OpenID and OAuth

From http://cakebaker.42dh.com/2008/04/01/openid-versus-oauth-from-the-users-perspective/

In this article I want to show the differences between OpenID and its younger cousin OAuth by providing for each a typical user scenario.

First the scenario for OpenID: User wants to access his account on example.com. example.com (the “Relying Party” in OpenID lingo) asks the user for his OpenID. User enters his OpenID. example.com redirects the user to his OpenID provider. User authenticates himself to the OpenID provider. OpenID provider redirects the user back to example.com. example.com allows the user to access his account

And now the scenario for OAuth: User is on example.com and wants to import his contacts from mycontacts.com. example.com (the “Consumer” in OAuth lingo) redirects the user to mycontacts.com (the “Service Provider”). User authenticates himself to mycontacts.com (which can happen by using OpenID) mycontacts.com asks the user whether he wants to authorize example.com to access his contacts. User makes his choice mycontacts.com redirects the user back to example.com. example.com retrieves the contacts from mycontacts.com. example.com informs the user that the import was successful.

From those scenarios we can see that OpenID is about authentication (i.e. I can identify myself with an url) whereas OAuth is about authorization (i.e. I can grant permission to access my data on some website to another website, without providing this website the authentication information for the original website).