In addition to security configuration, developer defined filtering configuration can manage the output produced by client invocations of REST. This is accomplished using Java bean filtering:
atg/service/filter/bean/BeanFilter.java
See the Bean Filtering section of the ATG Web Services Guide for more information.