80 files changed, 1952 insertions, 198 deletions

diff --git a/src/abd/plugin_gnsrecord_abd.c b/src/abd/plugin_gnsrecord_abd.c
index 272872e24..25dc20152 100644
--- a/src/abd/plugin_gnsrecord_abd.c
+++ b/src/abd/plugin_gnsrecord_abd.c
@@ -276,7 +276,7 @@ static struct
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param cls closure, unused
  * @param gns_typename name to convert
@@ -296,7 +296,7 @@ abd_typename_to_number (void *cls, const char *gns_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/conversation/plugin_gnsrecord_conversation.c b/src/conversation/plugin_gnsrecord_conversation.c
index 2ea2f48f0..786711c8e 100644
--- a/src/conversation/plugin_gnsrecord_conversation.c
+++ b/src/conversation/plugin_gnsrecord_conversation.c
@@ -179,7 +179,7 @@ static struct
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param cls closure, unused
  * @param gns_typename name to convert
@@ -201,7 +201,7 @@ conversation_typename_to_number (void *cls,
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/curl/curl.c b/src/curl/curl.c
index deb14a926..949b9a1b0 100644
--- a/src/curl/curl.c
+++ b/src/curl/curl.c
@@ -697,7 +697,7 @@ GNUNET_CURL_job_cancel (struct GNUNET_CURL_Job *job)
 /**
  * Test if the given content type @a ct is JSON
  *
- * @param ct a content type, i.e. "application/json; charset=UTF-8"
+ * @param ct a content type, e.g. "application/json; charset=UTF-8"
  * @return true if @a ct denotes JSON
  */
 static bool
@@ -741,7 +741,7 @@ is_json (const char *ct)
  * @param db download buffer
  * @param eh CURL handle (to get the response code)
  * @param[out] response_code set to the HTTP response code
- *             (or zero if we aborted the download, i.e.
+ *             (or zero if we aborted the download, for example
  *              because the response was too big, or if
  *              the JSON we received was malformed).
  * @return NULL if downloading a JSON reply failed.
diff --git a/src/datacache/datacache.c b/src/datacache/datacache.c
index 5fc5a7481..331a9b784 100644
--- a/src/datacache/datacache.c
+++ b/src/datacache/datacache.c
@@ -66,12 +66,12 @@ struct GNUNET_DATACACHE_Handle
   struct GNUNET_DATACACHE_PluginFunctions *api;
 
   /**
-   * Short name for the plugin (i.e. "sqlite").
+   * Short name for the plugin (e.g. "sqlite").
    */
   char *short_name;
 
   /**
-   * Name of the library (i.e. "gnunet_plugin_datacache_sqlite").
+   * Name of the library (e.g. "gnunet_plugin_datacache_sqlite").
    */
   char *lib_name;
 
diff --git a/src/datastore/gnunet-service-datastore.c b/src/datastore/gnunet-service-datastore.c
index 1c9e5e463..97888ce03 100644
--- a/src/datastore/gnunet-service-datastore.c
+++ b/src/datastore/gnunet-service-datastore.c
@@ -84,12 +84,12 @@ struct DatastorePlugin
   struct GNUNET_DATASTORE_PluginFunctions *api;
 
   /**
-   * Short name for the plugin (i.e. "sqlite").
+   * Short name for the plugin (e.g. "sqlite").
    */
   char *short_name;
 
   /**
-   * Name of the library (i.e. "gnunet_plugin_datastore_sqlite").
+   * Name of the library (e.g. "gnunet_plugin_datastore_sqlite").
    */
   char *lib_name;
 
diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c
index ffcfba997..96399cb5a 100644
--- a/src/dht/dht_api.c
+++ b/src/dht/dht_api.c
@@ -1026,7 +1026,7 @@ GNUNET_DHT_put (struct GNUNET_DHT_Handle *handle,
  * has not yet been sent to the service, cancelling the PUT will stop
  * this from happening (but there is no way for the user of this API
  * to tell if that is the case).  The only use for this API is to
- * prevent a later call to 'cont' from #GNUNET_DHT_put (i.e. because
+ * prevent a later call to 'cont' from #GNUNET_DHT_put (e.g. because
  * the system is shutting down).
  *
  * @param ph put operation to cancel ('cont' will no longer be called)
diff --git a/src/dht/gnunet-service-dht_clients.c b/src/dht/gnunet-service-dht_clients.c
index dfa8ee380..cfcb25336 100644
--- a/src/dht/gnunet-service-dht_clients.c
+++ b/src/dht/gnunet-service-dht_clients.c
@@ -1482,7 +1482,7 @@ GDS_CLIENTS_stop ()
 /**
  * Define "main" method using service macro.
  *
- * @param name name of the service, i.e. "dht" or "xdht"
+ * @param name name of the service, like "dht" or "xdht"
  * @param run name of the initializaton method for the service
  */
 #define GDS_DHT_SERVICE_INIT(name, run)          \
diff --git a/src/fragmentation/test_fragmentation.c b/src/fragmentation/test_fragmentation.c
index 4c71e0195..77879f75b 100644
--- a/src/fragmentation/test_fragmentation.c
+++ b/src/fragmentation/test_fragmentation.c
@@ -108,7 +108,7 @@ proc_msgs (void *cls, const struct GNUNET_MessageHeader *hdr)
   if (0 == (total % (NUM_MSGS / 100)))
     fprintf (stderr, "%s", ".");
 #endif
-  /* tolerate 10% loss, i.e. due to duplicate fragment IDs */
+  /* tolerate 10% loss, e.g. due to duplicate fragment IDs */
   if ((total >= NUM_MSGS - (NUM_MSGS / 10)) && (ret != 0))
   {
     if (NULL == shutdown_task)
diff --git a/src/fragmentation/test_fragmentation_parallel.c b/src/fragmentation/test_fragmentation_parallel.c
index 000ca60d2..d19296cf5 100644
--- a/src/fragmentation/test_fragmentation_parallel.c
+++ b/src/fragmentation/test_fragmentation_parallel.c
@@ -100,7 +100,7 @@ proc_msgs (void *cls, const struct GNUNET_MessageHeader *hdr)
   if (0 == (total % (NUM_MSGS / 100)))
     fprintf (stderr, "%s", ".");
 #endif
-  /* tolerate 10% loss, i.e. due to duplicate fragment IDs */
+  /* tolerate 10% loss, e.g due to duplicate fragment IDs */
   if ((total >= NUM_MSGS - (NUM_MSGS / 10)) && (ret != 0))
   {
     if (NULL == shutdown_task)
diff --git a/src/fs/fs_directory.c b/src/fs/fs_directory.c
index 9a198d8d7..9f0f12611 100644
--- a/src/fs/fs_directory.c
+++ b/src/fs/fs_directory.c
@@ -120,7 +120,7 @@ struct GetFullDataClosure
  *
  * @param cls closure (user-defined)
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/fs_download.c b/src/fs/fs_download.c
index d4677b794..1f8ce7c05 100644
--- a/src/fs/fs_download.c
+++ b/src/fs/fs_download.c
@@ -586,7 +586,7 @@ try_match_block (struct GNUNET_FS_DownloadContext *dc,
  *
  * @param cls our 'struct GNUNET_FS_DownloadContext*'
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/fs_sharetree.c b/src/fs/fs_sharetree.c
index ac850076d..d5e75f9be 100644
--- a/src/fs/fs_sharetree.c
+++ b/src/fs/fs_sharetree.c
@@ -183,7 +183,7 @@ add_to_keyword_counter (void *cls, const char *keyword, int is_mandatory)
  *
  * @param cls the container multihashmap to update
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c
index a9afff3e8..4d1b7c6f0 100644
--- a/src/fs/fs_uri.c
+++ b/src/fs/fs_uri.c
@@ -1691,7 +1691,7 @@ get_keywords_from_tokens (const char *s, char **array, int index)
  *
  * @param cls URI to update
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/gnunet-helper-fs-publish.c b/src/fs/gnunet-helper-fs-publish.c
index 5d2d1229b..ef1a9ce4b 100644
--- a/src/fs/gnunet-helper-fs-publish.c
+++ b/src/fs/gnunet-helper-fs-publish.c
@@ -100,7 +100,7 @@ static int output_stream;
  *
  * @param cls closure, our meta data container
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/gnunet-search.c b/src/fs/gnunet-search.c
index e49609b18..3bf013650 100644
--- a/src/fs/gnunet-search.c
+++ b/src/fs/gnunet-search.c
@@ -64,7 +64,7 @@ static struct GNUNET_SCHEDULER_Task *tt;
  *
  * @param cls closure (user-defined, unused)
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/fs/perf_gnunet_service_fs_p2p_respect.c b/src/fs/perf_gnunet_service_fs_p2p_respect.c
index b7fe61be7..c48db2383 100644
--- a/src/fs/perf_gnunet_service_fs_p2p_respect.c
+++ b/src/fs/perf_gnunet_service_fs_p2p_respect.c
@@ -21,7 +21,7 @@
 /**
  * @file fs/perf_gnunet_service_fs_p2p_respect.c
  * @brief profile P2P routing respect mechanism. Creates
- *        a clique of NUM_DAEMONS (i.e. 3) where two
+ *        a clique of NUM_DAEMONS (at least 3) where two
  *        peers share (seed) different files and download
  *        them from each other while all the other peers
  *        just "leach" those files.  Ideally, the seeders
diff --git a/src/gns/gns_tld_api.c b/src/gns/gns_tld_api.c
index b883662ad..1b711cf40 100644
--- a/src/gns/gns_tld_api.c
+++ b/src/gns/gns_tld_api.c
@@ -235,7 +235,7 @@ identity_zone_cb (void *cls,
  * @param options local options for the lookup
  * @param proc processor to call on result
  * @param proc_cls closure for @a proc
- * @return handle to the get request, NULL on error (i.e. bad configuration)
+ * @return handle to the get request, NULL on error (e.g. bad configuration)
  */
 struct GNUNET_GNS_LookupWithTldRequest *
 GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
diff --git a/src/gns/gnunet-gns-import.c b/src/gns/gnunet-gns-import.c
index 972fb49cd..e99c4d3dd 100644
--- a/src/gns/gnunet-gns-import.c
+++ b/src/gns/gnunet-gns-import.c
@@ -272,13 +272,12 @@ zone_iteration_finished (void *cls)
  * with 'NULL' for 'ego'. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known).  If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this
+ * function is only called ONCE, and 'NULL' being passed in 'ego' does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * 'GNUNET_IDENTITY_connect' (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) ego but the NEW identifier.
diff --git a/src/gns/gnunet-gns-proxy-ca.template b/src/gns/gnunet-gns-proxy-ca.template
index 32ee27fcd..541e3a355 100644
--- a/src/gns/gnunet-gns-proxy-ca.template
+++ b/src/gns/gnunet-gns-proxy-ca.template
@@ -51,7 +51,7 @@ cn = "GNS Proxy CA"
 #dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"
 
 # The serial number of the certificate
-# The value is in decimal (i.e. 1963) or hex (i.e. 0x07ab).
+# The value is in decimal (e.g. 1963) or hex (e.g. 0x07ab).
 # Comment the field for a random serial number.
 #serial = 007
 
@@ -283,7 +283,7 @@ tls_www_server
 #crl_next_update = 43
 
 # this is the 5th CRL by this CA
-# The value is in decimal (i.e. 1963) or hex (i.e. 0x07ab).
+# The value is in decimal (e.g. 1963) or hex (e.g. 0x07ab).
 # Comment the field for a time-based number.
 # Time-based CRL numbers generated in GnuTLS 3.6.3 and later
 # are significantly larger than those generated in previous
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index d02f0f576..5e3f9d6df 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -1811,7 +1811,7 @@ con_val_iter (void *cls,
  * @param con MHD connection handle
  * @param url the url in the request
  * @param meth the HTTP method used ("GET", "PUT", etc.)
- * @param ver the HTTP version string (i.e. "HTTP/1.1")
+ * @param ver the HTTP version string ("HTTP/1.1" for version 1.1, etc.)
  * @param upload_data the data being uploaded (excluding HEADERS,
  *        for a POST that fits into memory and that is encoded
  *        with a supported encoding, the POST data will NOT be
@@ -2855,7 +2855,7 @@ lookup_ssl_httpd (const char*domain)
 
 /**
  * Task run when a Socks5Request somehow fails to be associated with
- * an MHD connection (i.e. because the client never speaks HTTP after
+ * an MHD connection (e.g. because the client never speaks HTTP after
  * the SOCKS5 handshake).  Clean up.
  *
  * @param cls the `struct Socks5Request *`
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index 52300ae3b..5833f4d0b 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -104,7 +104,7 @@ struct GnsClient
 
 /**
  * Representation of a TLD, mapping the respective TLD string
- * (i.e. ".gnu") to the respective public key of the zone.
+ * (e.g. ".gnu") to the respective public key of the zone.
  */
 struct GNS_TopLevelDomain
 {
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 2f8a55804..784a6ee6d 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -418,7 +418,7 @@ struct GNS_ResolverHandle
 
