +2649,12 @@ test_run (void *cls,
  if (NULL != churn_task)
    GNUNET_SCHEDULER_cancel (churn_task);
-  post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL);
+  post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL);
-  timeout = GNUNET_TIME_relative_multiply (timeout, 1 + (0.1 * num_peers));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000);
-  shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
+  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout,
-  shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL);
+                                                &trigger_shutdown,
+                                                NULL);
+  GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
 }
@@ -2609,7 +2690,7 @@ run (void *cls,
  if (0 == cur_test_run.num_requests) cur_test_run.num_requests = 5;
  //cur_test_run.have_churn = HAVE_CHURN;
  cur_test_run.have_churn = HAVE_NO_CHURN;
-  cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
+  cur_test_run.have_quick_quit = HAVE_QUICK_QUIT;
  cur_test_run.have_collect_statistics = COLLECT_STATISTICS;
  cur_test_run.stat_collect_flags = BIT(STAT_TYPE_ROUNDS) |
                                    BIT(STAT_TYPE_BLOCKS) |
@@ -2632,10 +2713,38 @@ run (void *cls,
  /* 'Clean' directory */
  (void) GNUNET_DISK_directory_remove ("/tmp/rps/");
  GNUNET_DISK_directory_create ("/tmp/rps/");
-  if (0 == timeout.rel_value_us)
+  if (0 == duration.rel_value_us)
  {
-    timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+    if (0 == timeout.rel_value_us)
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               (90 * 1.2) +
+                                                 (0.01 * num_peers));
+    }
+    else
+    {
+      duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                                (timeout.rel_value_us/1000000)
+                                                  * 0.75);
+    }
  }
+  else
+  {
+    if (0 == timeout.rel_value_us)
+    {
+      timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+                                               ((duration.rel_value_us/1000000)
+                                                  * 1.2) + (0.01 * num_peers));
+    }
+  }
+  GNUNET_assert (duration.rel_value_us < timeout.rel_value_us);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "duration is %lus\n",
+              duration.rel_value_us/1000000);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "timeout is %lus\n",
+              timeout.rel_value_us/1000000);
  /* Compute number of bits for representing largest peer id */
  for (bits_needed = 1; (1 << bits_needed) < num_peers; bits_needed++)
@@ -2685,6 +2794,12 @@ main (int argc, char *argv[])
                               gettext_noop ("number of peers to start"),
                               &num_peers),
+    GNUNET_GETOPT_option_relative_time ('d',
+                                        "duration",
+                                        "DURATION",
+                                        gettext_noop ("duration of the profiling"),
+                                        &duration),
    GNUNET_GETOPT_option_relative_time ('t',
                                        "timeout",
                                        "TIMEOUT",
@@ -2732,7 +2847,6 @@ main (int argc, char *argv[])
  GNUNET_free (rps_peers);
  GNUNET_free (rps_peer_ids);
  GNUNET_CONTAINER_multipeermap_destroy (peer_map);
-  printf ("test -1\n");
  return ret_value;
 }
diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c
index 5a75ac55a..21963ee42 100644
--- a/src/rps/gnunet-service-rps.c
+++ b/src/rps/gnunet-service-rps.c
@@ -68,6 +68,7 @@ static struct GNUNET_STATISTICS_Handle *stats;
 */
 static struct GNUNET_PeerIdentity own_identity;
+static int in_shutdown = GNUNET_NO;
 /**
 * @brief Port used for cadet.
@@ -97,11 +98,6 @@ static struct GNUNET_HashCode port;
 #define unset_peer_flag(peer_ctx, mask) ((peer_ctx->peer_flags) &= ~(mask))
 /**
- * Set a channel flag of given channel context.
- */
-#define set_channel_flag(channel_flags, mask) ((*channel_flags) |= (mask))
-/**
 * Get channel flag of given channel context.
 */
 #define check_channel_flag_set(channel_flags, mask)\
@@ -164,6 +160,11 @@ struct PendingMessage
 };
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx;
+/**
 * Struct used to keep track of other peer's status
 *
 * This is stored in a multipeermap.
@@ -181,22 +182,12 @@ struct PeerContext
  /**
   * Channel open to client.
   */
-  struct GNUNET_CADET_Channel *send_channel;
+  struct ChannelCtx *send_channel_ctx;
-  /**
-   * Flags to the sending channel
-   */
-  uint32_t *send_channel_flags;
  /**
   * Channel open from client.
   */
-  struct GNUNET_CADET_Channel *recv_channel; // unneeded?
+  struct ChannelCtx *recv_channel_ctx;
-  /**
-   * Flags to the receiving channel
-   */
-  uint32_t *recv_channel_flags;
  /**
   * Array of pending operations on this peer.
@@ -242,6 +233,11 @@ struct PeerContext
  struct PendingMessage *pending_messages_tail;
  /**
+   * @brief Task to destroy this context.
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+  /**
   * This is pobably followed by 'statistical' data (when we first saw
   * it, how did we get its ID, how many pushes (in a timeinterval),
   * ...)
@@ -265,6 +261,33 @@ struct PeersIteratorCls
 };
 /**
+ * @brief Context for a channel
+ */
+struct ChannelCtx
+{
+  /**
+   * @brief Meant to be used in a DLL
+   */
+  struct ChannelCtx *next;
+  struct ChannelCtx *prev;
+  /**
+   * @brief The channel itself
+   */
+  struct GNUNET_CADET_Channel *channel;
+  /**
+   * @brief The peer context associated with the channel
+   */
+  struct PeerContext *peer_ctx;
+  /**
+   * @brief Scheduled task that will destroy this context
+   */
+  struct GNUNET_SCHEDULER_Task *destruction_task;
+};
+/**
 * @brief Hashmap of valid peers.
 */
 static struct GNUNET_CONTAINER_MultiPeerMap *valid_peers;
@@ -332,8 +355,6 @@ create_peer_ctx (const struct GNUNET_PeerIdentity *peer)
  ctx = GNUNET_new (struct PeerContext);
  ctx->peer_id = *peer;
-  ctx->send_channel_flags = GNUNET_new (uint32_t);
-  ctx->recv_channel_flags = GNUNET_new (uint32_t);
  ret = GNUNET_CONTAINER_multipeermap_put (peer_map, peer, ctx,
      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
  GNUNET_assert (GNUNET_OK == ret);
@@ -387,8 +408,8 @@ Peers_check_connected (const struct GNUNET_PeerIdentity *peer)
  /* Get the context */
  peer_ctx = get_peer_ctx (peer);
  /* If we have no channel to this peer we don't know whether it's online */
-  if ( (NULL == peer_ctx->send_channel) &&
+  if ( (NULL == peer_ctx->send_channel_ctx) &&
-       (NULL == peer_ctx->recv_channel) )
+       (NULL == peer_ctx->recv_channel_ctx) )
  {
    Peers_unset_peer_flag (peer, Peers_ONLINE);
    return GNUNET_NO;
@@ -575,6 +596,24 @@ handle_peer_pull_reply (void *cls,
 /* End declaration of handlers */
+/**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx);
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx);
 /**
 * @brief Get the channel of a peer. If not existing, create.
