In his new post Mathias Verraes talks about the separation of concerns that, in his opinion, should exist between form, command and model and the validation of each.
Many of the frameworks I’ve worked with, promise to separate responsibilities with MVC. In practice, the end up coupling everything to everything. The forms are coupled to the models, and there’s a grand unified validation layer. This may be convenient at first, but it breaks down for larger systems, and creates headaches when having to support multiple clients. My approach is to clearly separate the validation for the form itself, from the Command validation and the model validation.
He talks about each of the different types in turn, starting with Commands. He suggests that the validation should happen in Value Objects in the Commands, validation rules in Models and some client-side validation (backed up by backend checking, of course) via Javascript or HTML5 fields.