...

I think this is due to the fact that AuthoizationAdvice is an abstract type for which instantiations of AuthorizationAdvice change the tag name to e.g. SubjectAttributeReferenceAdvice and this tag name thus has to be recognized directly by the parser that reads the ExtendedAuthorizationDecisionQuery.

I think if you write the schema properly, the parser will recognize that SubjectAttributeReferenceAdvice extends AuthorizationAdvice, and therefore is allowed instead of the latter. I am not sure what the situation is with the schema used by ExtendedAuthorizationDecisionQuery.

Thanks Sassa, my comment is superfluos then if this issue can be avoided though a different schema / different implementation. My problem was less with the schema and the schema validation but more with how the parser as an extension to OpenSAML is implemented. If you happen to have an extensible example of how to do this I would love to take a look and learn. Markus