   /**
    * We increment the loop limiter for each step in a recursive
-   * resolution.  If it passes our @e loop_threshold (i.e. due to
+   * resolution.  If it passes our @e loop_threshold (e.g. due to
    * self-recursion in the resolution, i.e CNAME fun), we stop.
    */
   unsigned int loop_limiter;
@@ -516,7 +516,7 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
 /**
  * Determine if this name is canonical (is a legal name in a zone, without delegation);
  * note that we do not test that the name does not contain illegal characters, we only
- * test for delegation.  Note that service records (i.e. _foo._srv) are canonical names
+ * test for delegation.  Note that service records (like _foo._srv) are canonical names
  * even though they consist of multiple labels.
  *
  * Examples:
diff --git a/src/gns/plugin_gnsrecord_gns.c b/src/gns/plugin_gnsrecord_gns.c
index a2ad0b905..391144925 100644
--- a/src/gns/plugin_gnsrecord_gns.c
+++ b/src/gns/plugin_gnsrecord_gns.c
@@ -327,7 +327,7 @@ static struct
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param cls closure, unused
  * @param gns_typename name to convert
@@ -347,7 +347,7 @@ gns_typename_to_number (void *cls, const char *gns_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/gnsrecord/gnsrecord.c b/src/gnsrecord/gnsrecord.c
index 31749a629..e9994a868 100644
--- a/src/gnsrecord/gnsrecord.c
+++ b/src/gnsrecord/gnsrecord.c
@@ -208,7 +208,7 @@ GNUNET_GNSRECORD_string_to_value (uint32_t type,
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g "AAAA") to the corresponding number.
  *
  * @param dns_typename name to convert
  * @return corresponding number, UINT32_MAX on error
@@ -235,7 +235,7 @@ GNUNET_GNSRECORD_typename_to_number (const char *dns_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param type number of a type to convert
  * @return corresponding typestring, NULL on error
diff --git a/src/gnsrecord/plugin_gnsrecord_dns.c b/src/gnsrecord/plugin_gnsrecord_dns.c
index bde9944e2..123c59905 100644
--- a/src/gnsrecord/plugin_gnsrecord_dns.c
+++ b/src/gnsrecord/plugin_gnsrecord_dns.c
@@ -735,7 +735,7 @@ static struct
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param cls closure, unused
  * @param dns_typename name to convert
@@ -755,7 +755,7 @@ dns_typename_to_number (void *cls, const char *dns_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/hostlist/gnunet-daemon-hostlist_server.c b/src/hostlist/gnunet-daemon-hostlist_server.c
index b6c0495c0..fb80f6331 100644
--- a/src/hostlist/gnunet-daemon-hostlist_server.c
+++ b/src/hostlist/gnunet-daemon-hostlist_server.c
@@ -320,7 +320,7 @@ accept_policy_callback (void *cls,
  * @param url the requested url
  * @param method the HTTP method used (#MHD_HTTP_METHOD_GET,
  *        #MHD_HTTP_METHOD_PUT, etc.)
- * @param version the HTTP version string (i.e.
+ * @param version the HTTP version string (e.g.
  *        #MHD_HTTP_VERSION_1_1)
  * @param upload_data the data being uploaded (excluding HEADERS,
  *        for a POST that fits into memory and that is encoded
@@ -335,7 +335,7 @@ accept_policy_callback (void *cls,
  * @param con_cls pointer that the callback can set to some
  *        address and that will be preserved by MHD for future
  *        calls for this request; since the access handler may
- *        be called many times (i.e., for a PUT/POST operation
+ *        be called many times (e.g. for a PUT/POST operation
  *        with plenty of upload data) this allows the application
  *        to easily associate some request-specific state.
  *        If necessary, this state can be cleaned up in the
diff --git a/src/identity/gnunet-identity.c b/src/identity/gnunet-identity.c
index a01cd1ed7..d8dc936d3 100644
--- a/src/identity/gnunet-identity.c
+++ b/src/identity/gnunet-identity.c
@@ -268,13 +268,12 @@ set_done (void *cls, const char *emsg)
  * with 'NULL' for 'ego'. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known).  If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this
+ * function is only called ONCE, and 'NULL' being passed in 'ego' does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * 'GNUNET_IDENTITY_connect' (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) ego but the NEW identifier.
diff --git a/src/include/gnunet_ats_service.h b/src/include/gnunet_ats_service.h
index 92572c72b..68ba8e6b2 100644
--- a/src/include/gnunet_ats_service.h
+++ b/src/include/gnunet_ats_service.h
@@ -94,7 +94,7 @@ struct GNUNET_ATS_Properties
 
   /**
    * Distance on network layer (required for distance-vector routing)
-   * in hops.  Zero for direct connections (i.e. plain TCP/UDP).
+   * in hops.  Zero for direct connections (e.g. plain TCP/UDP).
    */
   unsigned int distance;
 
@@ -136,7 +136,7 @@ struct GNUNET_ATS_PropertiesNBO
 
   /**
    * Distance on network layer (required for distance-vector routing)
-   * in hops.  Zero for direct connections (i.e. plain TCP/UDP).
+   * in hops.  Zero for direct connections (e.g. plain TCP/UDP).
    */
   uint32_t distance GNUNET_PACKED;
 
@@ -308,7 +308,7 @@ struct GNUNET_ATS_AddressRecord;
  *
  * @param sh handle
  * @param address the address
- * @param session session handle (if available, i.e. for incoming connections)
+ * @param session session handle (if available, e.g for incoming connections)
  * @param prop performance data for the address
  * @return handle to the address representation inside ATS, NULL
  *         on error (i.e. ATS knows this exact address already, or
diff --git a/src/include/gnunet_ats_transport_service.h b/src/include/gnunet_ats_transport_service.h
index b5848a36a..fd821baef 100644
--- a/src/include/gnunet_ats_transport_service.h
+++ b/src/include/gnunet_ats_transport_service.h
@@ -85,7 +85,7 @@ struct GNUNET_ATS_Properties
 
   /**
    * Distance on network layer (required for distance-vector routing)
-   * in hops.  Zero for direct connections (i.e. plain TCP/UDP).
+   * in hops.  Zero for direct connections (e.g. plain TCP/UDP).
    */
   uint32_t distance;
 
diff --git a/src/include/gnunet_client_lib.h b/src/include/gnunet_client_lib.h
index aaa1f4a74..2ecd38b04 100644
--- a/src/include/gnunet_client_lib.h
+++ b/src/include/gnunet_client_lib.h
@@ -56,7 +56,7 @@ extern "C"
  *         #GNUNET_NO if the service is (definitively) down,
  *         #GNUNET_SYSERR if the configuration does not give us
  *          the necessary information about the service, or if
- *          we could not check (i.e. socket() failed)
+ *          we could not check (e.g. socket() failed)
  */
 int
 GNUNET_CLIENT_test (const struct GNUNET_CONFIGURATION_Handle *cfg,
diff --git a/src/include/gnunet_container_lib.h b/src/include/gnunet_container_lib.h
index 0d81abfd3..c8930746d 100644
--- a/src/include/gnunet_container_lib.h
+++ b/src/include/gnunet_container_lib.h
@@ -161,7 +161,7 @@ enum EXTRACTOR_MetaFormat
  *
  * @param cls closure (user-defined)
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
@@ -484,7 +484,7 @@ GNUNET_CONTAINER_meta_data_test_equal (
  *
  * @param md metadata to extend
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '<zlib>' for zlib being
+ *        special values can be used (e.g. '<zlib>' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
@@ -693,7 +693,7 @@ GNUNET_CONTAINER_meta_data_get_serialized_size (
  *
  * @param input serialized meta-data.
  * @param size number of bytes available
- * @return MD on success, NULL on error (i.e.
+ * @return MD on success, NULL on error (e.g.
  *         bad format)
  */
 struct GNUNET_CONTAINER_MetaData *
@@ -2441,7 +2441,7 @@ GNUNET_CONTAINER_multihashmap32_iterator_destroy (
  * Insertion sort of @a element into DLL from @a head to @a tail
  * sorted by @a comparator.
  *
- * @param TYPE element type of the elements, i.e. `struct ListElement`
+ * @param TYPE element type of the elements, e.g. `struct ListElement`
  * @param comparator function like memcmp() to compare elements; takes
  *                   three arguments, the @a comparator_cls and two elements,
  *                   returns an `int` (-1, 0 or 1)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 2a552e212..43cdfdfac 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -945,7 +945,7 @@ GNUNET_CRYPTO_hash_get_bit_rtl (const struct GNUNET_HashCode *code,
 /**
  * @ingroup hash
  * Determine how many low order bits match in two
- * `struct GNUNET_HashCodes`.  i.e. - 010011 and 011111 share
+ * `struct GNUNET_HashCodes`.  e.g. - 010011 and 011111 share
  * the first two lowest order bits, and therefore the
  * return value is two (NOT XOR distance, nor how many
  * bits match absolutely!).
@@ -2048,7 +2048,7 @@ struct GNUNET_CRYPTO_RsaSignature;
 /**
  * Create a new private key. Caller must free return value.
  *
- * @param len length of the key in bits (i.e. 2048)
+ * @param len length of the key in bits (e.g. 2048)
  * @return fresh private key
  */
 struct GNUNET_CRYPTO_RsaPrivateKey *
diff --git a/src/include/gnunet_curl_lib.h b/src/include/gnunet_curl_lib.h
index f291d6b14..f51e4b503 100644
--- a/src/include/gnunet_curl_lib.h
+++ b/src/include/gnunet_curl_lib.h
@@ -68,7 +68,7 @@ struct GNUNET_CURL_DownloadBuffer
 
   /**
    * Error code (based on libc errno) if we failed to download
-   * (i.e. response too large).
+   * (e.g. response too large).
    */
   int eno;
 };
diff --git a/src/include/gnunet_dht_service.h b/src/include/gnunet_dht_service.h
index ea3ea92fa..95d30ae6f 100644
--- a/src/include/gnunet_dht_service.h
+++ b/src/include/gnunet_dht_service.h
@@ -178,7 +178,7 @@ GNUNET_DHT_put (struct GNUNET_DHT_Handle *handle,
  * has not yet been sent to the service, cancelling the PUT will stop
  * this from happening (but there is no way for the user of this API
  * to tell if that is the case).  The only use for this API is to
- * prevent a later call to 'cont' from #GNUNET_DHT_put (i.e. because
+ * prevent a later call to 'cont' from #GNUNET_DHT_put (e.g. because
  * the system is shutting down).
  *
  * @param ph put operation to cancel ('cont' will no longer be called)
diff --git a/src/include/gnunet_getopt_lib.h b/src/include/gnunet_getopt_lib.h
index b37827ccc..731be4159 100644
--- a/src/include/gnunet_getopt_lib.h
+++ b/src/include/gnunet_getopt_lib.h
@@ -83,7 +83,7 @@ struct GNUNET_GETOPT_CommandLineProcessorContext
  *
  * @param ctx context for all options
  * @param scls specific closure (for this processor)
- * @param option long name of the option (i.e. "config" for --config)
+ * @param option long name of the option (e.g. "config" for --config)
  * @param value argument, NULL if none was given
  * @return #GNUNET_OK to continue processing other options, #GNUNET_SYSERR to abort
  */
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h
index aff56146e..61cbac2ca 100644
--- a/src/include/gnunet_gnsrecord_lib.h
+++ b/src/include/gnunet_gnsrecord_lib.h
@@ -308,7 +308,7 @@ GNUNET_GNSRECORD_string_to_value (uint32_t type, const char *s, void **data,
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param dns_typename name to convert
  * @return corresponding number, UINT32_MAX on error
@@ -318,7 +318,7 @@ GNUNET_GNSRECORD_typename_to_number (const char *dns_typename);
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param type number of a type to convert
  * @return corresponding typestring, NULL on error
diff --git a/src/include/gnunet_gnsrecord_plugin.h b/src/include/gnunet_gnsrecord_plugin.h
index 1435bc4b3..aec22c3af 100644
--- a/src/include/gnunet_gnsrecord_plugin.h
+++ b/src/include/gnunet_gnsrecord_plugin.h
@@ -81,7 +81,7 @@ typedef int
 
 
 /**
- * Function called to convert a type name (i.e. "AAAA") to the
+ * Function called to convert a type name (e.g. "AAAA") to the
  * corresponding number.
  *
  * @param cls closure
@@ -94,8 +94,8 @@ typedef uint32_t
 
 
 /**
- * Function called to convert a type number (i.e. 1) to the
- * corresponding type string (i.e. "A")
+ * Function called to convert a type number to the
+ * corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure
  * @param type number of a type to convert
diff --git a/src/include/gnunet_identity_service.h b/src/include/gnunet_identity_service.h
index 2974568db..c123983e2 100644
--- a/src/include/gnunet_identity_service.h
+++ b/src/include/gnunet_identity_service.h
@@ -210,13 +210,12 @@ GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
  * with 'NULL' for @a ego. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
- * this function is only called ONCE, and 'NULL' being passed in
- * @a ego does indicate an error (i.e. name is taken or no default
- * value is known).  If @a ego is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of #GNUNET_IDENTITY_connect (if
- * that one was not NULL).
+ * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get, this
+ * function is only called ONCE, and 'NULL' being passed in @a ego does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If @a ego is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * #GNUNET_IDENTITY_connect (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) @a ego but the NEW @a name.
@@ -768,7 +767,7 @@ struct GNUNET_IDENTITY_EgoSuffixLookup;
 
