I would default the behaviour to not send the User-Name attribute in the Access-Accept but give the ability to have it trivially enabled with a toggle. And where it is enabled, by default, send it in the normalised user at realm format unless configured otherwise. (That would be the general case as far as I can see.)