From 3eafadbae32349250928b00944a87ae763fba901 Mon Sep 17 00:00:00 2001
From: Michael Chen <michael.chen@tuhh.de>
Date: Mon, 2 May 2022 17:53:26 +0200
Subject: [PATCH] Added writeup for lab 1 (first session)

---
 Exercise/Writeup/lab01.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 Exercise/Writeup/lab01.md

diff --git a/Exercise/Writeup/lab01.md b/Exercise/Writeup/lab01.md
new file mode 100644
index 0000000..faba034
--- /dev/null
+++ b/Exercise/Writeup/lab01.md
@@ -0,0 +1,21 @@
+# Lab 1: Security Requirements
+
+## Metaverse User Stories
+
+`Metaverse Users` are referred to as users here.
+
+User | Task | Goal | Context | Action | Outcomes
+-- | -- | -- | -- | -- | -- 
+User | perform authorized payment transactions | only I can make transactions in my name | An adversary knows my payment information | he tries to pay with my info | the payment is declined if not authorized by me
+Developer | access user configurations (avatars, config) | personalize the user experience of my applications
+Teacher | make physical course material available in the metaverse | students can see them in virtual reality
+User | have a unique identification key in bound to my avatar | everyone can recognize my avatar | my avatar is public | my avatar is used by another user | the user cannot impersonate my identity because he doesn't know the key
+User | virtual home to be self or zero knowledge hosted | my privacy can not be intruded
+
+Corrections:
+
+- User stories are more non-functional and should not contain less security aspects, rather the use-case functionality
+
+User | Task | Goal
+-- | -- | --
+User | perform a payment | i can acquire an virtual/physical asset
\ No newline at end of file