David Chadwick and I just had a long exchange on one of the W3C lists about this subject. Most of the time we were talking past each other, but I finally understood the point he was making.
In the confused deputy example, the user makes a request of the deputy, which invokes an operation on a resource designated by the user. The vulnerability arises because there is no way for the deputy to say to check the user's permissions rather than the deputy's. David, it turns out, was asking, "What if you could?"
In a system with verifiable credentials, the user will receive a digital certificate signed by some organization stating certain properties of the user. Canonical examples are such things as digital driver's licenses and diplomas. A verifier will accept the certificate if it trusts the issuer.
David is suggesting that VCs can also specify authentication information, such as identity, role, or attributes. In this case, a system administrator would provide the user with a VC specifying the authentication. The user could then designate the resource and pass its VC to the deputy. The deputy could then use the VC when invoking the resource so that the access decision can be based on the user's permissions. No confused deputy even though you've separated designation from authorization. Is that right?
The downside is that the deputy gets all the user's permissions. I consider that a showstopper, but David claims you should only invoke deputies you trust. We left it there.