In order for Silverlight to access a cross-domain webservice, it needs a clientaccesspolicy.xml and crossdomain.xml in the root directory of the webapp?
I don't see anthing in the Servlet 2.5 spec that talks about these, or whether they impact security-constraints or remote address valves. Anyone using these? Leo