I might not have been clear in my presentation but the CE 6.0 Kernel will validate first level pointer parameters for you. It knows the signature of the API (and can verify the first level buffer being passed to the kernel driver.
You as a driver developer, only have to Access Check embedded pointers; embedded pointers are pointer parameters that are passed to your driver by storing them within the first level buffer - Actually you can view this recursively and can have nested buffers.
The kernel while checking the first level parameter has no idea of what the 4 bytes stored with the buffer means to the driver - it could be a DWORD for all it cares; it all depends on how the kernel driver is going to interpret these 4 bytes - and thus, It is the responsibility of the driver to access check embedded buffers because such embedded buffers could be pointing to memory that the caller does not have access to.
Kernel drivers would call CeOpenCallerBuffer API to access check embedded buffers before using them and when done, simply call CeCloseCallerBuffer as detailed at - http://blogs.msdn.com/ce_base/archive/2006/11/22/marshalling-helper-apis.aspx
I hope that clarifies any issues on Access Checking.