[EricBurnett]

A good starting point for reading is https://cloud.google.com/security/binary-authorization-for-b... . It also links out to other whitepapers covering different dimensions of the problem.

[jeffbee]

Another good one, which is not linked from there, describes how RPCs are authenticated and authorized. https://cloud.google.com/security/encryption-in-transit/appl...