I am new to both OpenID and OAuth, and before I dive any deeper, I'd like to know if I'm right in assuming that OpenID + OAuth make it possible for my application to interact with Yahoo! Contacts, for instance, by only asking my visitor for Yahoo logon information (and sparing her visit to Yahoo site to grant the permission).
You shouldn't ask user for Yahoo! logon information if what you mean is user name and password. You will get some kind of token after you send the user to Yahoo! for their permission and then you can use that token to access their contacts information.