Gematik recently announced its intention to rebase its TI-Messenger specification on Matrix v1.15, which brings important improvements to TI-Messenger. The suggested changes are substantial and will have material impact on all TI-M implementations. Currently the changes to the specification are in the commenting phase and all vendors are being asked to understand what it means for their implementations.
Matrix is an advanced protocol for digitally sovereign, interoperable and secure real time communications. Its commitment to open source principles and being an open standard is part of the reason why it was chosen as the underlying technology for TI-Messenger, as was its continual innovation. TI-Messenger moved from Matrix 1.3 to Matrix 1.11 in November 2024, and it will rebase itself on future versions too.
Our ESS TI-Messenger customers will not have to handle the backend upgrade to 1.15 (or future versions). Instead we keep ESS Pro for TI-M in line with the evolving TI-Messenger specification, leaving our customers - service providers such as T-Systems or end-user organisations like BARMER - free to focus on their TI-Messenger frontend and overall customer service.
What will change in TI-M with Matrix 1.15?
The rebase on Matrix 1.15 contains a couple of smaller changes to the TI-M specification around room joins, restrictions to profile queries and push rule actions. These are mainly simplifications to the TI-M specification and technical improvements which need to be kept backwards-compatible.
The biggest and most impactful change is the introduction of the OAuth 2.0 APIs (also referred to as ‘next-gen user management and authentication’) based on MSC3861 and its sub-proposals. This change replaces Matrix user management and authentication from a custom implementation to a standards-based, and more secure, state-of-the-art implementation. To date there is only one production-ready implementation of MSC3861 and its sub-proposals available which is the Matrix Authentication Service (MAS) developed by Element.
What does the introduction of MSC3861 and OAuth 2.0 mean for TI-Messenger vendors?
For TI-Messenger service providers, the introduction of MSC3861 and OAuth 2.0 means substantial changes to their TI-M implementations in many areas. First and foremost they will need to integrate an implementation of the new APIs to their backend deployments - which we expect to be realised using MAS. For existing deployments this comprises a migration step from the homeserver’s user database to MAS. In addition to that, the integrations of external identity provider products will change; that is for any identity provider chosen for TI-M Pro users, as well as the Sektoraler IdP in TI-M ePA.
User accounts will live within MAS, according to MSC3861, and user-facing account functionality (modifying profile details, device management, deactivating accounts, etc.) will be served by the MAS web interface. TI-M clients will need to adapt their authentication flows to be compliant with MSC3861. Other TI-M components, like the Org-Admin-Client, will require adaptations for functionality that moves from Synapse to MAS.
At this point it is not clear whether Gematik will force this specification shift onto all vendors, thereby requiring new accreditations, but given the security improvements it is likely that this will happen.
TI-M vendors will be required to understand the backgrounds and technical details of Matrix moving to MSC3861 to make the changes outlined above, integrate new components, and acquire new accreditations for their products. TI-Messenger will continue to keep up with the Matrix specification and it is likely that similar change requests will come up in the future.
Element helps drive innovation
Element suggested MSC3861 and its sub-proposals to the Matrix ecosystem in 2022/23, and accompanied its introduction with the implementation and continuous development of the Matrix Authentication Service. We have supported the migration of the largest Matrix community server (matrix.org) with millions of users earlier this year and have made MAS available to the Element Server Suite, our official Matrix backend distribution. We additionally have based Element X, our new mobile app generation, entirely on MSC3861 and MAS so that users and service providers can benefit from its advantages.
Element provides ESS Pro for TI-Messenger which is a special Matrix backend solution compatible with the TI-Messenger specification. ESS Pro for TI-M is part of the TI-M product of T-Systems, used by BARMER and others, which was accredited by Gematik in July 2025.
ESS Pro for TI-Messenger comprises all the Matrix backend parts that are required for TI-M (Homeserver, Messenger Proxy, Federation List Service, Push Gateway) and is kept up-to-date with changes to the TI-M specifications. Element customers will automatically get all the backend changes around MAS and related changes as well as seamless migration tooling for existing deployments, once the TI-M specification incorporates the changes.
ESS Pro for TI-Messenger offers proprietary long-term support (LTS) commitments to safeguard TI-M services against upstream changes that put their accreditation at risk.
ESS Pro for TI-Messenger is the only professional Matrix server for the TI-Messenger standard. If TI-Messenger solutions are not using ESS Pro for TI-Messenger, they generally rely on Element’s free of charge community version of Synapse and will need to navigate to newer versions of Matrix without support.
Element delivers efficiencies
By providing a professionalised server-side product for TI-Messenger, Element offers a fully maintained backend in line with TI-Messenger specification. It enables companies offering TI-Messenger solutions to focus on their TI-Messenger frontend, additional services and direct customer support.
Another big topic in TI-Messenger is operational cost, especially taking into account that the TI-M specification demands each individual organisation to get a dedicated Matrix backend with its own domain and data separation.
ESS Pro for TI-Messenger introduces multi-tenancy capabilities with Synapse Pro for Small Hosts. This feature is a solution to the resource inefficiencies in serving many small Matrix servers for individual doctors, pharmacies and other healthcare professionals. Synapse Pro for Small Hosts reduces hardware resource needs by 90% and reduces personnel cost drastically by employing sophisticated deployment automation practices complemented by GitOps processes. For TI-M service providers, this offers a solution to approach TI-M Pro economically.
In addition to Synapse Pro for Small Hosts, ESS Pro for TI-Messenger provides a modern, Rust-based implementation of the TI-M Messenger Proxy which comes with huge resource savings compared to the TI-M reference implementation (400-800 MB idle RAM use per tenant vs. 10 MB idle RAM use per tenant) and can scale dynamically according to the actual usage of the system.
If you’re not getting better, you’re getting worse
Gematik’s TI-Messenger is one of the most ground-breaking real time communications initiatives in the world; a nationwide healthcare ecosystem, able to communicate securely in real time, brings phenomenal productivity gains and improved patient outcomes. That Gematik continues to enhance and expand the standard deserves full recognition and Element, for its part, is committed to continuing to support Matrix and the TI-Messenger ecosystem.
