diff --git a/docs/admin/lock/README.md b/docs/admin/lock/README.md
index 3ddc68e01c8..f3096b0a042 100644
--- a/docs/admin/lock/README.md
+++ b/docs/admin/lock/README.md
@@ -51,3 +51,10 @@ control course grain authorization in an API gateway, fine grain authorization
 in First Party API code, and the issuance of access token scopes.
 
 ![Jans Lock sample toplogy](../../assets/lock-design-diagram-00.png)
+
+This authorization model is also useful for East-West service mesh authorization
+because it avoids the "hairpin" inefficiency of routing all traffic through
+and API gateway (which is better for North-South web ingress). TLS is required
+to protect the bearer token. MTLS is even better.
+
+![Jans Lock sample toplogy](../../assets/lock-east-west-service-mesh-diagram.png)
diff --git a/docs/assets/lock-east-west-service-mesh-diagram.png b/docs/assets/lock-east-west-service-mesh-diagram.png
new file mode 100644
index 00000000000..c7eda1db9d6
Binary files /dev/null and b/docs/assets/lock-east-west-service-mesh-diagram.png differ