The way I would approach this would be to create a plugin that provides a new controller (perhaps inheriting from EntitiesController) specifically to address this feature.
The controller would have to:
* maintain it's own security - e.g. you'd have control over how a user could login (perhaps they can use their email address and a secure token you give them, rather than creating their own account),
* detect which entry the user needs to update... perhaps by search for a combination of email address and token as above.
* provide a form for updates
Doing it this way would mean the user wouldn't need to 'sign themselves up' to the CRM instance and only have control over their own record... perhaps you could even have a page that allows them to enter their email address and then it sends a secure token to that account. They can then login with those details and change the record. (Very similar to a 'password reset' feature, just used to gain access to edit an account)
Just my thoughts,
Regards,
Steve