Create Adding-data-to-UserModel.md (#97230)

* Create Adding-data-to-UserModel.md * Update products/identity/Policies and Procedures/Adding-data-to-UserModel.md Co-authored-by: Joe Niquette <[email protected]> * Update products/identity/Policies and Procedures/Adding-data-to-UserModel.md Co-authored-by: Joe Niquette <[email protected]> * Update products/identity/Policies and Procedures/Adding-data-to-UserModel.md Co-authored-by: Joe Niquette <[email protected]> * Update products/identity/Policies and Procedures/Adding-data-to-UserModel.md Co-authored-by: Joe Niquette <[email protected]> * Update Adding-data-to-UserModel.md --------- Co-authored-by: Joe Niquette <[email protected]>
department-of-veterans-affairs · Jan 6, 2025 · a24fbfe · a24fbfe
1 parent 54a6f99
commit a24fbfe
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/products/identity/Policies and Procedures/Adding-data-to-UserModel.md b/products/identity/Policies and Procedures/Adding-data-to-UserModel.md
@@ -0,0 +1,35 @@
+# Policy: Separation of Concerns for User Data
+
+## Purpose
+To maintain a scalable, efficient, and maintainable architecture, this policy outlines guidelines for handling user data. Specifically, it aims to prevent unnecessary additions to the UserModel by promoting the creation of new endpoints and tables.
+
+## Scope
+This policy applies to all current and future solutions working in the UserModel of vets-api
+
+## Principles
+
+1. Separation of Concerns: Each endpoint/table should have a single, well-defined responsibility.
+2. Data Minimization: Only store and retrieve necessary data.
+3. Scalability: Design for future growth.
+
+## Guidelines
+
+Before adding new data to the UserModel the following criteria must be met:
+- App Teams must provide a clear reason for the addition of new data to the UserModel, specifically why can't this be handled in a different model
+- App Teams must have considered all available alternatives
+- App Teams must have consulted with OCTO Identity for review and approval
+
+### Recommended alternatives
+- Create new endpoints and/or new tables
+
+## Consequences of Non-Adherence
+The consequences of not adhering to the following policy has the potential to increase maintenance complexity (technical debt), increase attack surface (reduced security posture), and/or reduce system efficiency (performance).
+
+## Review and Revision
+This policy will be reviewed and revised annually or as needed by an OCTO Identity Team.
+
+## Approval:
+Approved by Thomas Black, OCTO Identity Product Owner, Nov 2024
+
+## Version History:
+1.0, 11/15/2024, UserModel policy creation