XACML/AuthzForce schema validation
Today the server's REST API supports other representation formats than XML, .e.g JSON, with no - or not as powerful - schema validation. Therefore, it may be possible to inject corrupt data into the domain database. To guarantee that the content of the database is always in correct format, there should be systematic XML schema validation when marshalling the XML content for database storage, so that it fails before the data is written there if it is corrupt.