diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
index 4a0d501..8e8a5e4 100755
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@@ -195,14 +195,9 @@ class AuthProtocol(object):
                     self._decorate_request('X_USER',
                         claims['user'], env, proxy_headers)
                     if 'roles' in claims and len(claims['roles']) > 0:
-                        if claims['roles'] != None:
-                            roles = ''
-                            for role in claims['roles']:
-                                if len(roles) > 0:
-                                    roles += ','
-                                roles += role
-                            self._decorate_request('X_ROLE',
-                                roles, env, proxy_headers)
+                        roles = ','.join(claims['roles'])
+                        self._decorate_request('X_ROLE',
+                            roles, env, proxy_headers)
 
                     # NOTE(todd): unused
                     self.expanded = True
@@ -304,13 +299,9 @@ class AuthProtocol(object):
             raise LookupError('Unable to locate claims: %s' % resp.status)
 
         token_info = json.loads(data)
-        roles = []
-        role_refs = token_info['access']['user']['roles']
-        if role_refs != None:
-            for role_ref in role_refs:
-                # Nova looks for the non case-sensitive role 'Admin'
-                # to determine admin-ness
-                roles.append(role_ref['name'])
+        # Nova looks for the non case-sensitive role 'Admin'
+        # to determine admin-ness
+        roles = [role['name'] for role in token_info['access']['user']['roles']]
 
         try:
             tenant = token_info['access']['token']['tenant']['id']