Where should validation logic be implemented?

Question

When developing my interfaces (contracts) and the concrete implementations of them, both the data models as well as repositories, I find myself questioning where the validation

Answer 1

A contract (interface) between two parties say, A and B such that both have certain obligations. What does the contract say? Is B supposed to receive validated data? If that is the case, B should not be implementing validation. But what if A is the UI? Clearly you don't want to put the validation there. Typically, its best to introduce a third party, say C. A has a contract with C which in turn has a contract with B. B expects validated data. A might send crap. C performs the validation.

If contracts are well designed, this is almost never an issue. Revist the contract and place obligations on the each of the parties. If a certain party has too many obligations then introduce a third party.