@@ -610,16 +649,17 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
  peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
  {
    LOG (GNUNET_ERROR_TYPE_DEBUG,
         "Trying to establish channel to peer %s\n",
         GNUNET_i2s (peer));
    ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
    *ctx_peer = *peer;
-    peer_ctx->send_channel =
+    peer_ctx->send_channel_ctx = add_channel_ctx (peer_ctx);
+    peer_ctx->send_channel_ctx->channel =
      GNUNET_CADET_channel_create (cadet_handle,
-                                   (struct GNUNET_PeerIdentity *) ctx_peer, /* context */
+                                   peer_ctx->send_channel_ctx, /* context */
                                   peer,
                                   &port,
                                   GNUNET_CADET_OPTION_RELIABLE,
@@ -627,8 +667,9 @@ get_channel (const struct GNUNET_PeerIdentity *peer)
                                   cleanup_destroyed_channel, /* Disconnect handler */
                                   cadet_handlers);
  }
-  GNUNET_assert (NULL != peer_ctx->send_channel);
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx);
-  return peer_ctx->send_channel;
+  GNUNET_assert (NULL != peer_ctx->send_channel_ctx->channel);
+  return peer_ctx->send_channel_ctx->channel;
 }
@@ -1045,12 +1086,10 @@ restore_valid_peers ()
 */
 void
 Peers_initialise (char* fn_valid_peers,
-                  struct GNUNET_CADET_Handle *cadet_h,
+                  struct GNUNET_CADET_Handle *cadet_h)
-                  const struct GNUNET_PeerIdentity *own_id)
 {
  filename_valid_peers = GNUNET_strdup (fn_valid_peers);
  cadet_handle = cadet_h;
-  own_identity = *own_id;
  peer_map = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
  valid_peers = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
  restore_valid_peers ();
@@ -1136,14 +1175,12 @@ Peers_get_valid_peers (PeersIterator iterator,
 * @param peer the new #GNUNET_PeerIdentity
 *
 * @return #GNUNET_YES if peer was inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
+ *         #GNUNET_NO  otherwise
- *                     peer was #own_identity)
 */
 int
 Peers_insert_peer (const struct GNUNET_PeerIdentity *peer)
 {
-  if ( (GNUNET_YES == Peers_check_peer_known (peer)) ||
+  if (GNUNET_YES == Peers_check_peer_known (peer))
-       (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) )
  {
    return GNUNET_NO; /* We already know this peer - nothing to do */
  }
@@ -1161,8 +1198,7 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
 *
 * @param peer the peer whose liveliness is to be checked
 * @return #GNUNET_YES if peer had to be inserted
- *         #GNUNET_NO  otherwise (if peer was already known or
+ *         #GNUNET_NO  otherwise
- *                     peer was #own_identity)
 */
 int
 Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
@@ -1170,13 +1206,10 @@ Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
  struct PeerContext *peer_ctx;
  int ret;
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
  ret = Peers_insert_peer (peer);
  peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE))
+  if ( (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) &&
+       (NULL == peer_ctx->liveliness_check_pending) )
  {
    check_peer_live (peer_ctx);
  }
@@ -1208,7 +1241,7 @@ Peers_check_removable (const struct GNUNET_PeerIdentity *peer)
  }
  peer_ctx = get_peer_ctx (peer);
-  if ( (NULL != peer_ctx->recv_channel) ||
+  if ( (NULL != peer_ctx->recv_channel_ctx) ||
       (NULL != peer_ctx->pending_messages_head) ||
       (GNUNET_NO == check_peer_flag_set (peer_ctx, Peers_PULL_REPLY_PENDING)) )
  {
@@ -1224,6 +1257,46 @@ Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
 int
 Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags);
+static void
+destroy_peer (void *cls)
+{
+  struct PeerContext *peer_ctx = cls;
+  GNUNET_assert (NULL != peer_ctx);
+  peer_ctx->destruction_task = NULL;
+  Peers_remove_peer (&peer_ctx->peer_id);
+}
+static void
+destroy_channel (void *cls);
+static void
+schedule_channel_destruction (struct ChannelCtx *channel_ctx)
+{
+  GNUNET_assert (NULL != channel_ctx);
+  if (NULL != channel_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    channel_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx);
+  }
+}
+static void
+schedule_peer_destruction (struct PeerContext *peer_ctx)
+{
+  GNUNET_assert (NULL != peer_ctx);
+  if (NULL != peer_ctx->destruction_task &&
+      GNUNET_NO == in_shutdown)
+  {
+    peer_ctx->destruction_task =
+      GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx);
+  }
+}
 /**
 * @brief Remove peer
 *
@@ -1235,7 +1308,8 @@ int
 Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
 {
  struct PeerContext *peer_ctx;
-  uint32_t *channel_flag;
+  GNUNET_assert (NULL != peer_map);
  if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer))
  {
@@ -1249,7 +1323,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
       GNUNET_i2s (&peer_ctx->peer_id));
  Peers_unset_peer_flag (peer, Peers_ONLINE);
+  /* Clear list of pending operations */
+  // TODO this probably leaks memory
+  //      ('only' the cls to the function. Not sure what to do with it)
  GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0);
+  /* Remove all pending messages */
  while (NULL != peer_ctx->pending_messages_head)
  {
    LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -1261,10 +1340,12 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
                     peer_ctx->liveliness_check_pending,
                     sizeof (struct PendingMessage))) )
      {
+        // TODO this may leak memory
        peer_ctx->liveliness_check_pending = NULL;
      }
    remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES);
  }
  /* If we are still waiting for notification whether this peer is live
   * cancel the according task */
  if (NULL != peer_ctx->liveliness_check_pending)
@@ -1277,28 +1358,40 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
    remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
    peer_ctx->liveliness_check_pending = NULL;
  }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-  if (NULL != peer_ctx->send_channel &&
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+  /* Do we still have to wait for destruction of channels
+   * or issue the destruction? */
+  if (NULL != peer_ctx->send_channel_ctx &&
+      NULL != peer_ctx->send_channel_ctx->destruction_task
+      )
  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
+    schedule_peer_destruction (peer_ctx);
-        "Destroying send channel\n");
+    return GNUNET_NO;
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
  }
-  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
+  if (NULL != peer_ctx->recv_channel_ctx &&
-  if (NULL != peer_ctx->recv_channel &&
+      NULL != peer_ctx->recv_channel_ctx->destruction_task)
-      GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
+    schedule_peer_destruction (peer_ctx);
-        "Destroying recv channel\n");
+    return GNUNET_NO;
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
+  }
-    peer_ctx->recv_channel = NULL;
+  if (NULL != peer_ctx->recv_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->recv_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
+  }
+  if (NULL != peer_ctx->send_channel_ctx)
+  {
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
+    schedule_peer_destruction (peer_ctx);
+    return GNUNET_NO;
  }
-  GNUNET_free (peer_ctx->send_channel_flags);
+  if (NULL != peer_ctx->destruction_task)
-  GNUNET_free (peer_ctx->recv_channel_flags);
+  {
+    GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task);
+  }
  if (GNUNET_YES != GNUNET_CONTAINER_multipeermap_remove_all (peer_map, &peer_ctx->peer_id))
  {
@@ -1308,7 +1401,6 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
  return GNUNET_YES;
 }
 /**
 * @brief set flags on a given peer.
