The data protection directive implies minimum disclosure of attributes. In general, attributes can be divided into three categories: necessary, optional and not relevant.

Attributes that are necessary for a Service Provider

NECESSARY attributes can be released to the Service Providers.

The Code of Conduct for Service Providers requires that the Service Provider agrees and warrants 

In practice, this can mean that

Examples of NECESSARY attributes

Attributes that are optional for a Service Provider

Note: Introduction to Code of Conduct proposes to defer support to optional extra attributes to Phase 2.

Optional attributes belong to category REQUIRING CONSENT and can be released to the Service Provider, if the user consents to it.

An Attribute is categorized as REQUIRING CONSENT if the service can operate without it, but the service will provide some additional service level to the user (or to other users of the site) if the Attribute is provided. 

Examples of optional attributes

Alternatively, the Service Provider may ask the user to type in the optional attributes by him/herself. 

For contrast, the definition of "freely-given" is that it can be withdrawn at any time. If withdrawing consent to disclosing a name breaks the service (as it does for a research collaboration) then consent is the wrong basis. That is exactly the situation where necessity applies. 

Attributes that are not relevant for a Service Provider

The SP can only process attributes that are adequate, relevant and not excessive in relation to the purposes for which the SP processes them. The SP MUST NOT request other attributes from the IdP.