We consider how a transporter could provide services to site owners within one farm but not others. We assume an administrator with privileged access to both transporter and farm and suitable protection from man-in-the-middle attacks at all levels.
The administrator uses ssh or equivalent to mint a key on one service and supply that key to the other.
The transporter would then refuse to service any request where a currently valid key has not been included.
The wiki server would necessarily interpret a sufficiently complex configuration so as to deliver the proper key to the appropriate transporter under the proper login conditions.
The Transport plugin would arrange that requests made by site owners are made with the appropriate key attached without revealing the key except to the request recipient.
The key could be injected into transporter requests on the server-side if the client were content to have all requests proxied through the server. This places the farm in the middle between the author and the transporter sacrificing some privacy now available to the author.