 *
@@ -1364,77 +1456,6 @@ Peers_check_peer_flag (const struct GNUNET_PeerIdentity *peer, enum Peers_PeerFl
  return check_peer_flag_set (peer_ctx, flags);
 }
-/**
- * @brief set flags on a given channel.
- *
- * @param channel the channel to set flags on
- * @param flags the flags
- */
-void
-Peers_set_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  set_channel_flag (channel_flags, flags);
-}
-/**
- * @brief unset flags on a given channel.
- *
- * @param channel the channel to unset flags on
- * @param flags the flags
- */
-void
-Peers_unset_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  unset_channel_flag (channel_flags, flags);
-}
-/**
- * @brief Check whether flags on a channel are set.
- *
- * @param channel the channel to check the flag of
- * @param flags the flags to check
- *
- * @return #GNUNET_YES if all given flags are set
- *         #GNUNET_NO  otherwise
- */
-int
-Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
-  return check_channel_flag_set (channel_flags, flags);
-}
-/**
- * @brief Get the flags for the channel in @a role for @a peer.
- *
- * @param peer Peer to get the channel flags for.
- * @param role Role of channel to get flags for
- *
- * @return The flags.
- */
-uint32_t *
-Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
-                        enum Peers_ChannelRole role)
-{
-  const struct PeerContext *peer_ctx;
-  peer_ctx = get_peer_ctx (peer);
-  if (Peers_CHANNEL_ROLE_SENDING == role)
-  {
-    return peer_ctx->send_channel_flags;
-  }
-  else if (Peers_CHANNEL_ROLE_RECEIVING == role)
-  {
-    return peer_ctx->recv_channel_flags;
-  }
-  else
-  {
-    GNUNET_assert (0);
-  }
-}
 /**
 * @brief Check whether we have information about the given peer.
 *
@@ -1505,7 +1526,7 @@ Peers_check_peer_send_intention (const struct GNUNET_PeerIdentity *peer)
  const struct PeerContext *peer_ctx;
  peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->recv_channel)
+  if (NULL != peer_ctx->recv_channel_ctx)
  {
    return GNUNET_YES;
  }
@@ -1530,6 +1551,7 @@ Peers_handle_inbound_channel (void *cls,
 {
  struct PeerContext *peer_ctx;
  struct GNUNET_PeerIdentity *ctx_peer;
+  struct ChannelCtx *channel_ctx;
  LOG (GNUNET_ERROR_TYPE_DEBUG,
      "New channel was established to us (Peer %s).\n",
@@ -1540,19 +1562,22 @@ Peers_handle_inbound_channel (void *cls,
  set_peer_live (peer_ctx);
  ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
  *ctx_peer = *initiator;
+  channel_ctx = add_channel_ctx (peer_ctx);
+  channel_ctx->channel = channel;
  /* We only accept one incoming channel per peer */
  if (GNUNET_YES == Peers_check_peer_send_intention (initiator))
  {
-    set_channel_flag (peer_ctx->recv_channel_flags,
+    LOG (GNUNET_ERROR_TYPE_WARNING,
-                      Peers_CHANNEL_ESTABLISHED_TWICE);
+        "Already got one receive channel. Destroying old one.\n");
-    //GNUNET_CADET_channel_destroy (channel);
+    GNUNET_break_op (0);
-    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
+    GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel);
-    peer_ctx->recv_channel = channel;
+    remove_channel_ctx (peer_ctx->recv_channel_ctx);
+    peer_ctx->recv_channel_ctx = channel_ctx;
    /* return the channel context */
-    return ctx_peer;
+    return channel_ctx;
  }
-  peer_ctx->recv_channel = channel;
+  peer_ctx->recv_channel_ctx = channel_ctx;
-  return ctx_peer;
+  return channel_ctx;
 }
@@ -1574,7 +1599,7 @@ Peers_check_sending_channel_exists (const struct GNUNET_PeerIdentity *peer)
    return GNUNET_NO;
  }
  peer_ctx = get_peer_ctx (peer);
-  if (NULL == peer_ctx->send_channel)
+  if (NULL == peer_ctx->send_channel_ctx)
  {
    return GNUNET_NO;
  }
@@ -1607,12 +1632,14 @@ Peers_check_channel_role (const struct GNUNET_PeerIdentity *peer,
  }
  peer_ctx = get_peer_ctx (peer);
  if ( (Peers_CHANNEL_ROLE_SENDING == role) &&
-       (channel == peer_ctx->send_channel) )
+       (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
  {
    return GNUNET_YES;
  }
  if ( (Peers_CHANNEL_ROLE_RECEIVING == role) &&
-       (channel == peer_ctx->recv_channel) )
+       (NULL != peer_ctx->recv_channel_ctx) &&
+       (channel == peer_ctx->recv_channel_ctx->channel) )
  {
    return GNUNET_YES;
  }
@@ -1642,18 +1669,29 @@ Peers_destroy_sending_channel (const struct GNUNET_PeerIdentity *peer)
    return GNUNET_NO;
  }
  peer_ctx = get_peer_ctx (peer);
-  if (NULL != peer_ctx->send_channel)
+  if (NULL != peer_ctx->send_channel_ctx)
  {
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN);
+    schedule_channel_destruction (peer_ctx->send_channel_ctx);
-    GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-    peer_ctx->send_channel = NULL;
-    peer_ctx->mq = NULL;
    (void) Peers_check_connected (peer);
    return GNUNET_YES;
  }
  return GNUNET_NO;
 }
+static void
+destroy_channel (void *cls)
+{
+  struct ChannelCtx *channel_ctx = cls;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+  GNUNET_assert (channel_ctx == peer_ctx->send_channel_ctx ||
+                 channel_ctx == peer_ctx->recv_channel_ctx);
+  channel_ctx->destruction_task = NULL;
+  GNUNET_CADET_channel_destroy (channel_ctx->channel);
+  remove_channel_ctx (peer_ctx->send_channel_ctx);
+}
 /**
 * This is called when a channel is destroyed.
