You can use Y.Model within mojito, in fact that's what we recommend if you have complex data structures. We should have some examples for that, if not, let us know and we can add a couple of them.

In the other hand, you can also use a new feature we added in 0.5.4 to register global models per request/page, this feature is meant to expose Y.Model instances from a controller to all the child mojits. The syntax is pretty simple: ac.models.registerGlobal('name-of-the-model', yourModelInstance), and that model instance could be something you just create using new Y.MySuperAwesomeModel(config) or even a model that you collect from mojito like ac.models.get('something-you-want-to-share-with-childs').

What about validations ? Will they be executed on server as well as client ?

It is really up to you. I will recommend to validate it on both sides of the fence, whether that means having two different piece of code, or just a validation at the API level where you store the data.

Now, if your question is about re-using the model? Sure, you can re-use it, but the model itself will sync with an external entity to store the data, so you have to be careful about it. If that business logic and configuration something you want to expose in the client side? Maybe not. In which case just flag it with server affinity and that should help. Also, part of the logic, what we call coordination might go into the controller rather than the model itself, so, you can also flag the controller with server to fully protect that part of the code.

Another solution is to have Two separate controllers/models, client and server versions, and using the rpc=true flag to force actions to be executed in the server when they are sensible actions.

Thanks for the elaborate reply. I am currently following the last option you suggested "wo separate controllers/models, client and server versions". So far it works fine.