That's not quite my understanding, but possibly Alan is simplifying here to make the concepts easier to grasp.
The essential difference is that domain controllers typically have the right to assign permissions for all resources within the domain, whereas local XP machines only have rights to assign resources that are within their immediate control (e.g. hard drive and attached printers). So it follows that a domain user has whatever rights the domain controller has assigned, and a local user has whatever rights the XP machine has assigned.
You may need a domain account to access certain domain resources
unless the DC has provided guest/anonymous access to those resources.
Does that help?
Although my explanation is also a little simplified, I think Alan's explanation was clearer.