 *
@@ -1664,9 +1702,9 @@ void
 Peers_cleanup_destroyed_channel (void *cls,
                                 const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
+  struct ChannelCtx *channel_ctx = cls;
-  struct PeerContext *peer_ctx;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
-  uint32_t *channel_flag;
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
  if (GNUNET_NO == Peers_check_peer_known (peer))
  {/* We don't want to implicitly create a context that we're about to kill */
@@ -1675,71 +1713,34 @@ Peers_cleanup_destroyed_channel (void *cls,
       GNUNET_i2s (peer));
    return;
  }
-  peer_ctx = get_peer_ctx (peer);
  /* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY
   * flag will be set. In this case simply make sure that the channels are
   * cleaned. */
-  /* FIXME This distinction seems to be redundant */
+  /* The distinction seems to be redundant */
-  if (Peers_check_peer_flag (peer, Peers_TO_DESTROY))
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
-  {/* We initiatad the destruction of this particular peer */
+      "Peer is NOT in the process of being destroyed\n");
+  if ( (NULL != peer_ctx->send_channel_ctx) &&
+       (channel == peer_ctx->send_channel_ctx->channel) )
+  { /* Something (but us) killd the channel - clean up peer */
    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is in the process of being destroyed\n");
+        "send channel (%s) was destroyed - cleaning up\n",
-    if (channel == peer_ctx->send_channel)
+        GNUNET_i2s (peer));
-    {
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    else if (channel == peer_ctx->recv_channel)
-    {
-      peer_ctx->recv_channel = NULL;
-    }
-    if (NULL != peer_ctx->send_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
-      channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_SENDING);
-      Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING);
-      peer_ctx->send_channel = NULL;
-      peer_ctx->mq = NULL;
-    }
-    if (NULL != peer_ctx->recv_channel)
-    {
-      GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
-      channel_flag = Peers_get_channel_flag (&peer_ctx->peer_id, Peers_CHANNEL_ROLE_RECEIVING);
-      Peers_set_channel_flag (channel_flag, Peers_CHANNEL_DESTROING);
-      peer_ctx->recv_channel = NULL;
-    }
-    /* Set the #Peers_ONLINE flag accordingly */
-    (void) Peers_check_connected (peer);
-    return;
  }
+  else if ( (NULL != peer_ctx->recv_channel_ctx) &&
-  else
+       (channel == peer_ctx->recv_channel_ctx->channel) )
-  { /* We did not initiate the destruction of this peer */
+  { /* Other peer doesn't want to send us messages anymore */
    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Peer is NOT in the process of being destroyed\n");
+         "Peer %s destroyed recv channel - cleaning up channel\n",
-    if (channel == peer_ctx->send_channel)
+         GNUNET_i2s (peer));
-    { /* Something (but us) killd the channel - clean up peer */
+    remove_channel_ctx (peer_ctx->send_channel_ctx);
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
+  }
-          "send channel (%s) was destroyed - cleaning up\n",
+  else
-          GNUNET_i2s (peer));
+  {
-      peer_ctx->send_channel = NULL;
+    LOG (GNUNET_ERROR_TYPE_WARNING,
-      peer_ctx->mq = NULL;
+         "unknown channel (%s) was destroyed\n",
-    }
+         GNUNET_i2s (peer));
-    else if (channel == peer_ctx->recv_channel)
-    { /* Other peer doesn't want to send us messages anymore */
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
-           "Peer %s destroyed recv channel - cleaning up channel\n",
-           GNUNET_i2s (peer));
-      peer_ctx->recv_channel = NULL;
-    }
-    else
-    {
-      LOG (GNUNET_ERROR_TYPE_WARNING,
-           "unknown channel (%s) was destroyed\n",
-           GNUNET_i2s (peer));
-    }
  }
  (void) Peers_check_connected (peer);
 }
@@ -1791,10 +1792,6 @@ Peers_schedule_operation (const struct GNUNET_PeerIdentity *peer,
  struct PeerPendingOp pending_op;
  struct PeerContext *peer_ctx;
-  if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
-  {
-    return GNUNET_NO;
-  }
  GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
  //TODO if LIVE/ONLINE execute immediately
@@ -1828,7 +1825,7 @@ Peers_get_recv_channel (const struct GNUNET_PeerIdentity *peer)
  GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
  peer_ctx = get_peer_ctx (peer);
-  return peer_ctx->recv_channel;
+  return peer_ctx->recv_channel_ctx->channel;
 }
 /***********************************************************************
 * /Old gnunet-service-rps_peers.c
@@ -2489,6 +2486,9 @@ send_pull_reply (const struct GNUNET_PeerIdentity *peer_id,
  Peers_send_message (peer_id, ev, "PULL REPLY");
  GNUNET_STATISTICS_update(stats, "# pull reply send issued", 1, GNUNET_NO);
+  // TODO check with send intention: as send_channel is used/opened we indicate
+  // a sending intention without intending it.
+  // -> clean peer afterwards?
 }
@@ -2621,7 +2621,7 @@ remove_peer (const struct GNUNET_PeerIdentity *peer)
  CustomPeerMap_remove_peer (push_map, peer);
  RPS_sampler_reinitialise_by_value (prot_sampler, peer);
  RPS_sampler_reinitialise_by_value (client_sampler, peer);
-  Peers_remove_peer (peer);
+  schedule_peer_destruction (get_peer_ctx (peer));
 }
@@ -2665,6 +2665,58 @@ clean_peer (const struct GNUNET_PeerIdentity *peer)
 }
 /**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx)
+{
+  struct ChannelCtx *channel_ctx;
+  channel_ctx = GNUNET_new (struct ChannelCtx);
+  channel_ctx->peer_ctx = peer_ctx;
+  return channel_ctx;
+}
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx)
+{
+  struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+  if (NULL != channel_ctx->destruction_task)
+  {
+    GNUNET_SCHEDULER_cancel (channel_ctx->destruction_task);
+  }
+  GNUNET_free (channel_ctx);
+  if (channel_ctx == peer_ctx->send_channel_ctx)
+  {
+    peer_ctx->send_channel_ctx = NULL;
+    peer_ctx->mq = NULL;
+  }
+  else if (channel_ctx == peer_ctx->recv_channel_ctx)
+  {
+    peer_ctx->recv_channel_ctx = NULL;
+  }
+  else
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Trying to remove channel_ctx that is not associated with a peer\n");
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\trecv: %p\n", peer_ctx->recv_channel_ctx);
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "\tsend: %p\n", peer_ctx->send_channel_ctx);
+    GNUNET_assert (0);
+  }
+}
+/**
 * @brief This is called when a channel is destroyed.
