JTAM is a model that supports separation-of-duty for critical operations like user creation/deletion by requiring authorization from at least k-1 administrators, where k is specified when creating the operation. It uses threshold cryptography to create a digital signature on the operation details, with each administrator assigned a secret share for signing. The lifecycle of an operation like creating a user involves the system generating signature shares, combining them when k-1 administrators authorize, and verifying the final signature before execution and storage alongside the new user entry.