 /**
  * Obtain the ego with the maximum suffix match between the
- * ego's name and the given domain name @a suffix.  I.e., given
+ * ego's name and the given domain name @a suffix.  For example, given
  * a @a suffix "a.b.c" and egos with names "d.a.b.c", "b.c" and "c",
  * we return the ego for "b.c".
  *
diff --git a/src/include/gnunet_mq_lib.h b/src/include/gnunet_mq_lib.h
index 710664fe7..37bba8c1b 100644
--- a/src/include/gnunet_mq_lib.h
+++ b/src/include/gnunet_mq_lib.h
@@ -227,23 +227,23 @@ enum GNUNET_MQ_Error
 enum GNUNET_MQ_PriorityPreferences
 {
   /**
-   * Lowest priority, i.e. background traffic (i.e. NSE, FS).
+   * Lowest priority, i.e. background traffic (e.g. NSE, FS).
    * This is the default!
    */
   GNUNET_MQ_PRIO_BACKGROUND = 0,
 
   /**
-   * Best-effort traffic (i.e. CADET relay, DHT)
+   * Best-effort traffic (e.g. CADET relay, DHT)
    */
   GNUNET_MQ_PRIO_BEST_EFFORT = 1,
 
   /**
-   * Urgent traffic (local peer, i.e. Conversation).
+   * Urgent traffic (local peer, e.g. Conversation).
    */
   GNUNET_MQ_PRIO_URGENT = 2,
 
   /**
-   * Highest priority, control traffic (i.e. CORE/CADET KX).
+   * Highest priority, control traffic (e.g. CORE/CADET KX).
    */
   GNUNET_MQ_PRIO_CRITICAL_CONTROL = 3,
 
diff --git a/src/include/gnunet_network_lib.h b/src/include/gnunet_network_lib.h
index e40dacde7..97ab64add 100644
--- a/src/include/gnunet_network_lib.h
+++ b/src/include/gnunet_network_lib.h
@@ -561,7 +561,7 @@ GNUNET_NETWORK_fdset_destroy (struct GNUNET_NETWORK_FDSet *fds);
 /**
  * Test if the given @a port is available.
  *
- * @param ipproto transport protocol to test (i.e. IPPROTO_TCP)
+ * @param ipproto transport protocol to test (e.g. IPPROTO_TCP)
  * @param port port number to test
  * @return #GNUNET_OK if the port is available, #GNUNET_NO if not
  */
diff --git a/src/include/gnunet_reclaim_plugin.h b/src/include/gnunet_reclaim_plugin.h
index 2ba8fc8a0..11d5d76f7 100644
--- a/src/include/gnunet_reclaim_plugin.h
+++ b/src/include/gnunet_reclaim_plugin.h
@@ -92,8 +92,8 @@ typedef uint32_t (*GNUNET_RECLAIM_AttributeTypenameToNumberFunction) (
 
 
 /**
- * Function called to convert a type number (i.e. 1) to the
- * corresponding type string
+ * Function called to convert a type number to the
+ * corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure
  * @param type number of a type to convert
@@ -154,8 +154,8 @@ typedef uint32_t (*GNUNET_RECLAIM_CredentialTypenameToNumberFunction) (
 
 
 /**
- * Function called to convert a type number (i.e. 1) to the
- * corresponding type string
+ * Function called to convert a type number to the
+ * corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure
  * @param type number of a type to convert
@@ -253,8 +253,8 @@ typedef uint32_t (*GNUNET_RECLAIM_PresentationTypenameToNumberFunction) (
 
 
 /**
- * Function called to convert a type number (i.e. 1) to the
- * corresponding type string
+ * Function called to convert a type number to the
+ * corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure
  * @param type number of a type to convert
diff --git a/src/include/gnunet_strings_lib.h b/src/include/gnunet_strings_lib.h
index cc655d0b0..955a3afca 100644
--- a/src/include/gnunet_strings_lib.h
+++ b/src/include/gnunet_strings_lib.h
@@ -59,7 +59,7 @@ extern "C"
 /**
  * Convert a given fancy human-readable size to bytes.
  *
- * @param fancy_size human readable string (i.e. 1 MB)
+ * @param fancy_size human readable string (e.g. 1 MB)
  * @param size set to the size in bytes
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -72,7 +72,7 @@ GNUNET_STRINGS_fancy_size_to_bytes (const char *fancy_size,
  * Convert a given fancy human-readable time to our internal
  * representation.
  *
- * @param fancy_time human readable string (i.e. 1 minute)
+ * @param fancy_time human readable string (e.g. 1 minute)
  * @param rtime set to the relative time
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -87,7 +87,7 @@ GNUNET_STRINGS_fancy_time_to_relative (const char *fancy_time,
  * representation.  The human-readable time is expected to be
  * in local time, whereas the returned value will be in UTC.
  *
- * @param fancy_time human readable string (i.e. %Y-%m-%d %H:%M:%S)
+ * @param fancy_time human readable string (e.g. %Y-%m-%d %H:%M:%S)
  * @param atime set to the absolute time
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -548,7 +548,7 @@ GNUNET_STRINGS_to_address_ipv4 (const char *zt_addr,
  * `struct sockaddr`.
  *
  * @param addr the address
- * @param[out] af set to the parsed address family (i.e. AF_INET)
+ * @param[out] af set to the parsed address family (e.g. AF_INET)
  * @param[out] sa set to the parsed address
  * @return 0 on error, otherwise number of bytes in @a sa
  */
diff --git a/src/include/gnunet_testbed_service.h b/src/include/gnunet_testbed_service.h
index acdfb2034..acb444de4 100644
--- a/src/include/gnunet_testbed_service.h
+++ b/src/include/gnunet_testbed_service.h
@@ -485,7 +485,7 @@ GNUNET_TESTBED_controller_stop (struct GNUNET_TESTBED_ControllerProc *cproc);
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) | ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) | ...")
  * @param cc controller callback to invoke on events
  * @param cc_cls closure for cc
  * @return handle to the controller
@@ -1415,7 +1415,7 @@ typedef void
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
  * @param cc controller callback to invoke on events; This callback is called
  *        for all peer start events even if GNUNET_TESTBED_ET_PEER_START isn't
  *        set in the event_mask as this is the only way get access to the
@@ -1463,7 +1463,7 @@ GNUNET_TESTBED_run (const char *host_filename,
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
  * @param cc controller callback to invoke on events; This callback is called
  *        for all peer start events even if #GNUNET_TESTBED_ET_PEER_START isn't
  *        set in the event_mask as this is the only way get access to the
diff --git a/src/include/gnunet_time_lib.h b/src/include/gnunet_time_lib.h
index 38c372f23..b9e87fcbe 100644
--- a/src/include/gnunet_time_lib.h
+++ b/src/include/gnunet_time_lib.h
@@ -558,7 +558,7 @@ GNUNET_TIME_get_offset (void);
 
 
 /**
- * Return the current year (i.e. '2011').
+ * Return the current year (e.g. '2011').
  */
 unsigned int
 GNUNET_TIME_get_current_year (void);
diff --git a/src/include/gnunet_transport_communication_service.h b/src/include/gnunet_transport_communication_service.h
index af2e36b4d..81a382fb2 100644
--- a/src/include/gnunet_transport_communication_service.h
+++ b/src/include/gnunet_transport_communication_service.h
@@ -94,17 +94,17 @@ struct GNUNET_TRANSPORT_CommunicatorHandle;
 enum GNUNET_TRANSPORT_CommunicatorCharacteristics
 {
   /**
-   * Characteristics are unknown (i.e. DV).
+   * Characteristics are unknown (e.g. DV).
    */
   GNUNET_TRANSPORT_CC_UNKNOWN = 0,
 
   /**
-   * Transmission is reliabile (with ACKs), i.e. TCP/HTTP/HTTPS.
+   * Transmission is reliabile (with ACKs), e.g. TCP/HTTP/HTTPS.
    */
   GNUNET_TRANSPORT_CC_RELIABLE = 1,
 
   /**
-   * Transmission is unreliable (i.e. UDP)
+   * Transmission is unreliable (e.g. UDP)
    */
   GNUNET_TRANSPORT_CC_UNRELIABLE = 2
 };
diff --git a/src/include/gnunet_transport_plugin.h b/src/include/gnunet_transport_plugin.h
index 01b10f75c..3e6d1edc6 100644
--- a/src/include/gnunet_transport_plugin.h
+++ b/src/include/gnunet_transport_plugin.h
@@ -49,7 +49,7 @@
  * connections to a given peer.  Typically used by stateful plugins to
  * allow the service to refer to specific streams instead of a more
  * general notion of "some connection" to the given peer.  This is
- * useful since sometimes (i.e. for inbound TCP connections) a
+ * useful since sometimes (e.g. for inbound TCP connections) a
  * connection may not have an address that can be used for meaningful
  * distinction between sessions to the same peer.
  *
diff --git a/src/include/gnunet_tun_lib.h b/src/include/gnunet_tun_lib.h
index 0af9a1d3e..61880cea1 100644
--- a/src/include/gnunet_tun_lib.h
+++ b/src/include/gnunet_tun_lib.h
@@ -746,7 +746,7 @@ GNUNET_NETWORK_STRUCT_END
  * Initialize an IPv4 header.
  *
  * @param ip header to initialize
- * @param protocol protocol to use (i.e. IPPROTO_UDP)
+ * @param protocol protocol to use (e.g. IPPROTO_UDP)
  * @param payload_length number of bytes of payload that follow (excluding IPv4
  * header)
  * @param src source IP address to use
@@ -764,7 +764,7 @@ GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
  * Initialize an IPv6 header.
  *
  * @param ip header to initialize
- * @param protocol protocol to use (i.e. IPPROTO_UDP)
+ * @param protocol protocol to use (e.g. IPPROTO_UDP)
  * @param payload_length number of bytes of payload that follow (excluding IPv4
  * header)
  * @param src source IP address to use
diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c
index 22d108067..6d794746e 100644
--- a/src/namestore/gnunet-namestore-fcfsd.c
+++ b/src/namestore/gnunet-namestore-fcfsd.c
@@ -751,7 +751,7 @@ lookup_it_finished (void *cls)
  * @param connection MHD connection handle
  * @param url the requested url
  * @param method the HTTP method used ("GET", "PUT", etc.)
- * @param version the HTTP version string (i.e. "HTTP/1.1")
+ * @param version the HTTP version string ("HTTP/1.1" for version 1.1, etc.)
  * @param upload_data the data being uploaded (excluding HEADERS,
  *        for a POST that fits into memory and that is encoded
  *        with a supported encoding, the POST data will NOT be
@@ -1057,13 +1057,12 @@ do_shutdown (void *cls)
 /**
  * Method called to inform about the egos of this peer.
  *
- * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
- * this function is only called ONCE, and 'NULL' being passed in
- * @a ego does indicate an error (i.e. name is taken or no default
- * value is known).  If @a ego is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of #GNUNET_IDENTITY_connect (if
- * that one was not NULL).
+ * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get, this
+ * function is only called ONCE, and 'NULL' being passed in @a ego does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If @a ego is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * #GNUNET_IDENTITY_connect (if that one was not NULL).
  *
  * @param cls closure, NULL
  * @param ego ego handle
diff --git a/src/namestore/gnunet-zoneimport.c b/src/namestore/gnunet-zoneimport.c
index ce62b52d5..68b43a016 100644
--- a/src/namestore/gnunet-zoneimport.c
+++ b/src/namestore/gnunet-zoneimport.c
@@ -1713,13 +1713,12 @@ process_stdin (void *cls)
  * with 'NULL' for @a ego. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
- * this function is only called ONCE, and 'NULL' being passed in
- * @a ego does indicate an error (i.e. name is taken or no default
- * value is known).  If @a ego is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of #GNUNET_IDENTITY_connect (if
- * that one was not NULL).
+ * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get, this
+ * function is only called ONCE, and 'NULL' being passed in @a ego does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If @a ego is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * #GNUNET_IDENTITY_connect (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) @a ego but the NEW @a name.
diff --git a/src/peerinfo-tool/gnunet-peerinfo_plugins.c b/src/peerinfo-tool/gnunet-peerinfo_plugins.c
index 901ded014..e196ec58a 100644
--- a/src/peerinfo-tool/gnunet-peerinfo_plugins.c
+++ b/src/peerinfo-tool/gnunet-peerinfo_plugins.c
@@ -50,12 +50,12 @@ struct TransportPlugin
   struct GNUNET_TRANSPORT_PluginFunctions *api;
 
   /**
-   * Short name for the plugin (i.e. "tcp").
+   * Short name for the plugin (e.g. "tcp").
    */
   char *short_name;
 
   /**
-   * Name of the library (i.e. "gnunet_plugin_transport_tcp").
+   * Name of the library (e.g. "gnunet_plugin_transport_tcp").
    */
   char *lib_name;
 
diff --git a/src/pt/test_gns_vpn.c b/src/pt/test_gns_vpn.c
index 7b4abaec2..e20d835f8 100644
--- a/src/pt/test_gns_vpn.c
+++ b/src/pt/test_gns_vpn.c
@@ -530,13 +530,12 @@ fork_and_exec (const char *file,
  * with 'NULL' for @a ego. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get,
- * this function is only called ONCE, and 'NULL' being passed in
- * @a ego does indicate an error (i.e. name is taken or no default
- * value is known).  If @a ego is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of #GNUNET_IDENTITY_connect (if
- * that one was not NULL).
+ * When used with #GNUNET_IDENTITY_create or #GNUNET_IDENTITY_get, this
+ * function is only called ONCE, and 'NULL' being passed in @a ego does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If @a ego is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * #GNUNET_IDENTITY_connect (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) @a ego but the NEW @a name.
diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am
index 9463f19d9..1a0b7fae4 100644
--- a/src/reclaim/Makefile.am
+++ b/src/reclaim/Makefile.am
@@ -16,6 +16,11 @@ REST_PLUGIN = \
 CREDENTIAL_PLUGIN = \
   libgnunet_plugin_reclaim_credential_jwt.la
 
