Resource update from external site

It seems it should be possible to update a resource from another site
or email by issuing a post with the proper form data to the update url
for the resource. It works from curl but not from the browser, as far
as I can tell. If it is possible, is it possible to do it securely by
accommodating protect_from_forgery?

Why? I'd like to be able to rsvp an event invitation without requiring
people to login or be a member of the site.