 *
 * Removes peer completely from our knowledge if the send_channel was destroyed
@@ -2680,8 +2732,8 @@ static void
 cleanup_destroyed_channel (void *cls,
                           const struct GNUNET_CADET_Channel *channel)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
+  struct ChannelCtx *channel_ctx = cls;
-  uint32_t *channel_flag;
+  struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
  struct PeerContext *peer_ctx;
  GNUNET_assert (NULL != peer);
@@ -2691,94 +2743,26 @@ cleanup_destroyed_channel (void *cls,
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "channel (%s) without associated context was destroyed\n",
         GNUNET_i2s (peer));
-    GNUNET_free (peer);
+    remove_channel_ctx (channel_ctx);
    return;
  }
  peer_ctx = get_peer_ctx (peer);
-  if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of recv-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_DESTROING);
-  } else if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
-  {
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
-        "Callback on destruction of send-channel was called (%s)\n",
-        GNUNET_i2s (peer));
-    set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_DESTROING);
-  } else {
-    LOG (GNUNET_ERROR_TYPE_ERROR,
-        "Channel to be destroyed has is neither sending nor receiving role\n");
-  }
-  if (GNUNET_YES == Peers_check_peer_flag (peer, Peers_TO_DESTROY))
+  // What should be done here:
-  { /* We are in the middle of removing that peer from our knowledge. In this
+  //  * cleanup everything related to the channel
-       case simply make sure that the channels are cleaned. */
+  //    * memory
-    Peers_cleanup_destroyed_channel (cls, channel);
+  //  * remove peer if necessary
-    to_file (file_name_view_log,
-             "-%s\t(cleanup channel, ourself)",
-             GNUNET_i2s_full (peer));
-    GNUNET_free (peer);
-    return;
-  }
-  if (GNUNET_YES ==
+  if (peer_ctx->recv_channel_ctx == channel_ctx)
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
+  {
-  { /* Channel used for sending was destroyed */
+    remove_channel_ctx (channel_ctx);
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> cleaning send channel -> clean context
-     *  - other peer -> peer probably went down -> remove
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
-    if (GNUNET_YES == Peers_check_channel_flag (channel_flag, Peers_CHANNEL_CLEAN))
-    { /* We are about to clean the sending channel. Clean the respective
-       * context */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer destroyed our sending channel that it is supposed to keep
-       * open. It probably went down. Remove it from our knowledge. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      remove_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
-  }
-  else if (GNUNET_YES ==
-      Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
-  { /* Channel used for receiving was destroyed */
-    /* Possible causes of channel destruction:
-     *  - ourselves  -> peer tried to establish channel twice -> clean context
-     *  - other peer -> peer doesn't want to send us data -> clean
-     */
-    channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
-    if (GNUNET_YES ==
-        Peers_check_channel_flag (channel_flag, Peers_CHANNEL_ESTABLISHED_TWICE))
-    { /* Other peer tried to establish a channel to us twice. We do not accept
-       * that. Clean the context. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      GNUNET_free (peer);
-      return;
-    }
-    else
-    { /* Other peer doesn't want to send us data anymore. We are free to clean
-       * it. */
-      Peers_cleanup_destroyed_channel (cls, channel);
-      clean_peer (peer);
-      GNUNET_free (peer);
-      return;
-    }
  }
-  else
+  else if (peer_ctx->send_channel_ctx == channel_ctx)
  {
-    LOG (GNUNET_ERROR_TYPE_WARNING,
+    remove_channel_ctx (channel_ctx);
-        "Destroyed channel is neither sending nor receiving channel\n");
+    remove_peer (&peer_ctx->peer_id);
  }
-  GNUNET_free (peer);
 }
 /***********************************************************************
@@ -3037,8 +3021,6 @@ handle_client_seed (void *cls,
  num_peers = ntohl (msg->num_peers);
  peers = (struct GNUNET_PeerIdentity *) &msg[1];
-  //peers = GNUNET_new_array (num_peers, struct GNUNET_PeerIdentity);
-  //GNUNET_memcpy (peers, &msg[1], num_peers * sizeof (struct GNUNET_PeerIdentity));
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "Client seeded peers:\n");
@@ -3053,9 +3035,6 @@ handle_client_seed (void *cls,
    got_peer (&peers[i]);
  }
-  ////GNUNET_free (peers);
  GNUNET_SERVICE_client_continue (cli_ctx->client);
 }
@@ -3173,11 +3152,12 @@ static void
 handle_peer_check (void *cls,
                   const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
  LOG (GNUNET_ERROR_TYPE_DEBUG,
      "Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
 /**
@@ -3193,7 +3173,8 @@ static void
 handle_peer_push (void *cls,
                  const struct GNUNET_MessageHeader *msg)
 {
-  const struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
  // (check the proof of work (?))
@@ -3238,7 +3219,7 @@ handle_peer_push (void *cls,
  CustomPeerMap_put (push_map, peer);
  GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
@@ -3254,7 +3235,8 @@ static void
 handle_peer_pull_request (void *cls,
                          const struct GNUNET_MessageHeader *msg)
 {
-  struct GNUNET_PeerIdentity *peer = cls;
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
  const struct GNUNET_PeerIdentity *view_array;
  LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer));
@@ -3277,7 +3259,7 @@ handle_peer_pull_request (void *cls,
  #endif /* ENABLE_MALICIOUS */
  GNUNET_break_op (Peers_check_peer_known (peer));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
  view_array = View_get_as_array ();
  send_pull_reply (peer, view_array, View_size ());
 }
@@ -3317,7 +3299,8 @@ check_peer_pull_reply (void *cls,
  if (GNUNET_YES != Peers_check_peer_flag (sender, Peers_PULL_REPLY_PENDING))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
-        "Received a pull reply from a peer we didn't request one from!\n");
+        "Received a pull reply from a peer (%s) we didn't request one from!\n",
+        GNUNET_i2s (sender));
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }
@@ -3334,8 +3317,9 @@ static void
 handle_peer_pull_reply (void *cls,
                        const struct GNUNET_RPS_P2P_PullReplyMessage *msg)
 {
+  const struct ChannelCtx *channel_ctx = cls;
+  const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id;
  const struct GNUNET_PeerIdentity *peers;
-  struct GNUNET_PeerIdentity *sender = cls;
  uint32_t i;
 #ifdef ENABLE_MALICIOUS
  struct AttackedPeer *tmp_att_peer;
@@ -3373,9 +3357,7 @@ handle_peer_pull_reply (void *cls,
      if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (att_peer_set,
                                                               &peers[i])
          && GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (mal_peer_set,
-                                                                  &peers[i])
+                                                                  &peers[i]))
-          && 0 != GNUNET_CRYPTO_cmp_peer_identity (&peers[i],
-                                                   &own_identity))
      {
        tmp_att_peer = GNUNET_new (struct AttackedPeer);
        tmp_att_peer->peer_id = peers[i];
@@ -3387,21 +3369,17 @@ handle_peer_pull_reply (void *cls,
      continue;
    }
    #endif /* ENABLE_MALICIOUS */
-    if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity,
+    /* Make sure we 'know' about this peer */
-                                              &peers[i]))
+    (void) Peers_insert_peer (&peers[i]);
-    {