+if HAVE_PABC
+  CREDENTIAL_PLUGIN += libgnunet_plugin_reclaim_credential_pabc.la
+  REST_PLUGIN += libgnunet_plugin_rest_pabc.la
+endif
+
 EXTRA_DIST = \
   reclaim.conf \
   test_reclaim_defaults.conf \
@@ -87,6 +92,26 @@ libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
   $(GN_PLUGIN_LDFLAGS)
 libgnunet_plugin_rest_openid_connect_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS)
 
+if HAVE_PABC
+libgnunet_plugin_rest_pabc_la_SOURCES = \
+  plugin_rest_pabc.c \
+  pabc_helper.c
+libgnunet_plugin_rest_pabc_la_LIBADD = \
+  libgnunetreclaim.la \
+  $(top_builddir)/src/json/libgnunetjson.la \
+  $(top_builddir)/src/rest/libgnunetrest.la \
+  $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+  $(LTLIBINTL) -ljansson -lpabc $(MHD_LIBS)
+libgnunet_plugin_rest_pabc_la_DEPENDENCIES = \
+  libgnunetreclaim.la \
+  $(top_builddir)/src/json/libgnunetjson.la \
+  $(top_builddir)/src/rest/libgnunetrest.la \
+  $(top_builddir)/src/util/libgnunetutil.la
+libgnunet_plugin_rest_pabc_la_LDFLAGS = \
+  $(GN_PLUGIN_LDFLAGS)
+libgnunet_plugin_rest_pabc_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS)
+endif
+
 
 libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \
   plugin_gnsrecord_reclaim.c
@@ -134,6 +159,21 @@ libgnunet_plugin_reclaim_attribute_basic_la_LIBADD = \
 libgnunet_plugin_reclaim_attribute_basic_la_LDFLAGS = \
  $(GN_PLUGIN_LDFLAGS)
 
+if HAVE_PABC
+libgnunet_plugin_reclaim_credential_pabc_la_SOURCES = \
+  plugin_reclaim_credential_pabc.c \
+  pabc_helper.c
+libgnunet_plugin_reclaim_credential_pabc_la_LIBADD = \
+  $(top_builddir)/src/util/libgnunetutil.la \
+  libgnunetreclaim.la \
+  -ljansson\
+  -lpabc \
+  $(LTLIBINTL)
+libgnunet_plugin_reclaim_credential_pabc_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+endif
+
+
 libgnunet_plugin_reclaim_credential_jwt_la_SOURCES = \
   plugin_reclaim_credential_jwt.c
 libgnunet_plugin_reclaim_credential_jwt_la_LIBADD = \
diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c
index 4eeb22bee..b1ca7a4a5 100644
--- a/src/reclaim/json_reclaim.c
+++ b/src/reclaim/json_reclaim.c
@@ -290,10 +290,11 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe
 {
   struct GNUNET_RECLAIM_Credential *cred;
   const char *name_str = NULL;
-  const char *val_str = NULL;
   const char *type_str = NULL;
   const char *id_str = NULL;
-  char *data;
+  json_t *val_json;
+  char *data = NULL;
+  char *val_str = NULL;
   int unpack_state;
   uint32_t type;
   size_t data_size;
@@ -308,7 +309,7 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe
   }
   // interpret single attribute
   unpack_state = json_unpack (root,
-                              "{s:s, s?s, s:s, s:s!}",
+                              "{s:s, s?s, s:s, s:o!}",
                               "name",
                               &name_str,
                               "id",
@@ -316,14 +317,19 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe
                               "type",
                               &type_str,
                               "value",
-                              &val_str);
-  if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_str) ||
+                              &val_json);
+  if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_json) ||
       (NULL == type_str))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "Error json object has a wrong format!\n");
     return GNUNET_SYSERR;
   }
+  if (json_is_string (val_json)) {
+    val_str = GNUNET_strdup (json_string_value (val_json));
+  } else {
+    val_str = json_dumps (val_json, JSON_COMPACT);
+  }
   type = GNUNET_RECLAIM_credential_typename_to_number (type_str);
   if (GNUNET_SYSERR ==
       (GNUNET_RECLAIM_credential_string_to_value (type,
diff --git a/src/reclaim/pabc_helper.c b/src/reclaim/pabc_helper.c
new file mode 100644
index 000000000..1b1dbea0f
--- /dev/null
+++ b/src/reclaim/pabc_helper.c
@@ -0,0 +1,364 @@
+// maximilian.kaul@aisec.fraunhofer.de
+
+// WIP implementation of
+// https://github.com/ontio/ontology-crypto/wiki/Anonymous-Credential
+// using the relic library https://github.com/relic-toolkit/relic/
+
+#include "pabc_helper.h"
+#include <pwd.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+static char pabc_dir[PATH_MAX + 1];
+
+static const char *
+get_homedir ()
+{
+  const char *homedir;
+  if ((homedir = getenv ("HOME")) == NULL)
+  {
+    homedir = getpwuid (getuid ())->pw_dir;
+  }
+  return homedir;
+}
+
+
+static enum GNUNET_GenericReturnValue
+write_file (char const *const filename, const char *buffer)
+{
+  struct GNUNET_DISK_FileHandle *fh;
+  fh = GNUNET_DISK_file_open (filename,
+                              GNUNET_DISK_OPEN_WRITE
+                              | GNUNET_DISK_OPEN_TRUNCATE
+                              | GNUNET_DISK_OPEN_CREATE,
+                              GNUNET_DISK_PERM_USER_WRITE
+                              | GNUNET_DISK_PERM_USER_READ);
+  if (fh == NULL)
+    return GNUNET_SYSERR;
+  if (GNUNET_SYSERR == GNUNET_DISK_file_write (fh,
+                                               buffer, strlen (buffer) + 1))
+    goto fail;
+  GNUNET_DISK_file_close (fh);
+  return GNUNET_OK;
+
+fail:
+  GNUNET_DISK_file_close (fh);
+  return GNUNET_SYSERR;
+}
+
+
+static enum GNUNET_GenericReturnValue
+init_pabc_dir ()
+{
+  size_t filename_size = strlen (get_homedir ()) + 1 + strlen (".local") + 1
+                         + strlen ("pabc-reclaim") + 1;
+  snprintf (pabc_dir, filename_size, "%s/%s/%s",
+            get_homedir (), ".local", "pabc-reclaim");
+  return GNUNET_DISK_directory_create (pabc_dir);
+}
+
+
+static const char *
+get_pabcdir ()
+{
+  init_pabc_dir ();
+  return pabc_dir;
+}
+
+
+enum GNUNET_GenericReturnValue
+read_file (char const *const filename, char **buffer)
+{
+  struct GNUNET_DISK_FileHandle *fh;
+  if (GNUNET_YES != GNUNET_DISK_file_test (filename))
+    return GNUNET_SYSERR;
+
+  fh = GNUNET_DISK_file_open (filename,
+                              GNUNET_DISK_OPEN_READ,
+                              GNUNET_DISK_PERM_USER_READ);
+  if (fh == NULL)
+    return GNUNET_SYSERR;
+  long lSize = GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_END);
+  if (lSize < 0)
+    goto fail;
+  GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_SET);
+  *buffer = calloc ((size_t) lSize + 1, sizeof(char));
+  if (*buffer == NULL)
+    goto fail;
+
+  // copy the file into the buffer:
+  size_t r = GNUNET_DISK_file_read (fh, *buffer, (size_t) lSize);
+  if (r != (size_t) lSize)
+    goto fail;
+
+  GNUNET_DISK_file_close (fh);
+  return GNUNET_OK;
+
+fail:
+  GNUNET_DISK_file_close (fh);
+  return GNUNET_SYSERR;
+}
+
+
+struct pabc_public_parameters *
+PABC_read_issuer_ppfile (const char *f, struct pabc_context *const ctx)
+{
+  if (NULL == ctx)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No global context provided\n");
+    return NULL;
+  }
+  struct pabc_public_parameters *pp;
+  char *buffer;
+  int r;
+  r = read_file (f, &buffer);
+  if (GNUNET_OK != r)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading file\n");
+    return NULL;
+  }
+  if (PABC_OK != pabc_decode_and_new_public_parameters (ctx, &pp, buffer))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to decode public parameters\n");
+    PABC_FREE_NULL (buffer);
+    return NULL;
+  }
+  PABC_FREE_NULL (buffer);
+  return pp;
+}
+
+
+enum GNUNET_GenericReturnValue
+PABC_load_public_parameters (struct pabc_context *const ctx,
+                             char const *const pp_name,
+                             struct pabc_public_parameters **pp)
+{
+  char fname[PATH_MAX];
+  char *pp_filename;
+  const char *pdir = get_pabcdir ();
+
+  if (ctx == NULL)
+    return GNUNET_SYSERR;
+  if (pp_name == NULL)
+    return GNUNET_SYSERR;
+
+  GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+  if (GNUNET_YES != GNUNET_DISK_directory_test (pdir, GNUNET_YES))
+  {
+    GNUNET_free (pp_filename);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading %s\n", pdir);
+    return GNUNET_SYSERR;
+  }
+  snprintf (fname, PATH_MAX, "%s/%s%s", pdir, pp_filename, PABC_PP_EXT);
+  if (GNUNET_YES != GNUNET_DISK_file_test (fname))
+  {
+    GNUNET_free (pp_filename);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error testing %s\n", fname);
+    return GNUNET_SYSERR;
+  }
+  *pp = PABC_read_issuer_ppfile (fname, ctx);
+  if (*pp)
+    return GNUNET_OK;
+  else
+    return GNUNET_SYSERR;
+}
+
+
+enum GNUNET_GenericReturnValue
+PABC_write_public_parameters (char const *const pp_name,
+                              struct pabc_public_parameters *const pp)
+{
+  char *json;
+  char *filename;
+  char *pp_filename;
+  enum pabc_status status;
+  struct pabc_context *ctx = NULL;
+
+  GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+  PABC_ASSERT (pabc_new_ctx (&ctx));
+  // store in json file
+  status = pabc_encode_public_parameters (ctx, pp, &json);
+  if (status != PABC_OK)
+  {
+    GNUNET_free (pp_filename);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to encode public parameters.\n");
+    pabc_free_ctx (&ctx);
+    return GNUNET_SYSERR;
+  }
+
+  size_t filename_size =
+    strlen (get_pabcdir ()) + 1 + strlen (pp_filename) + strlen (PABC_PP_EXT)
+    + 1;
+  filename = GNUNET_malloc (filename_size);
+  if (! filename)
+  {
+    GNUNET_free (pp_filename);
+    PABC_FREE_NULL (json);
+    pabc_free_ctx (&ctx);
+    return GNUNET_SYSERR;
+  }
+  snprintf (filename, filename_size, "%s/%s%s", get_pabcdir (), pp_filename,
+            PABC_PP_EXT);
+
+  GNUNET_free (pp_filename);
+  if (GNUNET_OK != write_file (filename, json))
+  {
+    PABC_FREE_NULL (filename);
+    PABC_FREE_NULL (json);
+    pabc_free_ctx (&ctx);
+    return GNUNET_SYSERR;
+  }
+  PABC_FREE_NULL (filename);
+  PABC_FREE_NULL (json);
+  pabc_free_ctx (&ctx);
+  return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+PABC_write_usr_ctx (char const *const usr_name,
+                    char const *const pp_name,
+                    struct pabc_context const *const ctx,
+                    struct pabc_public_parameters const *const pp,
+                    struct pabc_user_context *const usr_ctx)
+{
+
+  char *pp_filename;
+  char *json = NULL;
+  enum pabc_status status;
+  char *fname = NULL;
+
+  if (NULL == usr_name)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == pp_name)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == ctx)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == pp)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == usr_ctx)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n");
+    return GNUNET_SYSERR;
+  }
+
+  GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+  status = pabc_encode_user_ctx (ctx, pp, usr_ctx, &json);
+  if (PABC_OK != status)
+  {
+    GNUNET_free (pp_filename);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n");
+    return status;
+  }
+
+  size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1
+                      + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1;
+  fname = GNUNET_malloc (fname_size);
+
+  snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name,
+            pp_filename,
+            PABC_USR_EXT);
+
+  GNUNET_free (pp_filename);
+  if (GNUNET_OK == write_file (fname, json))
+  {
+    GNUNET_free (fname);
+    GNUNET_free (json);
+    return GNUNET_OK;
+  }
+  else
+  {
+    GNUNET_free (fname);
+    GNUNET_free (json);
+    return GNUNET_SYSERR;
+  }
+}
+
+
+enum GNUNET_GenericReturnValue
+PABC_read_usr_ctx (char const *const usr_name,
+                   char const *const pp_name,
+                   struct pabc_context const *const ctx,
+                   struct pabc_public_parameters const *const pp,
+                   struct pabc_user_context **usr_ctx)
+{
+  char *json = NULL;
+  char *pp_filename;
+  enum pabc_status status;
+
+  char *fname = NULL;
+
+  if (NULL == usr_name)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == pp_name)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == ctx)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == pp)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n");
+    return GNUNET_SYSERR;
+  }
+  if (NULL == usr_ctx)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n");
+    return GNUNET_SYSERR;
+  }
+  GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename);
+
+  size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1
+                      + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1;
+  fname = GNUNET_malloc (fname_size);
+  snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name,
+            pp_filename,
+            PABC_USR_EXT);
+  GNUNET_free (pp_filename);
+  if (GNUNET_OK != read_file (fname, &json))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read `%s'\n", fname);
+    PABC_FREE_NULL (fname);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_free (fname);
+
+  status = pabc_new_user_context (ctx, pp, usr_ctx);
+  if (PABC_OK != status)
+  {
+    GNUNET_free (json);
+    return GNUNET_SYSERR;
+  }
+  status = pabc_decode_user_ctx (ctx, pp, *usr_ctx, json);
+  GNUNET_free (json);
+  if (PABC_OK != status)
+  {
+    pabc_free_user_context (ctx, pp, usr_ctx);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n");
+    return GNUNET_SYSERR;
+  }
+
+  return GNUNET_OK;
+}
diff --git a/src/reclaim/pabc_helper.h b/src/reclaim/pabc_helper.h
new file mode 100644
index 000000000..045ad5dda
--- /dev/null
+++ b/src/reclaim/pabc_helper.h
@@ -0,0 +1,41 @@
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include <pabc/pabc.h>
+
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
+#define PABC_ISK_EXT ".isk"
+
+#define PABC_PP_EXT ".pp"
+
+#define PABC_USR_EXT ".usr"
+
+#define PABC_ATTR_DELIM "="
+
+enum GNUNET_GenericReturnValue
+PABC_write_public_parameters (char const *const pp_name,
+                              struct pabc_public_parameters *const pp);
+
+
+enum GNUNET_GenericReturnValue
+PABC_load_public_parameters (struct pabc_context *const ctx,
+                             char const *const pp_name,
+                             struct pabc_public_parameters **pp);
+
+enum GNUNET_GenericReturnValue
+PABC_write_usr_ctx (char const *const user_name,
+                    char const *const pp_name,
+                    struct pabc_context const *const ctx,
+                    struct pabc_public_parameters const *const
+                    pp,
+                    struct pabc_user_context *const usr_ctx);
+
+enum GNUNET_GenericReturnValue
+PABC_read_usr_ctx (char const *const user_name,
+                   char const *const pp_name,
+                   struct pabc_context const *const ctx,
+                   struct pabc_public_parameters const *const
+                   pp,
+                   struct pabc_user_context **usr_ctx);
diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c
index 9e4f0a5c4..ce6fe483d 100644
--- a/src/reclaim/plugin_gnsrecord_reclaim.c
+++ b/src/reclaim/plugin_gnsrecord_reclaim.c
@@ -118,7 +118,7 @@ static struct
 
