[eluser]WanWizard[/eluser]
For data that is destined for a model, I always validate in the model.
Advantage of this is that no matter where your data comes from, the model makes sure it's valid before it's inserted into the database. It also means a single location for validation, instead of in every controller that does something with data that is input for the model.
Jamie's model absolutely makes sense.
As to messaging, I use a central messaging class that collects all messages, categorises them, and stores them in the session if needed. It also has a method for retrieval, which is used by the partial I use to display messages on the page.