-      /* Make sure we 'know' about this peer */
-      (void) Peers_insert_peer (&peers[i]);
-      if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
+    if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
-      {
+    {
-        CustomPeerMap_put (pull_map, &peers[i]);
+      CustomPeerMap_put (pull_map, &peers[i]);
-      }
+    }
-      else
+    else
-      {
+    {
-        Peers_schedule_operation (&peers[i], insert_in_pull_map);
+      Peers_schedule_operation (&peers[i], insert_in_pull_map);
-        (void) Peers_issue_peer_liveliness_check (&peers[i]);
+      (void) Peers_issue_peer_liveliness_check (&peers[i]);
-      }
    }
  }
@@ -3409,7 +3387,7 @@ handle_peer_pull_reply (void *cls,
  clean_peer (sender);
  GNUNET_break_op (Peers_check_peer_known (sender));
-  GNUNET_CADET_receive_done (Peers_get_recv_channel (sender));
+  GNUNET_CADET_receive_done (channel_ctx->channel);
 }
@@ -3836,10 +3814,8 @@ do_round (void *cls)
    for (i = 0; i < a_peers; i++)
    {
      peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer)) // TODO
+      // FIXME if this fails schedule/loop this for later
-      { // FIXME if this fails schedule/loop this for later
+      send_push (&peer);
-        send_push (&peer);
-      }
    }
    /* Send PULL requests */
@@ -3857,8 +3833,7 @@ do_round (void *cls)
    for (i = first_border; i < second_border; i++)
    {
      peer = view_array[permut[i]];
-      if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer) &&
+      if ( GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING))
-          GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) // TODO
      { // FIXME if this fails schedule/loop this for later
        send_pull_request (&peer);
      }
@@ -3955,7 +3930,6 @@ do_round (void *cls)
               "-%s",
               GNUNET_i2s_full (&peers_to_clean[i]));
      clean_peer (&peers_to_clean[i]);
-      //peer_destroy_channel_send (sender);
    }
    GNUNET_array_grow (peers_to_clean, peers_to_clean_size, 0);
@@ -4011,7 +3985,6 @@ do_round (void *cls)
         GNUNET_i2s (update_peer));
    insert_in_sampler (NULL, update_peer);
    clean_peer (update_peer); /* This cleans only if it is not in the view */
-    //peer_destroy_channel_send (sender);
  }
  for (i = 0; i < CustomPeerMap_size (pull_map); i++)
@@ -4022,7 +3995,6 @@ do_round (void *cls)
    insert_in_sampler (NULL, CustomPeerMap_get_peer_by_index (pull_map, i));
    /* This cleans only if it is not in the view */
    clean_peer (CustomPeerMap_get_peer_by_index (pull_map, i));
-    //peer_destroy_channel_send (sender);
  }
@@ -4125,6 +4097,8 @@ shutdown_task (void *cls)
  struct ClientContext *client_ctx;
  struct ReplyCls *reply_cls;
+  in_shutdown = GNUNET_YES;
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "RPS is going down\n");
@@ -4369,10 +4343,17 @@ run (void *cls,
                                       NULL, /* WindowSize handler */
                                       cleanup_destroyed_channel, /* Disconnect handler */
                                       cadet_handlers);
+  if (NULL == cadet_port)
+  {
+    LOG (GNUNET_ERROR_TYPE_ERROR,
+        "Cadet port `%s' is already in use.\n",
+        GNUNET_APPLICATION_PORT_RPS);
+    GNUNET_assert (0);
+  }
  peerinfo_handle = GNUNET_PEERINFO_connect (cfg);
-  Peers_initialise (fn_valid_peers, cadet_handle, &own_identity);
+  Peers_initialise (fn_valid_peers, cadet_handle);
  GNUNET_free (fn_valid_peers);
  /* Initialise sampler */
diff --git a/src/rps/gnunet-service-rps_custommap.c b/src/rps/gnunet-service-rps_custommap.c
index 42507655b..9e003eb39 100644
--- a/src/rps/gnunet-service-rps_custommap.c
+++ b/src/rps/gnunet-service-rps_custommap.c
@@ -213,7 +213,7 @@ CustomPeerMap_remove_peer (const struct CustomPeerMap *c_peer_map,
    GNUNET_assert (NULL != last_index);
    GNUNET_assert (CustomPeerMap_size (c_peer_map) == *last_index);
    GNUNET_CONTAINER_multihashmap32_put (c_peer_map->hash_map, *index, last_p,
-        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST);
+        GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
    GNUNET_CONTAINER_multihashmap32_remove_all (c_peer_map->hash_map, *last_index);
    *last_index = *index;
  }
diff --git a/src/rps/rps-test_util.c b/src/rps/rps-test_util.c
index d47e4952f..08fe96097 100644
--- a/src/rps/rps-test_util.c
+++ b/src/rps/rps-test_util.c
@@ -31,6 +31,17 @@
 #define LOG(kind, ...) GNUNET_log_from(kind,"rps-test_util",__VA_ARGS__)
+#define B2B_PAT "%c%c%c%c%c%c%c%c"
+#define B2B(byte)  \
+  (byte & 0x80 ? '1' : '0'), \
+  (byte & 0x40 ? '1' : '0'), \
+  (byte & 0x20 ? '1' : '0'), \
+  (byte & 0x10 ? '1' : '0'), \
+  (byte & 0x08 ? '1' : '0'), \
+  (byte & 0x04 ? '1' : '0'), \
+  (byte & 0x02 ? '1' : '0'), \
+  (byte & 0x01 ? '1' : '0')
 #ifndef TO_FILE
 #define TO_FILE
 #endif /* TO_FILE */
@@ -155,6 +166,9 @@ to_file_raw (const char *file_name, const char *buf, size_t size_buf)
    return;
  }
+  LOG (GNUNET_ERROR_TYPE_WARNING,
+       "Wrote %u bytes raw.\n",
+       size_written);
  if (GNUNET_YES != GNUNET_DISK_file_close (f))
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "Unable to close file\n");
@@ -180,6 +194,8 @@ to_file_raw_unaligned (const char *file_name,
  //  num_bits_buf_unaligned = bits_needed % 8;
  //  return;
  //}
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "Was asked to write %u bits\n", bits_needed);
  char buf_write[size_buf + 1];
  const unsigned bytes_iter = (0 != bits_needed % 8?
@@ -187,6 +203,14 @@ to_file_raw_unaligned (const char *file_name,
                               bits_needed/8);
  // TODO what if no iteration happens?
  unsigned size_buf_write = 0;
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "num_bits_buf_unaligned: %u\n",
+       num_bits_buf_unaligned);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "ua args: size_buf: %u, bits_needed: %u -> iter: %u\n",
+       size_buf,
+       bits_needed,
+       bytes_iter);
  buf_write[0] = buf_unaligned;
  /* Iterate over input bytes */
  for (unsigned i = 0; i < bytes_iter; i++)
@@ -227,17 +251,57 @@ to_file_raw_unaligned (const char *file_name,
    {
      num_bits_needed_iter = 8;
    }
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed in this iteration: %u\n",
+         num_bits_needed_iter);
    mask_bits_needed_iter = ((char) 1 << num_bits_needed_iter) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask needed bits (current iter): "B2B_PAT"\n",
+         B2B(mask_bits_needed_iter));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "Unaligned byte: "B2B_PAT" (%u bits)\n",
+         B2B(buf_unaligned),
+         num_bits_buf_unaligned);
    byte_input = buf[i];
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "next whole input byte: "B2B_PAT"\n",
+         B2B(byte_input));
    byte_input &= mask_bits_needed_iter;
    num_bits_to_align = 8 - num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "input byte, needed bits: "B2B_PAT"\n",
+         B2B(byte_input));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits needed to align unaligned bit: %u\n",
+         num_bits_to_align);
    num_bits_to_move  = min (num_bits_to_align, num_bits_needed_iter);
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "number of bits of new byte to move: %u\n",
+         num_bits_to_move);
    mask_input_to_move = ((char) 1 << num_bits_to_move) - 1;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "mask of bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(mask_input_to_move));
    bits_to_move = byte_input & mask_input_to_move;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "masked bits of new byte to take for moving: "B2B_PAT"\n",
+         B2B(bits_to_move));
    distance_shift_bits = num_bits_buf_unaligned;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "distance needed to shift bits to their correct spot: %u\n",
