ONLYOFFICE supports this. The webservice they host supports different "storage backends", which can be something they offer, or Dropbox, or your own Nextcloud instance, etc.
"Storage backend" is not a "storage frontend" I'm talking about.
Example scenario:
As an office user Alice, I want to open documented XXX stored on NAS Foo at Foo.net in application Bar at bar.com.
To do that, in application Bar user clicks on "Open File" button, then in dialog she selects "NAS" tab, then selects Foo, then selects file XXX.
When the file is selected, NAS Foo forms a one-time URL for the file, like davs://foo.net/u/alice/d/xxx.docx?otp=1234567890abcdef. This URL is invisible to user, unless she explicitly asks for it.
Application Bar receives this URL from the user browser and tries to open it.
NAS Foo shows popup to user about "Application Bar at Bar.com [LOGO] tries to open document xxx.docx. Allow? [O]nce, [A]llways, [C]ancel".
When Alice presses Once, a temporary password is generated and securely shared between Foo.net and Bar.com for the next 12h.
Now, application Bar.com can read and write document xxx.docx freely. At each read, NAS stores a record in a log about access to the document. At each write, NAS creates a new revision of the document and backups it.
Application Bar.com has no access to other files except for those selected by Alice. NAS Foo automatically revokes access of Bar.com to all files after a period of inactivity (month?).
In this case, service Bar.com cannot force Alice to pay for service just because their app contains some important documents in storage. Bar.com cannot pass those document to third party actor, like government, police, etc.
Example scenario:
As an office user Alice, I want to open documented XXX stored on NAS Foo at Foo.net in application Bar at bar.com.
To do that, in application Bar user clicks on "Open File" button, then in dialog she selects "NAS" tab, then selects Foo, then selects file XXX.
When the file is selected, NAS Foo forms a one-time URL for the file, like davs://foo.net/u/alice/d/xxx.docx?otp=1234567890abcdef. This URL is invisible to user, unless she explicitly asks for it.
Application Bar receives this URL from the user browser and tries to open it.
NAS Foo shows popup to user about "Application Bar at Bar.com [LOGO] tries to open document xxx.docx. Allow? [O]nce, [A]llways, [C]ancel".
When Alice presses Once, a temporary password is generated and securely shared between Foo.net and Bar.com for the next 12h.
Now, application Bar.com can read and write document xxx.docx freely. At each read, NAS stores a record in a log about access to the document. At each write, NAS creates a new revision of the document and backups it.
Application Bar.com has no access to other files except for those selected by Alice. NAS Foo automatically revokes access of Bar.com to all files after a period of inactivity (month?).
In this case, service Bar.com cannot force Alice to pay for service just because their app contains some important documents in storage. Bar.com cannot pass those document to third party actor, like government, police, etc.