 
 /**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
+ * Convert a type name (e.g. "AAAA") to the corresponding number.
  *
  * @param cls closure, unused
  * @param dns_typename name to convert
@@ -138,7 +138,7 @@ typename_to_number (void *cls, const char *dns_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/reclaim/plugin_reclaim_attribute_basic.c b/src/reclaim/plugin_reclaim_attribute_basic.c
index c87922886..66f59998a 100644
--- a/src/reclaim/plugin_reclaim_attribute_basic.c
+++ b/src/reclaim/plugin_reclaim_attribute_basic.c
@@ -124,7 +124,7 @@ basic_typename_to_number (void *cls, const char *basic_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c
index aac0a6ea5..fb01903aa 100644
--- a/src/reclaim/plugin_reclaim_credential_jwt.c
+++ b/src/reclaim/plugin_reclaim_credential_jwt.c
@@ -122,7 +122,7 @@ jwt_typename_to_number (void *cls, const char *jwt_typename)
 
 
 /**
- * Convert a type number (i.e. 1) to the corresponding type string
+ * Convert a type number to the corresponding type string (e.g. 1 to "A")
  *
  * @param cls closure, unused
  * @param type number of a type to convert
@@ -158,11 +158,10 @@ jwt_parse_attributes (void *cls,
   struct GNUNET_RECLAIM_AttributeList *attrs;
   char delim[] = ".";
   char *val_str = NULL;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
   char *decoded_jwt;
   char *tmp;
   json_t *json_val;
-  json_error_t *json_err = NULL;
+  json_error_t json_err;
 
   attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
 
@@ -173,7 +172,7 @@ jwt_parse_attributes (void *cls,
                                    (void **) &decoded_jwt);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt);
   GNUNET_assert (NULL != decoded_jwt);
-  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
   GNUNET_free (decoded_jwt);
   const char *key;
   const char *addr_key;
@@ -252,6 +251,8 @@ struct GNUNET_RECLAIM_AttributeList *
 jwt_parse_attributes_c (void *cls,
                         const struct GNUNET_RECLAIM_Credential *cred)
 {
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
+    return NULL;
   return jwt_parse_attributes (cls, cred->data, cred->data_size);
 }
 
@@ -267,6 +268,8 @@ struct GNUNET_RECLAIM_AttributeList *
 jwt_parse_attributes_p (void *cls,
                         const struct GNUNET_RECLAIM_Presentation *cred)
 {
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT)
+    return NULL;
   return jwt_parse_attributes (cls, cred->data, cred->data_size);
 }
 
@@ -291,14 +294,14 @@ jwt_get_issuer (void *cls,
   json_t *issuer_json;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
   json_t *json_val;
-  json_error_t *json_err = NULL;
+  json_error_t json_err;
 
   jwt_string = GNUNET_strndup (data, data_size);
   jwt_body = strtok (jwt_string, delim);
   jwt_body = strtok (NULL, delim);
   GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
                                    (void **) &decoded_jwt);
-  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
   GNUNET_free (decoded_jwt);
   GNUNET_free (jwt_string);
   if (NULL == json_val)
@@ -355,7 +358,7 @@ jwt_get_issuer_p (void *cls,
  * @param cred the jwt credential
  * @return a string, containing the isser
  */
-int
+enum GNUNET_GenericReturnValue
 jwt_get_expiration (void *cls,
                     const char *data,
                     size_t data_size,
@@ -368,14 +371,14 @@ jwt_get_expiration (void *cls,
   json_t *exp_json;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n");
   json_t *json_val;
-  json_error_t *json_err = NULL;
+  json_error_t json_err;
 
   jwt_string = GNUNET_strndup (data, data_size);
   jwt_body = strtok (jwt_string, delim);
   jwt_body = strtok (NULL, delim);
   GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
                                    (void **) &decoded_jwt);
-  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err);
+  json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
   GNUNET_free (decoded_jwt);
   GNUNET_free (jwt_string);
   if (NULL == json_val)
@@ -396,13 +399,15 @@ jwt_get_expiration (void *cls,
  *
  * @param cls the plugin
  * @param cred the jwt credential
- * @return a string, containing the isser
+ * @return the expirati
  */
-int
+enum GNUNET_GenericReturnValue
 jwt_get_expiration_c (void *cls,
                       const struct GNUNET_RECLAIM_Credential *cred,
                       struct GNUNET_TIME_Absolute *exp)
 {
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
   return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
 }
 
@@ -414,22 +419,23 @@ jwt_get_expiration_c (void *cls,
  * @param cred the jwt credential
  * @return a string, containing the isser
  */
-int
+enum GNUNET_GenericReturnValue
 jwt_get_expiration_p (void *cls,
                       const struct GNUNET_RECLAIM_Presentation *cred,
                       struct GNUNET_TIME_Absolute *exp)
 {
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
+    return GNUNET_NO;
   return jwt_get_expiration (cls, cred->data, cred->data_size, exp);
 }
 