+         distance_shift_bits);
    bits_moving = bits_to_move << distance_shift_bits;
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "shifted, masked bits of new byte being moved: "B2B_PAT"\n",
+         B2B(bits_moving));
    byte_to_fill = buf_unaligned | bits_moving;
-    if (num_bits_buf_unaligned + num_bits_needed_iter > 8)
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "byte being filled: "B2B_PAT"\n",
+         B2B(byte_to_fill));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "pending bytes: %u\n",
+         num_bits_buf_unaligned + num_bits_needed_iter);
+    if (num_bits_buf_unaligned + num_bits_needed_iter >= 8)
    {
      /* buf_unaligned was aligned by filling
       * -> can be written to storage */
@@ -246,10 +310,22 @@ to_file_raw_unaligned (const char *file_name,
      /* store the leftover, unaligned bits in buffer */
      mask_input_leftover = mask_bits_needed_iter & (~ mask_input_to_move);
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "mask of leftover bits of new byte: "B2B_PAT"\n",
+           B2B(mask_input_leftover));
      byte_input_leftover = byte_input & mask_input_leftover;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "masked, leftover bits of new byte: "B2B_PAT"\n",
+           B2B(byte_input_leftover));
      num_bits_leftover = num_bits_needed_iter - num_bits_to_move;
-      num_bits_discard = 8 - num_bits_needed_iter;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "number of unaligned bits left: %u\n",
+           num_bits_leftover);
+      //num_bits_discard = 8 - num_bits_needed_iter;
      byte_unaligned_new = byte_input_leftover >> num_bits_to_move;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+          "new unaligned byte: "B2B_PAT"\n",
+           B2B(byte_unaligned_new));
      buf_unaligned = byte_unaligned_new;
      num_bits_buf_unaligned = num_bits_leftover % 8;
    }
diff --git a/src/transport/test_quota_compliance.c b/src/transport/test_quota_compliance.c
index 0ef3c864a..cd93ff855 100644
--- a/src/transport/test_quota_compliance.c
+++ b/src/transport/test_quota_compliance.c
@@ -11,7 +11,7 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -65,6 +65,8 @@ report ()
  unsigned long long datarate;
  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
  datarate = (total_bytes_recv * 1000 * 1000) / delta;
  FPRINTF (stderr,
diff --git a/src/transport/test_transport_api_reliability.c b/src/transport/test_transport_api_reliability.c
index 86e2a7e9d..c6e77bae0 100644
--- a/src/transport/test_transport_api_reliability.c
+++ b/src/transport/test_transport_api_reliability.c
@@ -11,7 +11,7 @@
     WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     Affero General Public License for more details.
-    
     You should have received a copy of the GNU Affero General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -174,6 +174,8 @@ custom_shutdown (void *cls)
  /* Calculcate statistics   */
  delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+  if (0 == delta)
+    delta = 1;
  rate = (1000LL* 1000ll * total_bytes) / (1024 * delta);
  FPRINTF (stderr,
           "\nThroughput was %llu KiBytes/s\n",
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 8410b7835..fe1f58df7 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key,
 /**
 * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
 *
 * @param key secret key
+ * @param key_len secret key length
 * @param plaintext input plaintext
 * @param plaintext_len length of @a plaintext
 * @param hmac where to store the hmac
 */
 void
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
                    const void *plaintext, size_t plaintext_len,
                    struct GNUNET_HashCode *hmac)
 {
@@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
  {
    gcry_md_reset (md);
  }
-  gcry_md_setkey (md, key->key, sizeof (key->key));
+  gcry_md_setkey (md, key, key_len);
  gcry_md_write (md, plaintext, plaintext_len);
  mc = gcry_md_read (md, GCRY_MD_SHA512);
  GNUNET_assert (NULL != mc);
@@ -399,6 +402,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
 /**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+                    const void *plaintext, size_t plaintext_len,
+                    struct GNUNET_HashCode *hmac)
+{
+  GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+                          plaintext, plaintext_len,
+                          hmac);
+}
+/**
 * Context for cummulative hashing.
 */
 struct GNUNET_HashContext
diff --git a/src/util/dnsparser.c b/src/util/dnsparser.c
index 6fb6d657f..24f1b18cf 100644
--- a/src/util/dnsparser.c
+++ b/src/util/dnsparser.c
@@ -959,7 +959,7 @@ GNUNET_DNSPARSER_builder_add_name (char *dst,
      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                  "Invalid DNS name `%s': label with %u characters encountered\n",
                  name,
-                  len);
+                  (unsigned int) len);
      goto fail; /* label too long or empty */
    }
    dst[pos++] = (char) (uint8_t) len;
diff --git a/src/util/scheduler.c b/src/util/scheduler.c
index 93d133d1b..5d3836639 100644
--- a/src/util/scheduler.c
+++ b/src/util/scheduler.c
@@ -965,8 +965,6 @@ GNUNET_SCHEDULER_cancel (struct GNUNET_SCHEDULER_Task *task)
  /* scheduler must be running */
  GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert ( (NULL != active_task) ||
-      (GNUNET_NO == task->lifeness) );
  is_fd_task = (NULL != task->fds);
  if (is_fd_task)
  {
@@ -1056,9 +1054,9 @@ GNUNET_SCHEDULER_add_with_reason_and_priority (GNUNET_SCHEDULER_TaskCallback tas
 {
  struct GNUNET_SCHEDULER_Task *t;
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
  GNUNET_assert (NULL != task);
-  GNUNET_assert ((NULL != active_task) ||
-                 (GNUNET_SCHEDULER_REASON_STARTUP == reason));
  t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
  t->read_fd = -1;
  t->write_fd = -1;
@@ -1099,7 +1097,8 @@ GNUNET_SCHEDULER_add_at_with_priority (struct GNUNET_TIME_Absolute at,
  struct GNUNET_SCHEDULER_Task *pos;
  struct GNUNET_SCHEDULER_Task *prev;
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
  GNUNET_assert (NULL != task);
  t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
  t->callback = task;
@@ -1286,7 +1285,8 @@ GNUNET_SCHEDULER_add_shutdown (GNUNET_SCHEDULER_TaskCallback task,
 {
  struct GNUNET_SCHEDULER_Task *t;
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
  GNUNET_assert (NULL != task);
  t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
  t->callback = task;
@@ -1403,7 +1403,8 @@ add_without_sets (struct GNUNET_TIME_Relative delay,
 {
  struct GNUNET_SCHEDULER_Task *t;
-  GNUNET_assert (NULL != active_task);
+  /* scheduler must be running */
+  GNUNET_assert (NULL != scheduler_driver);
  GNUNET_assert (NULL != task);
  t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
  init_fd_info (t,
@@ -1832,7 +1833,6 @@ GNUNET_SCHEDULER_add_select (enum GNUNET_SCHEDULER_Priority prio,
  /* scheduler must be running */
  GNUNET_assert (NULL != scheduler_driver);
-  GNUNET_assert (NULL != active_task);
  GNUNET_assert (NULL != task);
  int no_rs = (NULL == rs);
  int no_ws = (NULL == ws);
@@ -2022,99 +2022,109 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
    if (timeout.abs_value_us > now.abs_value_us)
    {
      /**
-       * The driver called this function before the current timeout was
+       * The event loop called this function before the current timeout was
-       * reached (and no FD tasks are ready). This can happen in the
+       * reached (and no FD tasks are ready). This is acceptable if
-       * rare case when the system time is changed while the driver is
+       *
-       * waiting for the timeout, so we handle this gracefully. It might
+       * - the system time was changed while the driver was waiting for
-       * also be a programming error in the driver though.
