Silverlight security model
Silverlight® interacts with remote services to establish security according to the restrictions defined in the Silverlight policy file.
How Silverlight interacts with remote services to establish security
If a socket-based connection is to be used, for example Diffusion™ DPT type connection, the Silverlight player tries to get a policy file from the 943. If this port is not open through your firewalls or is not configured within the Diffusion connectors the Silverlight player generates a security exception and the connection attempt ceases.
If an HTTP connection is to be used, for example. Diffusion HTTP type connection, a socket-based policy file is not required but a crossdomain.xml file might be required before the Diffusion connection is made.
Official Microsoft® documentation
Silverlight clientaccesspolicy.xml file
When is the clientaccesspolicy.xml used?
When a Diffusion DPT connection is used a socket connection is made, in order that the socket connection can be established a socket policy file must be acquired from port 943.