Some thoughts on this: -Using XSD instead of DTD makes actual useful validation of XML data a realistic possibility. You can have types, enumeration, ranges, and other matching mechanisms to make sure the config file's values are viable before you get into any detail. -No config mechanism can do full input checking without being a quite specific language (how should it pre-validate an email address or url? just try it? that's ridiculous). The best you can do is hope that it eliminates most of the cruft up front. -For user editable data, wasn't YAML supposed to do that? ymmv, of course... :)