+       *   the timeout
+       * - an external event loop called GNUnet API functions outside of
+       *   the callbacks called in GNUNET_SCHEDULER_do_work and thus 
+       *   wasn't notified about the new timeout
+       *
+       * It might also mean we are busy-waiting because of a programming
+       * error in the external event loop.
       */
      LOG (GNUNET_ERROR_TYPE_DEBUG,
           "GNUNET_SCHEDULER_do_work did not find any ready "
           "tasks and timeout has not been reached yet.\n");
-      return GNUNET_NO;
    }
-    /**
+    else
-     * the current timeout was reached but no ready tasks were found,
+    {
-     * internal scheduler error!
+      /**
-     */
+       * the current timeout was reached but no ready tasks were found,
-    GNUNET_assert (0);
+       * internal scheduler error!
-  }
+       */
+      GNUNET_assert (0);
-  /* find out which task priority level we are going to
+    }
-     process this time */
-  max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
-  GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
-  /* yes, p>0 is correct, 0 is "KEEP" which should
-   * always be an empty queue (see assertion)! */
-  for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
-  {
-    pos = ready_head[p];
-    if (NULL != pos)
-      break;
  }
-  GNUNET_assert (NULL != pos);        /* ready_count wrong? */
+  else
-  /* process all tasks at this priority level, then yield */
-  while (NULL != (pos = ready_head[p]))
  {
-    GNUNET_CONTAINER_DLL_remove (ready_head[p],
+    /* find out which task priority level we are going to
-         ready_tail[p],
+       process this time */
-         pos);
+    max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
-    ready_count--;
+    GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
-    current_priority = pos->priority;
+    /* yes, p>0 is correct, 0 is "KEEP" which should
-    current_lifeness = pos->lifeness;
+     * always be an empty queue (see assertion)! */
-    active_task = pos;
+    for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
-#if PROFILE_DELAYS
-    if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
-        DELAY_THRESHOLD.rel_value_us)
    {
-      LOG (GNUNET_ERROR_TYPE_DEBUG,
+      pos = ready_head[p];
-           "Task %p took %s to be scheduled\n",
+      if (NULL != pos)
-           pos,
+        break;
-           GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
-                                                   GNUNET_YES));
    }
-#endif
+    GNUNET_assert (NULL != pos);        /* ready_count wrong? */
-    tc.reason = pos->reason;
-    GNUNET_NETWORK_fdset_zero (sh->rs);
+    /* process all tasks at this priority level, then yield */
-    GNUNET_NETWORK_fdset_zero (sh->ws);
+    while (NULL != (pos = ready_head[p]))
-    // FIXME: do we have to remove FdInfos from fds if they are not ready?
-    tc.fds_len = pos->fds_len;
-    tc.fds = pos->fds;
-    for (unsigned int i = 0; i != pos->fds_len; ++i)
    {
-      struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
+      GNUNET_CONTAINER_DLL_remove (ready_head[p],
-      if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+           ready_tail[p],
+           pos);
+      ready_count--;
+      current_priority = pos->priority;
+      current_lifeness = pos->lifeness;
+      active_task = pos;
+#if PROFILE_DELAYS
+      if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
+          DELAY_THRESHOLD.rel_value_us)
      {
-        GNUNET_NETWORK_fdset_set_native (sh->rs,
+        LOG (GNUNET_ERROR_TYPE_DEBUG,
-                                         fdi->sock);
+             "Task %p took %s to be scheduled\n",
+             pos,
+             GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
+                                                     GNUNET_YES));
      }
-      if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+#endif
+      tc.reason = pos->reason;
+      GNUNET_NETWORK_fdset_zero (sh->rs);
+      GNUNET_NETWORK_fdset_zero (sh->ws);
+      // FIXME: do we have to remove FdInfos from fds if they are not ready?
+      tc.fds_len = pos->fds_len;
+      tc.fds = pos->fds;
+      for (unsigned int i = 0; i != pos->fds_len; ++i)
      {
-        GNUNET_NETWORK_fdset_set_native (sh->ws,
+        struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
-                                         fdi->sock);
+        if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->rs,
+                                           fdi->sock);
+        }
+        if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+        {
+          GNUNET_NETWORK_fdset_set_native (sh->ws,
+                                           fdi->sock);
+        }
      }
-    }
+      tc.read_ready = sh->rs;
-    tc.read_ready = sh->rs;
+      tc.write_ready = sh->ws;
-    tc.write_ready = sh->ws;
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
-    LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "Running task %p\n",
-         "Running task %p\n",
+           pos);
-         pos);
+      GNUNET_assert (NULL != pos->callback);
-    GNUNET_assert (NULL != pos->callback);
+      pos->callback (pos->callback_cls);
-    pos->callback (pos->callback_cls);
+      if (NULL != pos->fds)
-    if (NULL != pos->fds)
-    {
-      int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
-      if (GNUNET_OK != del_result)
      {
-        LOG (GNUNET_ERROR_TYPE_ERROR,
+        int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
-           "driver could not delete task %p\n", pos);
+        if (GNUNET_OK != del_result)
-        GNUNET_assert (0);
+        {
+          LOG (GNUNET_ERROR_TYPE_ERROR,
+             "driver could not delete task %p\n", pos);
+          GNUNET_assert (0);
+        }
      }
+      active_task = NULL;
+      dump_backtrace (pos);
+      destroy_task (pos);
    }
-    active_task = NULL;
-    dump_backtrace (pos);
-    destroy_task (pos);
  }
  shutdown_if_no_lifeness ();
  if (0 == ready_count)
@@ -2164,12 +2174,12 @@ struct GNUNET_SCHEDULER_Handle *
 GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
 {
  struct GNUNET_SCHEDULER_Handle *sh;
-  struct GNUNET_SCHEDULER_Task tsk;
  const struct GNUNET_DISK_FileHandle *pr;
-  /* general set-up */
+  /* scheduler must not be running */
-  GNUNET_assert (NULL == active_task);
+  GNUNET_assert (NULL == scheduler_driver);
  GNUNET_assert (NULL == shutdown_pipe_handle);
+  /* general set-up */
  sh = GNUNET_new (struct GNUNET_SCHEDULER_Handle);
  shutdown_pipe_handle = GNUNET_DISK_pipe (GNUNET_NO,
                                           GNUNET_NO,
@@ -2204,10 +2214,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
  /* Setup initial tasks */
  current_priority = GNUNET_SCHEDULER_PRIORITY_DEFAULT;
  current_lifeness = GNUNET_NO;
-  memset (&tsk,
-          0,
-          sizeof (tsk));
-  active_task = &tsk;
  install_parent_control_task =
    GNUNET_SCHEDULER_add_now (&install_parent_control_handler,
                              NULL);
@@ -2217,7 +2223,6 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
                                    &shutdown_pipe_cb,
                                    NULL);
  current_lifeness = GNUNET_YES;
-  active_task = NULL;
  scheduler_driver->set_wakeup (scheduler_driver->cls,
                                get_timeout ());
  /* begin main event loop */