A possible solution is described below. The FDA basically wants the user to confirm it is the person logged into the machine who made the change. Typically this is done by requiring the user to "sign-off" on whatever changes they made via a username
and a password. In the corporate environment the username, password (and domain) is sent to a Active Directory type service for authentication of the user. Also, the date is logged.
Some notes from one of the developers on our team about this scenario:
While this is not possible out of the box, you can implement a work item custom control to help enforce your requirement. This requires some writing of code. There are a couple of limitations though with such an approach:
1) It's a client enforcement. That is, there's nothing stopping a determined user from implementing his own client and programmatically using the TFS API to update the work item without the electronic signature. Of course, since TFS work items log all the changes,
if they do that, it's fairly easy to spot those types of changes.
2) The custom control needs to be deployed on your VS clients. A client without the custom control will not be able to sign work items.
If the above limitations are OK, then one possible solution is the following:
1) Create a required field that is defined in the work item type definition but not shown on the form (you can call the field “Electronic Signature”). Since the field isn't shown on the form, when a user with a client without the custom control tries to save,
he will get:
TF20012: Field 'Electronic Signature' cannot be empty.
2) Create a rule such that whenever an electronic signature is needed, the rule clears that required field.
3) Create a custom control (could be an empty user control with a size of 1x1 pixel) that you can place somewhere on the form (make sure it’s not hidden in a non-active tab as we will only create the control on demand when we render the hidden tab, and we want
the control to always be instantiated when the form is displayed).
4) That custom control will hook to the FieldChanged event of the work item object on the electronic signature field. At this point you can bring up your own dialog that will prompt the user for an electronic signature (username/password/other metadata) and
only after verification, the custom control will set the hidden “Electronic Signature” to an allowed value. Now the user can save the workitem.
Hope that helps.