Wouldn't that require N principals, one for each jurisdiction, which is an unusual organizational structure, and requires a lot of trust and shared vision even if it's an n-of-m authorization system?
Sort of. Just because N people from different countries and time zones each need to enter their password in order to make a production change doesn't mean that the organizational structure needs to follow that. For all we care, only the subteam that does production deployments would need to be set up this way.
They would, however, need highly trusted agents in several legal jurisdictions. Agents who they trusted with the ability to bring the company down. Still... I think I might pay for a service like that, if some of the principle participants were people I trusted so I was sure it wasn't a honeypot.
