With wiki sites being owned by individuals there is only a single question that concerns us, "Are you the site owner?"
In the current (July 2015) code base there are a number of issues:-
* A single authentication scheme is built in. Scheme specific code is in both the client and server.
* The protected resources rather than asking if you are authorized to perform the action ask if you are authenticated, and elsewhere we only allow the site owner to be authenticated.
The aim of is to separate out the authentication scheme specific parts of implementation, into a security plug-in. Such that it would be possible both for alternative schemes to be developed, and server owners to pick an appropriate scheme, without needing to create a scheme specific version of the server and client.
We do not provide a mechanism for creation of privatly shared wiki sites, this is might be provided using Layered Authentication.