 
-int
+enum GNUNET_GenericReturnValue
 jwt_create_presentation (void *cls,
                          const struct GNUNET_RECLAIM_Credential *cred,
                          const struct GNUNET_RECLAIM_AttributeList *attrs,
                          struct GNUNET_RECLAIM_Presentation **pres)
 {
-  // FIXME sanity checks??
   if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type)
     return GNUNET_NO;
   *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT,
diff --git a/src/reclaim/plugin_reclaim_credential_pabc.c b/src/reclaim/plugin_reclaim_credential_pabc.c
new file mode 100644
index 000000000..2f6b7b8c4
--- /dev/null
+++ b/src/reclaim/plugin_reclaim_credential_pabc.c
@@ -0,0 +1,639 @@
+/*
+     This file is part of GNUnet
+     Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+
+     GNUnet is free software: you can redistribute it and/or modify it
+     under the terms of the GNU Affero General Public License as published
+     by the Free Software Foundation, either version 3 of the License,
+     or (at your option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Affero General Public License for more details.
+
+     You should have received a copy of the GNU Affero General Public License
+     along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+     SPDX-License-Identifier: AGPL3.0-or-later
+ */
+
+/**
+ * @file reclaim/plugin_reclaim_credential_pabc.c
+ * @brief reclaim-credential-plugin-pabc attribute plugin to provide the API for
+ *                                      pabc credentials.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_plugin.h"
+#include <inttypes.h>
+#include <jansson.h>
+#include <pabc/pabc.h>
+#include "pabc_helper.h"
+
+/**
+   * Convert the 'value' of an credential to a string.
+   *
+   * @param cls closure, unused
+   * @param type type of the credential
+   * @param data value in binary encoding
+   * @param data_size number of bytes in @a data
+   * @return NULL on error, otherwise human-readable representation of the value
+   */
+static char *
+pabc_value_to_string (void *cls,
+                      uint32_t type,
+                      const void *data,
+                      size_t data_size)
+{
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
+    return GNUNET_strndup (data, data_size);
+
+  default:
+    return NULL;
+  }
+}
+
+
+/**
+ * Convert human-readable version of a 'value' of an credential to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the credential
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+pabc_string_to_value (void *cls,
+                      uint32_t type,
+                      const char *s,
+                      void **data,
+                      size_t *data_size)
+{
+  if (NULL == s)
+    return GNUNET_SYSERR;
+  switch (type)
+  {
+  case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC:
+    *data = GNUNET_strdup (s);
+    *data_size = strlen (s) + 1;
+    return GNUNET_OK;
+
+  default:
+    return GNUNET_SYSERR;
+  }
+}
+
+
+/**
+ * Mapping of credential type numbers to human-readable
+ * credential type names.
+ */
+static struct
+{
+  const char *name;
+  uint32_t number;
+} pabc_cred_name_map[] = { { "PABC", GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC },
+                           { NULL, UINT32_MAX } };
+
+/**
+   * Convert a type name to the corresponding number.
+   *
+   * @param cls closure, unused
+   * @param pabc_typename name to convert
+   * @return corresponding number, UINT32_MAX on error
+   */
+static uint32_t
+pabc_typename_to_number (void *cls, const char *pabc_typename)
+{
+  unsigned int i;
+
+  i = 0;
+  while ((NULL != pabc_cred_name_map[i].name) &&
+         (0 != strcasecmp (pabc_typename, pabc_cred_name_map[i].name)))
+    i++;
+  return pabc_cred_name_map[i].number;
+}
+
+
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+pabc_number_to_typename (void *cls, uint32_t type)
+{
+  unsigned int i;
+
+  i = 0;
+  while ((NULL != pabc_cred_name_map[i].name) && (type !=
+                                                  pabc_cred_name_map[i].
+                                                  number))
+    i++;
+  return pabc_cred_name_map[i].name;
+}
+
+
+static void
+inspect_attrs (char const *const key,
+               char const *const value,
+               void *ctx)
+{
+  struct GNUNET_RECLAIM_AttributeList *attrs = ctx;
+
+  if (NULL == value)
+    return;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Found attribue in PABC credential: `%s': `%s'\n",
+              key, value);
+  if (0 == strcmp (key, "expiration"))
+    return;
+  if (0 == strcmp (key, "issuer"))
+    return;
+  if (0 == strcmp (key, "subject"))
+    return;
+  GNUNET_RECLAIM_attribute_list_add (attrs,
+                                     key,
+                                     NULL,
+                                     GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
+                                     value,
+                                     strlen (value));
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes (void *cls,
+                       const char *data,
+                       size_t data_size)
+{
+  struct GNUNET_RECLAIM_AttributeList *attrs;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Collecting PABC attributes...\n");
+  attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList);
+  GNUNET_assert (PABC_OK ==
+                 pabc_cred_inspect_credential (data,
+                                               &inspect_attrs, attrs));
+  return attrs;
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes_c (void *cls,
+                         const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return NULL;
+  return pabc_parse_attributes (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the respective claim value as Attribute
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a GNUNET_RECLAIM_Attribute, containing the new value
+ */
+struct GNUNET_RECLAIM_AttributeList *
+pabc_parse_attributes_p (void *cls,
+                         const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return NULL;
+  return pabc_parse_attributes (cls, cred->data, cred->data_size);
+}
+
+struct Finder
+{
+  const char* target;
+  char *result;
+};
+
+static void
+find_attr (char const *const key,
+                char const *const value,
+                void *ctx)
+{
+  struct Finder *fdr = ctx;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Found `%s', looking for `%s'\n",
+              key, fdr->target);
+  if (0 == strcmp (key, fdr->target))
+    fdr->result = GNUNET_strdup (value);
+}
+
+
+
+/**
+ * Parse a pabc and return an attribute value.
+ *
+ * @param cls the plugin
+ * @param data the pabc credential data
+ * @param data_size the pabc credential size
+ * @param skey the attribute key to look for.
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_attribute (void *cls,
+                    const char *data,
+                    size_t data_size,
+                    const char *skey)
+{
+
+  struct Finder fdr;
+  memset (&fdr, 0, sizeof (fdr));
+  fdr.target = skey;
+  pabc_cred_inspect_credential (data, &find_attr, &fdr);
+  return fdr.result;
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char*
+pabc_get_issuer (void *cls,
+                 const char *data,
+                 size_t data_size)
+{
+  char *res;
+  if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data,
+                                                       "issuer",
+                                                       &res))
+    return NULL;
+  return res;
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char*
+pabc_get_issuer (void *cls,
+                 const char *data,
+                 size_t data_size)
+{
+  return pabc_get_attribute (cls, data, data_size, "issuer");
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_issuer_c (void *cls,
+                   const struct GNUNET_RECLAIM_Credential *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
+    return NULL;
+  return pabc_get_issuer (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the issuer
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+char *
+pabc_get_issuer_p (void *cls,
+                   const struct GNUNET_RECLAIM_Presentation *cred)
+{
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type)
+    return NULL;
+  return pabc_get_issuer (cls, cred->data, cred->data_size);
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+int
+pabc_get_expiration (void *cls,
+                     const char *data,
+                     size_t data_size,
+                     struct GNUNET_TIME_Absolute *exp)
+{
+  json_t *json_root;
+  json_t *json_attrs;
+  json_t *value;
+  json_t *exp_j;
+  json_error_t *json_err = NULL;
+  const char*key;
+
+  json_root = json_loads (data, JSON_DECODE_ANY, json_err);
+  if ((NULL == json_root) ||
+      (! json_is_object (json_root)))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to retrive expiration from credential\n");
+    return GNUNET_SYSERR;
+  }
+
+  if (1 != sscanf (exp_str, "%llu", &exp_i))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Invalid expiration `%s'\n", exp_str);
+    GNUNET_free (exp_str);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Converted expiration string `%s' to %llu",
+              exp_str, exp_i);
+
+  GNUNET_free (exp_str);
+  exp->abs_value_us = exp_i * 1000 * 1000;
+  return GNUNET_OK;
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+pabc_get_expiration_c (void *cls,
+                       const struct GNUNET_RECLAIM_Credential *cred,
+                       struct GNUNET_TIME_Absolute *exp)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return GNUNET_NO;
+  return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+
+
+/**
+ * Parse a pabc and return the expiration
+ *
+ * @param cls the plugin
+ * @param cred the pabc credential
+ * @return a string, containing the isser
+ */
+enum GNUNET_GenericReturnValue
+pabc_get_expiration_p (void *cls,
+                       const struct GNUNET_RECLAIM_Presentation *cred,
+                       struct GNUNET_TIME_Absolute *exp)
+{
+  if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC)
+    return GNUNET_NO;
+  return pabc_get_expiration (cls, cred->data, cred->data_size, exp);
+}
+
+
+int
+pabc_create_presentation (void *cls,
+                          const struct GNUNET_RECLAIM_Credential *credential,
+                          const struct GNUNET_RECLAIM_AttributeList *attrs,
+                          struct GNUNET_RECLAIM_Presentation **pres)
+{
+  struct pabc_context *ctx = NULL;
+  struct pabc_user_context *usr_ctx = NULL;
+  struct pabc_public_parameters *pp = NULL;
+  struct pabc_credential *cred = NULL;
+  struct pabc_blinded_proof *proof = NULL;
+  struct GNUNET_RECLAIM_AttributeListEntry *ale;
+  char *issuer;
+  char *subject;
+  enum pabc_status status;
+
+  if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != credential->type)
+    return GNUNET_NO;
+
+
+  PABC_ASSERT (pabc_new_ctx (&ctx));
+  issuer = pabc_get_issuer_c (cls, credential);
+  if (NULL == issuer)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "No issuer found in credential\n");
+    pabc_free_ctx (&ctx);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Got issuer for credential: %s\n", issuer);
+  status = PABC_load_public_parameters (ctx, issuer, &pp);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read public parameters.\n");
+    pabc_free_ctx (&ctx);
+    GNUNET_free (issuer);
+    return GNUNET_SYSERR;
+  }
+  if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (credential->data,
+                                                       "subject",
+                                                       &subject))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to get subject.\n");
+    pabc_free_ctx (&ctx);
+    GNUNET_free (issuer);
+    return GNUNET_SYSERR;
+  }
+  status = PABC_read_usr_ctx (subject, issuer, ctx, pp, &usr_ctx);
+  GNUNET_free (issuer);
+  GNUNET_free (subject);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read user context.\n");
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_new_credential (ctx, pp, &cred);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to allocate credential.\n");
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_decode_credential (ctx, pp, cred, credential->data);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to decode credential.\n");
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  status = pabc_new_proof (ctx, pp, &proof);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to allocate proof.\n");
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+
+  // now we can parse the attributes to disclose and configure the proof
+  for (ale = attrs->list_head; NULL != ale; ale = ale->next)
+  {
+    status = pabc_set_disclosure_by_attribute_name (ctx, pp, proof,
+                                                    ale->attribute->name,
+                                                    PABC_DISCLOSED, cred);
+    if (status != PABC_OK)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Failed to configure proof.\n");
+      pabc_free_credential (ctx, pp, &cred);
+      pabc_free_user_context (ctx, pp, &usr_ctx);
+      pabc_free_public_parameters (ctx, &pp);
+      return GNUNET_SYSERR;
+    }
+  }
+
+  // and finally -> sign the proof
+  status = pabc_gen_proof (ctx, usr_ctx, pp, proof, cred);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to sign proof.\n");
+    pabc_free_proof (ctx, pp, &proof);
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+  // print the result
+  char *json = NULL;
+  char *ppid = NULL;
+  char *userid = NULL;
+  GNUNET_assert (PABC_OK == pabc_cred_get_userid_from_cred (credential->data,
+                                                            &userid));
+  GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_cred (credential->data,
+                                                          &ppid));
+  pabc_cred_encode_proof (ctx, pp, proof, userid, ppid,  &json);
+  GNUNET_free (ppid);
+  GNUNET_free (userid);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to serialize proof.\n");
+    pabc_free_proof (ctx, pp, &proof);
+    pabc_free_credential (ctx, pp, &cred);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    return GNUNET_SYSERR;
+  }
+  char *json_enc;
+  GNUNET_STRINGS_base64_encode (json,
+                                strlen (json) + 1,
+                                &json_enc);
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Presentation: %s\n", json_enc);
+  // clean up
+  *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC,
+                                           json_enc,
+                                           strlen (json_enc) + 1);
+  GNUNET_free (json_enc);
+  PABC_FREE_NULL (json);
+  pabc_free_proof (ctx, pp, &proof);
+  pabc_free_credential (ctx, pp, &cred);
+  pabc_free_user_context (ctx, pp, &usr_ctx);
+  pabc_free_public_parameters (ctx, &pp);
+  return GNUNET_OK;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_reclaim_credential_pabc_init (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api;
+
+  api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions);
+  api->value_to_string = &pabc_value_to_string;
+  api->string_to_value = &pabc_string_to_value;
+  api->typename_to_number = &pabc_typename_to_number;
+  api->number_to_typename = &pabc_number_to_typename;
+  api->get_attributes = &pabc_parse_attributes_c;
+  api->get_issuer = &pabc_get_issuer_c;
+  api->get_expiration = &pabc_get_expiration_c;
+  api->value_to_string_p = &pabc_value_to_string;
+  api->string_to_value_p = &pabc_string_to_value;
+  api->typename_to_number_p = &pabc_typename_to_number;
+  api->number_to_typename_p = &pabc_number_to_typename;
+  api->get_attributes_p = &pabc_parse_attributes_p;
+  api->get_issuer_p = &pabc_get_issuer_p;
+  api->get_expiration_p = &pabc_get_expiration_p;
+  api->create_presentation = &pabc_create_presentation;
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_reclaim_credential_pabc_done (void *cls)
+{
+  struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls;
+
+  GNUNET_free (api);
+  return NULL;
+}
+
+
+/* end of plugin_reclaim_credential_type_pabc.c */
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index c6259d745..fef79fb10 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -2478,13 +2478,12 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
  * with 'NULL' for 'ego'. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known).  If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this
+ * function is only called ONCE, and 'NULL' being passed in 'ego' does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * 'GNUNET_IDENTITY_connect' (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) ego but the NEW identifier.
diff --git a/src/reclaim/plugin_rest_pabc.c b/src/reclaim/plugin_rest_pabc.c
new file mode 100644
index 000000000..6603fb888
--- /dev/null
+++ b/src/reclaim/plugin_rest_pabc.c
@@ -0,0 +1,666 @@
+/*
+   This file is part of GNUnet.
+   Copyright (C) 2012-2015 GNUnet e.V.
+
+   GNUnet is free software: you can redistribute it and/or modify it
+   under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License,
+   or (at your option) any later version.
+
+   GNUnet is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+   SPDX-License-Identifier: AGPL3.0-or-later
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file reclaim/plugin_rest_pabc.c
+ * @brief GNUnet pabc REST plugin
+ *
+ */
+#include "platform.h"
+#include "microhttpd.h"
+#include <inttypes.h>
+#include <jansson.h>
+#include <pabc/pabc.h>
+#include "gnunet_reclaim_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_rest_lib.h"
+#include "gnunet_rest_plugin.h"
+#include "gnunet_signatures.h"
+#include "pabc_helper.h"
+
+/**
+ * REST root namespace
+ */
+#define GNUNET_REST_API_NS_PABC "/pabc"
+
+/**
+ * Credential request endpoint
+ */
+#define GNUNET_REST_API_NS_PABC_CR "/pabc/cr"
+
+/**
+ * The configuration handle
+ */
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * HTTP methods allows for this plugin
+ */
+static char *allow_methods;
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+  const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+
+struct RequestHandle
+{
+  /**
+   * DLL
+   */
+  struct RequestHandle *next;
+
+  /**
+   * DLL
+   */
+  struct RequestHandle *prev;
+
+  /**
+   * Rest connection
+   */
+  struct GNUNET_REST_RequestHandle *rest_handle;
+
+  /**
+   * Desired timeout for the lookup (default is no timeout).
+   */
+  struct GNUNET_TIME_Relative timeout;
+
+  /**
+   * ID of a task associated with the resolution process.
+   */
+  struct GNUNET_SCHEDULER_Task *timeout_task;
+
+  /**
+   * The plugin result processor
+   */
+  GNUNET_REST_ResultProcessor proc;
+
+  /**
+   * The closure of the result processor
+   */
+  void *proc_cls;
+
+  /**
+   * The url
+   */
+  char *url;
+
+  /**
+   * Error response message
+   */
+  char *emsg;
+
+  /**
+   * Reponse code
+   */
+  int response_code;
+
+  /**
+   * Response object
+   */
+  json_t *resp_object;
+};
+
+/**
+ * DLL
+ */
+static struct RequestHandle *requests_head;
+
+/**
+ * DLL
+ */
+static struct RequestHandle *requests_tail;
+
+
+/**
+ * Cleanup lookup handle
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (void *cls)
+{
+  struct RequestHandle *handle = cls;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n");
+  if (NULL != handle->resp_object)
+    json_decref (handle->resp_object);
+  if (NULL != handle->timeout_task)
+    GNUNET_SCHEDULER_cancel (handle->timeout_task);
+  if (NULL != handle->url)
+    GNUNET_free (handle->url);
+  if (NULL != handle->emsg)
+    GNUNET_free (handle->emsg);
+  GNUNET_CONTAINER_DLL_remove (requests_head,
+                               requests_tail,
