Matrix would be a good fit for most research institutions, allowing cooperation trough federation. Heck, even Mastodon could be interesting, and ActivityPub as a transport layer for publications.

However, one issue is that small institutions cannot afford to self-host everything, or make the necessary adjustments themselves. I wonder if CERN and other big institutions could perform some heavy lifting (and maybe provide some shared services, hosting servers, etc.) without necessarily centralizing everything like it is done nowadays.

I'm a big Matrix fan but am curious about what options they have for integrating and managing it in a typical enterprise environment. For example:

-what happens for stuff like user management with Active Directory etc? -what happens for things like FOIA requirements considering it is e2e encrypted?

Matrix doesn't E2E encrypt everything, only certain rooms. It's not currently possible, but I suppose there's no technical roadblock to making a server prevent access to E2E encrypted rooms to meet FOIA requirements.

As for user management, synapse has identity servers and password providers to form a complete authentication solution. mxisd[0] is a service that uses both to offer LDAP authentication, although it seems dead with no real replacement.

[0] https://github.com/kamax-matrix/mxisd

So Matrix has a bunch of enterprise integration support either in existence or in the making.

In terms of audit compliance for E2EE, there are three main options:

a) Turn it off (as per the parent post); there isn't a button for this in synapse but would be possible to add, albeit technically an abuse vector given it is effectively a downgrade attack.

b) Add an audit user to rooms which need to be 'on the record'. This is our preferred solution, as it makes it crystal clear to users as to which conversations are on the record (and whose record!) and which aren't. One could run such a user via a client like https://github.com/matrix-org/pantalaimon, and have the server autoinvite them into rooms which need to be recorded.

c) Add an audit (aka ghost) device to users who need to be 'on the record'. For instance, you could use pantalaimon to log in as a given user and record their messages. The audit device will appear in the E2E devices for the user, and once cross-signing lands, could be signed by the user (or their sysadmin) to be trusted. However, we're not keen on ghost devices in general - we've built all of Matrix's E2EE trust model to protect users against unexpected devices being present in their rooms, so we'd recommend audit users instead.

In terms of LDAP integration - there are more and more enterprise integration options appearing; for instance, ma1sd is a maintained fork of mxisd, and we're working on better LDAP bridging for Matrix in general. We want Matrix to work in an enterprise environment, so if people see stuff missing, please yell.