...
Access to the safe itself requires both a key and a pin. A Key Authority Officer provides the key while a Technical Authority Officer knows the pin. A single individual can not be both a Key Authority Officer and a Technical Authority Officer, that is, no one person knows both the location of the key and the pin. Thus two people with strict separation of duties are required to access the laptop in the safe.
A software process that aggregates and signs and publishes metadata is run daily. This process runs on an the offline laptop kept in the safe. Only a handful of individuals can initiate the software process. Collectively these individuals are known as the Technical Authority. The Technical Authority Officer initiates the software process in the presence of the Key Authority Officer.
In the same way that a bank deposit box requires two distinct physical keys, the metadata signing process requires two human actors, a Key Authority Officer and a Technical Authority Officer. Only the Key Authority Officer can access the safe while only the Technical Authority Officer can run the software process. Both are needed to complete the metadata signing process. Each limits the actions of the other.