+                               handle);
+  GNUNET_free (handle);
+}
+
+
+/**
+ * Task run on error, sends error message.  Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_error (void *cls)
+{
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+  char *json_error;
+
+  GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", handle->emsg);
+  if (0 == handle->response_code)
+  {
+    handle->response_code = MHD_HTTP_BAD_REQUEST;
+  }
+  resp = GNUNET_REST_create_response (json_error);
+  MHD_add_response_header (resp, "Content-Type", "application/json");
+  handle->proc (handle->proc_cls, resp, handle->response_code);
+  cleanup_handle (handle);
+  GNUNET_free (json_error);
+}
+
+
+/**
+ * Task run on timeout, sends error message.  Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_timeout (void *cls)
+{
+  struct RequestHandle *handle = cls;
+
+  handle->timeout_task = NULL;
+  do_error (handle);
+}
+
+
+static void
+return_response (void *cls)
+{
+  char *result_str;
+  struct RequestHandle *handle = cls;
+  struct MHD_Response *resp;
+
+  result_str = json_dumps (handle->resp_object, 0);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
+  resp = GNUNET_REST_create_response (result_str);
+  MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
+  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+  GNUNET_free (result_str);
+  cleanup_handle (handle);
+}
+
+
+static enum pabc_status
+set_attributes_from_idtoken (const struct pabc_context *ctx,
+                             const struct pabc_public_parameters *pp,
+                             struct pabc_user_context *usr_ctx,
+                             const char *id_token)
+{
+  json_t *payload_json;
+  json_t *value;
+  json_error_t json_err;
+  const char *key;
+  const char *jwt_body;
+  char *decoded_jwt;
+  char delim[] = ".";
+  char *jwt_string;
+  const char *pabc_key;
+  enum pabc_status status;
+
+  // FIXME parse JWT
+  jwt_string = GNUNET_strndup (id_token, strlen (id_token));
+  jwt_body = strtok (jwt_string, delim);
+  jwt_body = strtok (NULL, delim);
+  GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
+                                   (void **) &decoded_jwt);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded ID Token: %s\n", decoded_jwt);
+  payload_json = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err);
+  GNUNET_free (decoded_jwt);
+
+  json_object_foreach (payload_json, key, value)
+  {
+    pabc_key = key;
+    if (0 == strcmp ("iss", key))
+      pabc_key = "issuer"; // rename
+    if (0 == strcmp ("sub", key))
+      pabc_key = "subject"; // rename
+    if (0 == strcmp ("jti", key))
+      continue;
+    if (0 == strcmp ("exp", key))
+      pabc_key = "expiration"; // rename
+    if (0 == strcmp ("iat", key))
+      continue;
+    if (0 == strcmp ("nbf", key))
+      continue;
+    if (0 == strcmp ("aud", key))
+      continue;
+    char *tmp_val;
+    if (json_is_string (value))
+      tmp_val = GNUNET_strdup (json_string_value (value));
+    else
+      tmp_val = json_dumps (value, JSON_ENCODE_ANY);
+    if (NULL == tmp_val)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Unable to encode JSON value for `%s'\n", key);
+      continue;
+    }
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Setting `%s' to `%s'\n", key, tmp_val);
+    status = pabc_set_attribute_value_by_name (ctx, pp, usr_ctx,
+                                               pabc_key,
+                                               tmp_val);
+    GNUNET_free (tmp_val);
+    if (PABC_OK != status)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "Failed to set attribute `%s'.\n", key);
+    }
+  }
+  return PABC_OK;
+}
+
+
+static enum GNUNET_GenericReturnValue
+setup_new_user_context (struct pabc_context *ctx,
+                        struct pabc_public_parameters *pp,
+                        struct pabc_user_context **usr_ctx)
+{
+  if (PABC_OK != pabc_new_user_context (ctx, pp, usr_ctx))
+    return GNUNET_SYSERR;
+
+  if (PABC_OK != pabc_populate_user_context (ctx, *usr_ctx))
+  {
+    pabc_free_user_context (ctx, pp, usr_ctx);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+static void
+cr_cont (struct GNUNET_REST_RequestHandle *con_handle,
+         const char *url,
+         void *cls)
+{
+  struct RequestHandle *handle = cls;
+  char term_data[handle->rest_handle->data_size + 1];
+  char *response_str;
+  json_t *data_json;
+  json_t *nonce_json;
+  json_t *pp_json;
+  json_t *idtoken_json;
+  json_t *iss_json;
+  json_t *identity_json;
+  json_error_t err;
+  struct pabc_public_parameters *pp = NULL;
+  struct pabc_context *ctx = NULL;
+  struct pabc_user_context *usr_ctx = NULL;
+  struct pabc_credential_request *cr = NULL;
+  struct pabc_nonce *nonce = NULL;
+  enum pabc_status status;
+
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Credential request...\n");
+
+  if (0 >= handle->rest_handle->data_size)
+  {
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  term_data[handle->rest_handle->data_size] = '\0';
+  GNUNET_memcpy (term_data,
+                 handle->rest_handle->data,
+                 handle->rest_handle->data_size);
+  data_json = json_loads (term_data, JSON_DECODE_ANY, &err);
+  if (NULL == data_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse %s\n", term_data);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  if (! json_is_object (data_json))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse %s\n", term_data);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  nonce_json = json_object_get (data_json, "nonce");
+  if (NULL == nonce_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse nonce\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  iss_json = json_object_get (data_json, "issuer");
+  if (NULL == iss_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse issuer\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  identity_json = json_object_get (data_json, "identity");
+  if (NULL == identity_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse identity\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  idtoken_json = json_object_get (data_json, "id_token");
+  if (NULL == idtoken_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse id_token\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  pp_json = json_object_get (data_json, "public_params");
+  if (NULL == pp_json)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to parse public parameters\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  PABC_ASSERT (pabc_new_ctx (&ctx));
+  char *pp_str = json_dumps (pp_json, JSON_ENCODE_ANY);
+  status = pabc_decode_and_new_public_parameters (ctx,
+                                                  &pp,
+                                                  pp_str);
+  char *ppid;
+  GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_pp (pp_str, &ppid));
+  GNUNET_free (pp_str);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to read public parameters: %s\n",
+                pp_str);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  // (Over)write parameters
+  status = PABC_write_public_parameters (json_string_value (iss_json),
+                                         pp);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to write public parameters.\n");
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  status = PABC_read_usr_ctx (json_string_value (identity_json),
+                              json_string_value (iss_json),
+                              ctx, pp, &usr_ctx);
+  if (PABC_OK != status)
+  {
+    if (GNUNET_OK != setup_new_user_context (ctx, pp, &usr_ctx))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to setup user context.\n");
+      pabc_free_public_parameters (ctx, &pp);
+      json_decref (data_json);
+      GNUNET_SCHEDULER_add_now (&do_error, handle);
+      return;
+    }
+    PABC_write_usr_ctx (json_string_value (identity_json),
+                        json_string_value (iss_json),
+                        ctx, pp, usr_ctx);
+  }
+
+  // Set attributes from JWT to context
+  status = set_attributes_from_idtoken (ctx,
+                                        pp,
+                                        usr_ctx,
+                                        json_string_value (idtoken_json));
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to set attributes.\n");
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+
+  // nonce
+  status = pabc_new_nonce (ctx, &nonce);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate nonce.\n");
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  char *nonce_str = json_dumps (nonce_json, JSON_ENCODE_ANY);
+  status = pabc_decode_nonce (ctx, nonce, nonce_str);
+  if (status != PABC_OK)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to decode nonce.\n");
+    pabc_free_nonce (ctx, &nonce);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  // cr
+  status = pabc_new_credential_request (ctx, pp, &cr);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate cr.\n");
+    pabc_free_nonce (ctx, &nonce);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+
+  status = pabc_gen_credential_request (ctx, pp, usr_ctx, nonce, cr);
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to generate cr.\n");
+    pabc_free_nonce (ctx, &nonce);
+    pabc_free_credential_request (ctx, pp, &cr);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  handle->resp_object = json_object ();
+  GNUNET_assert (PABC_OK == pabc_cred_encode_cr (ctx, pp, cr,
+                                                 json_string_value (
+                                                   identity_json),
+                                                 ppid, &response_str));
+  if (PABC_OK != status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to serialize cr.\n");
+    pabc_free_nonce (ctx, &nonce);
+    pabc_free_credential_request (ctx, pp, &cr);
+    pabc_free_user_context (ctx, pp, &usr_ctx);
+    pabc_free_public_parameters (ctx, &pp);
+    json_decref (data_json);
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  json_decref (handle->resp_object);
+  handle->resp_object = json_loads (response_str, JSON_DECODE_ANY, &err);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", response_str);
+  GNUNET_free (response_str);
+
+  // clean up
+  pabc_free_nonce (ctx, &nonce);
+  pabc_free_credential_request (ctx, pp, &cr);
+  pabc_free_user_context (ctx, pp, &usr_ctx);
+  pabc_free_public_parameters (ctx, &pp);
+  GNUNET_SCHEDULER_add_now (&return_response, handle);
+  json_decref (data_json);
+}
+
+
+/**
+ * Respond to OPTIONS request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+              const char *url,
+              void *cls)
+{
+  struct MHD_Response *resp;
+  struct RequestHandle *handle = cls;
+
+  // For now, independent of path return all options
+  resp = GNUNET_REST_create_response (NULL);
+  MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods);
+  handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+  cleanup_handle (handle);
+  return;
+}
+
+
+static enum GNUNET_GenericReturnValue
+rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle,
+                               GNUNET_REST_ResultProcessor proc,
+                               void *proc_cls)
+{
+  struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+  struct GNUNET_REST_RequestHandlerError err;
+  static const struct GNUNET_REST_RequestHandler handlers[] = {
+    {MHD_HTTP_METHOD_POST,
+     GNUNET_REST_API_NS_PABC_CR, &cr_cont },
+    { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_PABC, &options_cont },
+    GNUNET_REST_HANDLER_END
+  };
+
+  handle->response_code = 0;
+  handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
+  handle->proc_cls = proc_cls;
+  handle->proc = proc;
+  handle->rest_handle = rest_handle;
+
+  handle->url = GNUNET_strdup (rest_handle->url);
+  if (handle->url[strlen (handle->url) - 1] == '/')
+    handle->url[strlen (handle->url) - 1] = '\0';
+  handle->timeout_task =
+    GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle);
+  GNUNET_CONTAINER_DLL_insert (requests_head,
+                               requests_tail,
+                               handle);
+  if (GNUNET_NO ==
+      GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle))
+  {
+    cleanup_handle (handle);
+    return GNUNET_NO;
+  }
+
+  return GNUNET_YES;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls Config info
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_pabc_init (void *cls)
+{
+  static struct Plugin plugin;
+  struct GNUNET_REST_Plugin *api;
+
+  cfg = cls;
+  if (NULL != plugin.cfg)
+    return NULL; /* can only initialize once! */
+  memset (&plugin, 0, sizeof(struct Plugin));
+  plugin.cfg = cfg;
+  api = GNUNET_new (struct GNUNET_REST_Plugin);
+  api->cls = &plugin;
+  api->name = GNUNET_REST_API_NS_PABC;
+  api->process_request = &rest_identity_process_request;
+  GNUNET_asprintf (&allow_methods,
+                   "%s, %s",
+                   MHD_HTTP_METHOD_POST,
+                   MHD_HTTP_METHOD_OPTIONS);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              _ ("Identity Provider REST API initialized\n"));
+  return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_reclaim_done (void *cls)
+{
+  struct GNUNET_REST_Plugin *api = cls;
+  struct Plugin *plugin = api->cls;
+  struct RequestHandle *request;
+
+  plugin->cfg = NULL;
+  while (NULL != (request = requests_head))
+    do_error (request);
+
+  GNUNET_free (allow_methods);
+  GNUNET_free (api);
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "PABC REST plugin is finished\n");
+  return NULL;
+}
+
+
+/* end of plugin_rest_reclaim.c */
diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c
index 39d24ea61..1d1231cbd 100644
--- a/src/reclaim/plugin_rest_reclaim.c
+++ b/src/reclaim/plugin_rest_reclaim.c
@@ -1332,13 +1332,12 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
  * with 'NULL' for 'ego'. That does NOT mean that the callback won't
  * be invoked in the future or that there was an error.
  *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known).  If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this
+ * function is only called ONCE, and 'NULL' being passed in 'ego' does
+ * indicate an error (for example because name is taken or no default value is
+ * known).  If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the
+ * value WILL be passed to a subsequent call to the identity callback of
+ * 'GNUNET_IDENTITY_connect' (if that one was not NULL).
  *
  * When an identity is renamed, this function is called with the
  * (known) ego but the NEW identifier.
diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c
index c8c0d397c..da5cee988 100644
--- a/src/reclaim/reclaim_credential.c
+++ b/src/reclaim/reclaim_credential.c
@@ -1033,7 +1033,6 @@ GNUNET_RECLAIM_presentation_get_expiration (const struct
 /**
  * Create a presentation from a credential and a lift of (selected)
  * attributes in the credential.
- * FIXME not yet implemented
  *
  * @param cred the credential to use
  * @param attrs the attributes to present from the credential
diff --git a/src/rest/gnunet-rest-server.c b/src/rest/gnunet-rest-server.c
index ecb3e2ae5..63847587b 100644
--- a/src/rest/gnunet-rest-server.c
+++ b/src/rest/gnunet-rest-server.c
@@ -436,7 +436,7 @@ post_data_iter (void *cls,
  * @param con MHD connection handle
  * @param url the url in the request
  * @param meth the HTTP method used ("GET", "PUT", etc.)
- * @param ver the HTTP version string (i.e. "HTTP/1.1")
+ * @param ver the HTTP version string ("HTTP/1.1" for version 1.1, etc.)
  * @param upload_data the data being uploaded (excluding HEADERS,
  *        for a POST that fits into memory and that is encoded
  *        with a supported encoding, the POST data will NOT be
diff --git a/src/testbed/testbed_api.c b/src/testbed/testbed_api.c
index f291892c6..386850b89 100644
--- a/src/testbed/testbed_api.c
+++ b/src/testbed/testbed_api.c
@@ -1546,7 +1546,7 @@ mq_error_handler (void *cls, enum GNUNET_MQ_Error error)
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) | ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) | ...")
  * @param cc controller callback to invoke on events
  * @param cc_cls closure for cc
  * @return handle to the controller
diff --git a/src/testbed/testbed_api_test.c b/src/testbed/testbed_api_test.c
index 30dbe455d..dd43cf2f6 100644
--- a/src/testbed/testbed_api_test.c
+++ b/src/testbed/testbed_api_test.c
@@ -109,7 +109,7 @@ run (void *cls, char *const *args, const char *cfgfile,
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
  * @param cc controller callback to invoke on events; This callback is called
  *        for all peer start events even if GNUNET_TESTBED_ET_PEER_START isn't
  *        set in the event_mask as this is the only way get access to the
diff --git a/src/testbed/testbed_api_testbed.c b/src/testbed/testbed_api_testbed.c
index 7ae30e0c6..1aa344e99 100644
--- a/src/testbed/testbed_api_testbed.c
+++ b/src/testbed/testbed_api_testbed.c
@@ -1237,7 +1237,7 @@ timeout_task (void *cls)
  * @param event_mask bit mask with set of events to call 'cc' for;
  *                   or-ed values of "1LL" shifted by the
  *                   respective 'enum GNUNET_TESTBED_EventType'
- *                   (i.e.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
+ *                   (e.g.  "(1LL << GNUNET_TESTBED_ET_CONNECT) || ...")
  * @param cc controller callback to invoke on events; This callback is called
  *          for all peer start events even if GNUNET_TESTBED_ET_PEER_START isn't
  *          set in the event_mask as this is the only way get access to the
diff --git a/src/testing/testing.c b/src/testing/testing.c
index 9724fb55b..991c11a6c 100644
--- a/src/testing/testing.c
+++ b/src/testing/testing.c
@@ -91,7 +91,7 @@ struct SharedService
 struct GNUNET_TESTING_System
 {
   /**
-   * Prefix (i.e. "/tmp/gnunet-testing/") we prepend to each
+   * Prefix (e.g. "/tmp/gnunet-testing/") we prepend to each
    * GNUNET_HOME.
    */
   char *tmppath;
diff --git a/src/transport/gnunet-helper-transport-bluetooth.c b/src/transport/gnunet-helper-transport-bluetooth.c
index 4923e6428..ef3a6292b 100644
--- a/src/transport/gnunet-helper-transport-bluetooth.c
+++ b/src/transport/gnunet-helper-transport-bluetooth.c
@@ -1374,7 +1374,7 @@ inquiry_devices:      // skip the conditions and force a inquiry for new devices
  * stdin/stdout of this process.  Error messages are written to stderr.
  *
  * @param argc number of arguments, must be 2
- * @param argv arguments only argument is the name of the interface (i.e. 'hci0')
+ * @param argv arguments only argument is the name of the interface (e.g. 'hci0')
  * @return 0 on success (never happens, as we don't return unless aborted), 1 on error
  *
  **** similar to gnunet-helper-transport-wlan.c ****
diff --git a/src/transport/gnunet-helper-transport-wlan.c b/src/transport/gnunet-helper-transport-wlan.c
index f1b190993..d90565c9c 100644
--- a/src/transport/gnunet-helper-transport-wlan.c
+++ b/src/transport/gnunet-helper-transport-wlan.c
@@ -1935,7 +1935,7 @@ stdin_send_hw (void *cls, const struct GNUNET_MessageHeader *hdr)
  * process.  Error messages are written to stdout.
  *
  * @param argc number of arguments, must be 2
- * @param argv arguments only argument is the name of the interface (i.e. 'mon0')
+ * @param argv arguments only argument is the name of the interface (e.g. 'mon0')
  * @return 0 on success (never happens, as we don't return unless aborted), 1 on error
  */
 int
diff --git a/src/transport/gnunet-service-transport_plugins.c b/src/transport/gnunet-service-transport_plugins.c
index d0a10cbc7..c88532806 100644
--- a/src/transport/gnunet-service-transport_plugins.c
+++ b/src/transport/gnunet-service-transport_plugins.c
@@ -51,12 +51,12 @@ struct TransportPlugin
   struct GNUNET_TRANSPORT_PluginFunctions *api;
 
