These two token modes solve at least 80% of use cases for secure tokens. You can even solve unencrypted symmetric-key authentication by storing your claims in the unencrypted footer, rather than encrypting them.
PASERK aims to provide an answer for these circumstances, as well as provide a consistent standard for the encoding of PASETO keys.
Where [version] is an integer, [data] is the (typically base64url-encoded) payload data, and [type] is one of the items in the following table:
The version of a PASERK MUST match the version of the PASETO it's used with. For example, a k2.local. PASERK must be used with v2.local. tokens. Cross-version support is explicitly NOT permitted.
As one of the design criteria, it must be safe for PASERKs to be sent out-of-band with its associated PASETO, or included in the footer of a PASETO.
When PASERKs are not included in the footer, users SHOULD include the PASERK ID in the footer (or, in v3/v4 of PASETO, as an implicit assertion).