OpenID Connect : which claims to communicate ?

This represent a questionning that concerns me since a few days. The implementation of OpenID Connect is currently going on and I'm starting to ask myself which data on the user diaspora should communicate and which it shouldn't during a connection procedure with OIDC.

OIDC specifies a lot of claims. Whil most of them are not even know by diaspora, some of them could be given by it during a connection procedure like the profile picture or the email address.

Then, the question is: which of them can be given and which must stay private?

The following claims are potentially know by diaspora:

• name (full name and surname),
• given_name (basically, first name),
• family_name (surname),
• nickname,
• profile (basically, should be diaspora's profile page of the user),
• picture (user's avatar),
• email,
• gender,
• birthdate,
• zoneinfo (time zone),
• updated_at (time of profile's lat update).

IMHO, at least the followinf must stay secret:

• name (full name and surname),
• given_name (basically, first name),
• family_name (surname),
• gender,
• birthdate,
• updated_at (time of profile's lat update).

This leaves the following informations to be potentially public during an OIDC connection procedure:

• nickname,
• profile (basically, should be diaspora's profile page of the user),
• picture (user's avatar),
• email,
• zoneinfo (time zone).

A solution could be to add a configuration page which lets the user choose what can be communicated about him.

IMHO, at least the username should stay public with the sub (the user's unique ID, i.e, the diaspora handle).

What do you all think about this?