diff --git a/keystonemiddleware/_common/config.py b/keystonemiddleware/_common/config.py
index 0d5b2907..3e38eba1 100644
--- a/keystonemiddleware/_common/config.py
+++ b/keystonemiddleware/_common/config.py
@@ -15,7 +15,6 @@ import pkg_resources
 from oslo_config import cfg
 from oslo_log import log as logging
 import pbr
-import six
 
 from keystonemiddleware import exceptions
 from keystonemiddleware.i18n import _
@@ -47,7 +46,7 @@ def _conf_values_type_convert(group_name, all_options, conf):
 
         break
 
-    for k, v in six.iteritems(conf):
+    for k, v in conf.items():
         dest = k
         try:
             if v is not None:
diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 0b61e2dd..b81e1c63 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -227,7 +227,6 @@ from keystoneclient.common import cms
 from keystoneclient import exceptions as ksc_exceptions
 from oslo_log import log as logging
 from oslo_serialization import jsonutils
-import six
 import webob.dec
 
 from keystonemiddleware._common import config
@@ -510,7 +509,7 @@ class BaseAuthProtocol(object):
                           name)
             self._invalid_user_token()
 
-        for bind_type, identifier in six.iteritems(auth_ref.bind):
+        for bind_type, identifier in auth_ref.bind.items():
             if bind_type == _BIND_MODE.KERBEROS:
                 if req.auth_type != 'negotiate':
                     self.log.info('Kerberos credentials required and '
diff --git a/keystonemiddleware/auth_token/_request.py b/keystonemiddleware/auth_token/_request.py
index 7fe940f6..26037a2a 100644
--- a/keystonemiddleware/auth_token/_request.py
+++ b/keystonemiddleware/auth_token/_request.py
@@ -13,7 +13,6 @@
 import itertools
 
 from oslo_serialization import jsonutils
-import six
 import webob
 
 
@@ -156,7 +155,7 @@ class _AuthTokenRequest(webob.Request):
         names = ','.join(auth_ref.role_names)
         self.headers[self._ROLES_TEMPLATE % prefix] = names
 
-        for header_tmplt, attr in six.iteritems(self._HEADER_TEMPLATE):
+        for header_tmplt, attr in self._HEADER_TEMPLATE.items():
             self.headers[header_tmplt % prefix] = getattr(auth_ref, attr)
 
     def set_user_headers(self, auth_ref):
@@ -168,7 +167,7 @@ class _AuthTokenRequest(webob.Request):
         self._set_auth_headers(auth_ref, self._USER_HEADER_PREFIX)
         self.headers[self._ADMIN_PROJECT_HEADER] = _is_admin_project(auth_ref)
 
-        for k, v in six.iteritems(self._DEPRECATED_HEADER_MAP):
+        for k, v in self._DEPRECATED_HEADER_MAP.items():
             self.headers[k] = self.headers[v]
 
     def set_service_catalog_headers(self, auth_ref):
diff --git a/keystonemiddleware/echo/service.py b/keystonemiddleware/echo/service.py
index 4b931626..840d91ea 100644
--- a/keystonemiddleware/echo/service.py
+++ b/keystonemiddleware/echo/service.py
@@ -26,7 +26,6 @@ module.
 from wsgiref import simple_server
 
 from oslo_serialization import jsonutils
-import six
 
 from keystonemiddleware import auth_token
 
@@ -34,7 +33,7 @@ from keystonemiddleware import auth_token
 def echo_app(environ, start_response):
     """A WSGI application that echoes the CGI environment back to the user."""
     start_response('200 OK', [('Content-Type', 'application/json')])
-    environment = dict((k, v) for k, v in six.iteritems(environ)
+    environment = dict((k, v) for k, v in environ.items()
                        if k.startswith('HTTP_X_'))
     yield jsonutils.dumps(environment)
 
diff --git a/keystonemiddleware/tests/unit/auth_token/base.py b/keystonemiddleware/tests/unit/auth_token/base.py
index 34a50f9e..775ddc32 100644
--- a/keystonemiddleware/tests/unit/auth_token/base.py
+++ b/keystonemiddleware/tests/unit/auth_token/base.py
@@ -15,7 +15,6 @@ from oslo_config import cfg
 from oslo_config import fixture as cfg_fixture
 from oslo_log import log as logging
 from requests_mock.contrib import fixture as rm_fixture
-import six
 from six.moves import http_client
 import webob.dec
 
@@ -53,7 +52,7 @@ class BaseAuthTokenTestCase(utils.MiddlewareTestCase):
         req = webob.Request.blank(path)
         req.method = method
 
-        for k, v in six.iteritems(headers or {}):
+        for k, v in (headers or {}).items():
             req.headers[k] = v
 
         resp = req.get_response(middleware)
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 1899cb07..d2c8b484 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -2083,7 +2083,7 @@ class CommonCompositeAuthTests(object):
         req.headers['X-Auth-Token'] = self.token_dict['uuid_token_default']
 
         # Ensure injection of service headers is not possible
-        for key, value in six.iteritems(self.service_token_expected_env):
+        for key, value in self.service_token_expected_env.items():
             header_key = key[len('HTTP_'):].replace('_', '-')
             req.headers[header_key] = value
         # Check arbitrary headers not removed
@@ -2160,7 +2160,7 @@ class CommonCompositeAuthTests(object):
         req.headers['X-Auth-Token'] = self.token_dict['uuid_token_default']
 
         # Ensure injection of service headers is not possible
-        for key, value in six.iteritems(self.service_token_expected_env):
+        for key, value in self.service_token_expected_env.items():
             header_key = key[len('HTTP_'):].replace('_', '-')
             req.headers[header_key] = value
         # Check arbitrary headers not removed
diff --git a/keystonemiddleware/tests/unit/auth_token/test_base_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_base_middleware.py
index 159a476c..5595b0ac 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_base_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_base_middleware.py
@@ -15,7 +15,6 @@ import uuid
 
 from keystoneauth1 import fixture
 import mock
-import six
 import testtools
 import webob
 
@@ -73,7 +72,7 @@ class BaseAuthProtocolTests(testtools.TestCase):
         req = webob.Request.blank(path)
         req.method = method
 
-        for k, v in six.iteritems(headers or {}):
+        for k, v in (headers or {}).items():
             req.headers[k] = v
 
         resp = req.get_response(middleware)
diff --git a/keystonemiddleware/tests/unit/client_fixtures.py b/keystonemiddleware/tests/unit/client_fixtures.py
index 308a611c..528b4189 100644
--- a/keystonemiddleware/tests/unit/client_fixtures.py
+++ b/keystonemiddleware/tests/unit/client_fixtures.py
@@ -492,7 +492,7 @@ class Examples(fixtures.Fixture):
             self.TOKEN_RESPONSES[self.SIGNED_v3_TOKEN_SCOPED_KEY])
 
         self.JSON_TOKEN_RESPONSES = dict([(k, jsonutils.dumps(v)) for k, v in
-                                          six.iteritems(self.TOKEN_RESPONSES)])
+                                          self.TOKEN_RESPONSES.items()])
 
 
 EXAMPLES_RESOURCE = testresources.FixtureResource(Examples())