I've thought that a wiki farm could be configured such that only people with email addresses from xyz.com could make sites and gain access to them.
How exactly would this work?
Firewall
A firewall/nat lets insiders see out but not outsiders see in. A vpn can breach the firewall from outside. Corporations accept this model but are happy to have some corporate assets outside.
A neighborhood could thrive on servers within corporate firewalls. Pages from outside could be forked (pulled) in. The natural flows are one-way, the corporate preference.
SaaS
A wiki or wiki farm could restrict access by rules maintained through configuration files or pages. This normally involves advanced login and privilege management including logging access and revoking accounts. See Visitors to Sign in with Persona.
Push
Our general sharing model is that content is pulled toward its reader. The pull could be explicit (with the fork button) or implicit by just editing.
An organization might choose to publish some portion of their internal content to federated wiki sites outside the firewall. A PR department could collect, edit and approve content then Publish with SCP.
The Submit Changes mechanism offers another push model. Currently this applies only to pages held in browser local storage from sites choosing to accept submissions.
Leaks
Any corporate information system that encourages employees to maintain local copies is subject to abuse of those copies.
Wiki's architecture should discourage accidental disclosure. Should we relax the write-to-origin-only policy then additional checks may be appropriate. This could take the form of a client-side license check before write.