In addition to security configuration, developer defined filtering configuration can manage the output produced by client invocations of REST. This is accomplished using Java bean filtering:
/atg/dynamo/service/filter/bean/beanFilteringConfiguration.xml
See the Bean Filtering section of the Web Services Guide for more information.