In federated systems, trust management is critical for information sharing and online collaboration. Security tokens provide a way to convey and exchange trust information for security and privacy protection. Although several communication protocols have mechanisms to exchange security tokens, users may still encounter difficulties when they have to handle security tokens across heterogeneous platforms and security domains. Semantic gaps and incompatibilities are major barriers for trust information exchange in federated trust management. This paper introduces a hybrid approach with intermediary- and query-based mechanisms to resolve semantic gaps and incompatibilities for different types of trust information exchanged by security tokens, and then proposes different exchange models for different types of information. This paper also provides a comprehensive framework to exchange security tokens across security domains with suitable approaches and exchange models. The application of this framework in a healthcare environment provides a new method to interoperate trust information for security- and privacy-critical applications.