Just a brief question: if, as you say, you handle the issue of protecting a temp destination from being consumed by anyone other than the original connection _outside_ any security code, then why bother using it when you _are_ within the same connection? Couldn't the temp destination include metadata describing the original connectionid/sessionid, and just check that consumers belong to the same id? No other checks need to be made, and no more configuration needs to be extended on the connectionfactory? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055954#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...