diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index f08dbe4b2..26f9795ae 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -25,9 +25,7 @@ def _ensure_subprocess():
 
 
 def cms_verify(formatted, signing_cert_file_name, ca_file_name):
-    """
-        verifies the signature of the contents IAW CMS syntax
-    """
+    """Verifies the signature of the contents IAW CMS syntax."""
     _ensure_subprocess()
     process = subprocess.Popen(["openssl", "cms", "-verify",
                                 "-certfile", signing_cert_file_name,
@@ -76,7 +74,8 @@ def verify_token(token, signing_cert_file_name, ca_file_name):
 
 
 def is_ans1_token(token):
-    '''
+    """Determine if a token appears to be PKI-based.
+
     thx to ayoung for sorting this out.
 
     base64 decoded hex representation of MII is 3082
@@ -113,7 +112,7 @@ def is_ans1_token(token):
     Max length of the content using 2 octets is 7FFF or 32767
     It's not practical to support a token of this length or greater in http
     therefore, we will check for MII only and ignore the case of larger tokens
-    '''
+    """
     return token[:3] == PKI_ANS1_PREFIX
 
 
@@ -160,7 +159,8 @@ def cms_to_token(cms_text):
 
 
 def cms_hash_token(token_id):
-    """
+    """Hash PKI tokens.
+
     return: for ans1_token, returns the hash of the passed in token
             otherwise, returns what it was passed in.
     """