Since this is the one part of the next steps doc that doesn't have to be implemented by Facebook, I thought it would be a good idea to say exactly how it would work, and then maybe someone else could make a miracle show up on GitHub that does exactly this.
Works in Node.js. (Because that's the dev platform I use.)
Has two calls, setData and getData.
Each call takes four params: facebookUserId, facebookAccessToken, path and flPrivate. The first two should be self-evident. path is a relative path for the data. It can include slashes, in which case the server automatically creates folders for any that don't already exist. The fourth, flPrivate, is a boolean, if true, the data to be returned comes from a private place that can only be accessed through the file system of the server and through the getData call to the server. If it's false, then the data is stored in a publicly accessible place, and the URL of the object is part of the returned struct.
Each call returns a struct that indicates success or failure. If it worked, then it also returns the data if it's a get, or the URL if it's not private.
The data that my apps will use will be JSON, HTML or XML. For the private stuff it'll all be JSON, the public stuff will be a mix.
I have this API already implemented using Twitter credentials, so I'm fairly sure it's sufficient for my needs. I use Amazon S3 for both private and public storage.
These function headers come from my Twitter library. I just changed "tw" to "fb" in the names.
function fbGetFile (relpath, flIncludeBody, flPrivate, callback) function fbUploadFile (relpath, filedata, type, flPrivate, callback)
flIncludeBody, boolean: if false we return metadata about the file, but not the file content. This is the equiv of a HEAD request in HTTP.