   /**
-   * Short name for the plugin (i.e. "tcp").
+   * Short name for the plugin (e.g. "tcp").
    */
   char *short_name;
 
   /**
-   * Name of the library (i.e. "gnunet_plugin_transport_tcp").
+   * Name of the library (e.g. "gnunet_plugin_transport_tcp").
    */
   char *lib_name;
 
diff --git a/src/util/client.c b/src/util/client.c
index 746c0eb55..afd2fe900 100644
--- a/src/util/client.c
+++ b/src/util/client.c
@@ -892,7 +892,7 @@ connection_client_cancel_impl (struct GNUNET_MQ_Handle *mq,
  *         #GNUNET_NO if the service is (definitively) down,
  *         #GNUNET_SYSERR if the configuration does not give us
  *          the necessary information about the service, or if
- *          we could not check (i.e. socket() failed)
+ *          we could not check (e.g. socket() failed)
  */
 int
 GNUNET_CLIENT_test (const struct GNUNET_CONFIGURATION_Handle *cfg,
diff --git a/src/util/common_logging.c b/src/util/common_logging.c
index b30175543..48cc6fe3b 100644
--- a/src/util/common_logging.c
+++ b/src/util/common_logging.c
@@ -246,27 +246,27 @@ static int gnunet_force_log_present;
 
 /**
  * Convert a textual description of a loglevel
- * to the respective GNUNET_GE_KIND.
+ * to the respective enumeration type.
  *
  * @param log loglevel to parse
- * @return GNUNET_GE_INVALID if log does not parse
+ * @return GNUNET_ERROR_TYPE_INVALID if log does not parse
  */
 static enum GNUNET_ErrorType
 get_type (const char *log)
 {
   if (NULL == log)
     return GNUNET_ERROR_TYPE_UNSPECIFIED;
-  if (0 == strcasecmp (log, _ ("DEBUG")))
+  if (0 == strcasecmp (log, "DEBUG"))
     return GNUNET_ERROR_TYPE_DEBUG;
-  if (0 == strcasecmp (log, _ ("INFO")))
+  if (0 == strcasecmp (log, "INFO"))
     return GNUNET_ERROR_TYPE_INFO;
-  if (0 == strcasecmp (log, _ ("MESSAGE")))
+  if (0 == strcasecmp (log, "MESSAGE"))
     return GNUNET_ERROR_TYPE_MESSAGE;
-  if (0 == strcasecmp (log, _ ("WARNING")))
+  if (0 == strcasecmp (log, "WARNING"))
     return GNUNET_ERROR_TYPE_WARNING;
-  if (0 == strcasecmp (log, _ ("ERROR")))
+  if (0 == strcasecmp (log, "ERROR"))
     return GNUNET_ERROR_TYPE_ERROR;
-  if (0 == strcasecmp (log, _ ("NONE")))
+  if (0 == strcasecmp (log, "NONE"))
     return GNUNET_ERROR_TYPE_NONE;
   return GNUNET_ERROR_TYPE_INVALID;
 }
diff --git a/src/util/container_meta_data.c b/src/util/container_meta_data.c
index efaac1136..2c477db40 100644
--- a/src/util/container_meta_data.c
+++ b/src/util/container_meta_data.c
@@ -337,7 +337,7 @@ GNUNET_CONTAINER_meta_data_test_equal (const struct GNUNET_CONTAINER_MetaData
  *
  * @param md metadata to extend
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '&lt;zlib&gt;' for zlib being
+ *        special values can be used (e.g. '&lt;zlib&gt;' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
@@ -427,7 +427,7 @@ GNUNET_CONTAINER_meta_data_insert (struct GNUNET_CONTAINER_MetaData *md,
  *
  * @param cls the `struct GNUNET_CONTAINER_MetaData` to merge into
  * @param plugin_name name of the plugin that produced this value;
- *        special values can be used (i.e. '&lt;zlib&gt;' for zlib being
+ *        special values can be used (e.g. '&lt;zlib&gt;' for zlib being
  *        used in the main libextractor library and yielding
  *        meta data).
  * @param type libextractor-type describing the meta data
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 5e4c4d1e6..4d3de00bc 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -473,7 +473,7 @@ rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
 /**
  * Create a blinding key
  *
- * @param len length of the key in bits (i.e. 2048)
+ * @param len length of the key in bits (e.g. 2048)
  * @param bks pre-secret to use to derive the blinding key
  * @return the newly created blinding key, NULL if RSA key is malicious
  */
diff --git a/src/util/gnunet-config.c b/src/util/gnunet-config.c
index 2b279dda2..4d050cdd3 100644
--- a/src/util/gnunet-config.c
+++ b/src/util/gnunet-config.c
@@ -65,10 +65,11 @@ static int list_sections;
 static int global_ret;
 
 /**
- * Should we generate a configuration file that is clean and
- * only contains the deltas to the defaults?
+ * Should the generated configuration file contain the whole configuration, or
+ * just the differences with the defaults?
+ * If set to a non-zero value, the full configuration will be written to file.
  */
-static int rewrite;
+static int rewrite = 0;
 
 
 /**
@@ -157,7 +158,7 @@ run (void *cls,
     GNUNET_free (name);
     return;
   }
-  if (rewrite)
+  if (!rewrite)
   {
     struct GNUNET_CONFIGURATION_Handle *def;
 
@@ -315,7 +316,7 @@ main (int argc, char *const *argv)
       'w',
       "rewrite",
       gettext_noop (
-        "write configuration file that only contains delta to defaults"),
+        "write the full configuration file, including default values"),
       &rewrite),
     GNUNET_GETOPT_OPTION_END };
   int ret;
diff --git a/src/util/network.c b/src/util/network.c
index c4adefb8f..e771a9834 100644
--- a/src/util/network.c
+++ b/src/util/network.c
@@ -1269,7 +1269,7 @@ GNUNET_NETWORK_fdset_destroy (struct GNUNET_NETWORK_FDSet *fds)
 /**
  * Test if the given @a port is available.
  *
- * @param ipproto transport protocol to test (i.e. IPPROTO_TCP)
+ * @param ipproto transport protocol to test (e.g. IPPROTO_TCP)
  * @param port port number to test
  * @return #GNUNET_OK if the port is available, #GNUNET_NO if not
  */
diff --git a/src/util/scheduler.c b/src/util/scheduler.c
index 759312df5..d5c7b964f 100644
--- a/src/util/scheduler.c
+++ b/src/util/scheduler.c
@@ -193,7 +193,7 @@ struct GNUNET_SCHEDULER_Task
   /**
    * Why is the task ready?  Set after task is added to ready queue.
    * Initially set to zero.  All reasons that have already been
-   * satisfied (i.e.  read or write ready) will be set over time.
+   * satisfied (e.g. read or write ready) will be set over time.
    */
   enum GNUNET_SCHEDULER_Reason reason;
 
diff --git a/src/util/strings.c b/src/util/strings.c
index 61e04c457..b62d5f547 100644
--- a/src/util/strings.c
+++ b/src/util/strings.c
@@ -316,7 +316,7 @@ convert_with_table (const char *input,
 /**
  * Convert a given fancy human-readable size to bytes.
  *
- * @param fancy_size human readable string (i.e. 1 MB)
+ * @param fancy_size human readable string (e.g. 1 MB)
  * @param size set to the size in bytes
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -348,7 +348,7 @@ GNUNET_STRINGS_fancy_size_to_bytes (const char *fancy_size,
  * Convert a given fancy human-readable time to our internal
  * representation.
  *
- * @param fancy_time human readable string (i.e. 1 minute)
+ * @param fancy_time human readable string (e.g. 1 minute)
  * @param rtime set to the relative time
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -399,7 +399,7 @@ GNUNET_STRINGS_fancy_time_to_relative (const char *fancy_time,
  * representation. The human-readable time is expected to be
  * in local time, whereas the returned value will be in UTC.
  *
- * @param fancy_time human readable string (i.e. %Y-%m-%d %H:%M:%S)
+ * @param fancy_time human readable string (e.g. %Y-%m-%d %H:%M:%S)
  * @param atime set to the absolute time
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
@@ -1364,7 +1364,7 @@ GNUNET_STRINGS_to_address_ip (const char *addr,
  * `struct sockaddr`.
  *
  * @param addr the address
- * @param[out] af set to the parsed address family (i.e. AF_INET)
+ * @param[out] af set to the parsed address family (e.g. AF_INET)
  * @param[out] sa set to the parsed address
  * @return 0 on error, otherwise number of bytes in @a sa
  */
diff --git a/src/util/tun.c b/src/util/tun.c
index 0e3017551..d2b675c71 100644
--- a/src/util/tun.c
+++ b/src/util/tun.c
@@ -37,7 +37,7 @@
  * Initialize an IPv4 header.
  *
  * @param ip header to initialize
- * @param protocol protocol to use (i.e. IPPROTO_UDP)
+ * @param protocol protocol to use (e.g. IPPROTO_UDP)
  * @param payload_length number of bytes of payload that follow (excluding IPv4 header)
  * @param src source IP address to use
  * @param dst destination IP address to use
@@ -72,7 +72,7 @@ GNUNET_TUN_initialize_ipv4_header (struct GNUNET_TUN_IPv4Header *ip,
  * Initialize an IPv6 header.
  *
  * @param ip header to initialize
- * @param protocol protocol to use (i.e. IPPROTO_UDP), technically "next_header" for IPv6
+ * @param protocol protocol to use (e.g. IPPROTO_UDP), technically "next_header" for IPv6
  * @param payload_length number of bytes of payload that follow (excluding IPv6 header)
  * @param src source IP address to use
  * @param dst destination IP address to use