What does the ALTS handshaker do

Can anyone explain in simple words what the ALTS extension ( envoy.transport_sockets.alts) tries to accomplish? In the source code i’ve noticed it contacts the google metadata instance on port 8080, but i was unable to find any documentation about the workings of the service/protocol running on that port.

Thanks!

Reg