diff --git a/README.md b/README.md
index 8c510f8c..a148bc51 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ a repository or a tag before pulling it (using disk space) - e.g. - which tags a
 Examples:
 ```sh
 # show repository's labels of rhel7:latest
-$ skopeo inspect registry.access.redhat.com/rhel7 | jq '.Config.Labels'
+$ skopeo inspect docker://registry.access.redhat.com/rhel7 | jq '.Config.Labels'
 {
   "Architecture": "x86_64",
   "Authoritative_Registry": "registry.access.redhat.com",
@@ -24,7 +24,7 @@ $ skopeo inspect registry.access.redhat.com/rhel7 | jq '.Config.Labels'
 }
 
 # show repository's tags
-$ skopeo inspect docker.io/fedora | jq '.RepoTags'
+$ skopeo inspect docker://docker.io/fedora | jq '.RepoTags'
 [
   "20",
   "21",
@@ -36,11 +36,11 @@ $ skopeo inspect docker.io/fedora | jq '.RepoTags'
 ]
 
 # show image's digest
-$ skopeo inspect docker.io/fedora:rawhide | jq '.Digest'
+$ skopeo inspect docker://docker.io/fedora:rawhide | jq '.Digest'
 "sha256:905b4846938c8aef94f52f3e41a11398ae5b40f5855fb0e40ed9c157e721d7f8"
 
 # show image's label "Name"
-$ skopeo inspect registry.access.redhat.com/rhel7 | jq '.Config.Labels.Name'
+$ skopeo inspect docker://registry.access.redhat.com/rhel7 | jq '.Config.Labels.Name'
 "rhel7/rhel"
 ```
 
@@ -65,15 +65,15 @@ $ cat /home/runcom/.docker/config.json
 }
 
 # we can see I'm already authenticated via docker login so everything will be fine
-$ skopeo inspect myregistrydomain.com:5000/busybox
+$ skopeo inspect docker://myregistrydomain.com:5000/busybox
 {"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
 
 # let's try now to fake a non existent Docker's config file
-$ skopeo --docker-cfg="" inspect myregistrydomain.com:5000/busybox
+$ skopeo --docker-cfg="" inspect docker://myregistrydomain.com:5000/busybox
 FATA[0000] Get https://myregistrydomain.com:5000/v2/busybox/manifests/latest: no basic auth credentials
 
 # passing --username and --password - we can see that everything goes fine
-$ skopeo --docker-cfg="" --username=testuser --password=testpassword inspect myregistrydomain.com:5000/busybox
+$ skopeo --docker-cfg="" --username=testuser --password=testpassword inspect docker://myregistrydomain.com:5000/busybox
 {"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
 ```
 If your cli config is found but it doesn't contain the necessary credentials for the queried registry
diff --git a/hack/vendor.sh b/hack/vendor.sh
index 005d2559..d2b4d4ac 100755
--- a/hack/vendor.sh
+++ b/hack/vendor.sh
@@ -13,8 +13,8 @@ clone git github.com/gorilla/context master
 clone git golang.org/x/net master https://github.com/golang/net.git
 clone git github.com/go-check/check v1
 
-clone git github.com/docker/docker 29bade2cd0a09191279f04ebc6aeedaa70c772a0
-clone git github.com/docker/engine-api 7f6071353fc48f69d2328c4ebe8f3bd0f7c75da4
+clone git github.com/docker/docker 9e2c4de0dea695411f8df2efd116594eaf4602aa
+clone git github.com/docker/engine-api 8193a3a11c076ef0d80da8f98ef99a2c53a51320
 clone git github.com/docker/distribution 7b66c50bb7e0e4b3b83f8fd134a9f6ea4be08b57
 
 clone git github.com/docker/go-connections master
diff --git a/integration/check_test.go b/integration/check_test.go
index 45d2cd0f..c8cee03c 100644
--- a/integration/check_test.go
+++ b/integration/check_test.go
@@ -82,7 +82,7 @@ func (s *SkopeoSuite) TestVersion(c *check.C) {
 }
 
 func (s *SkopeoSuite) TestCanAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C) {
-	out, err := exec.Command(skopeoBinary, "--docker-cfg=''", "--username="+s.regV2WithAuth.username, "--password="+s.regV2WithAuth.password, fmt.Sprintf("%s/busybox:latest", s.regV2WithAuth.url)).CombinedOutput()
+	out, err := exec.Command(skopeoBinary, "--docker-cfg=''", "--username="+s.regV2WithAuth.username, "--password="+s.regV2WithAuth.password, "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url)).CombinedOutput()
 	c.Assert(err, check.NotNil, check.Commentf(string(out)))
 	wanted := "Error: image busybox not found"
 	if !strings.Contains(string(out), wanted) {
@@ -91,7 +91,7 @@ func (s *SkopeoSuite) TestCanAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C)
 }
 
 func (s *SkopeoSuite) TestNeedAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C) {
-	out, err := exec.Command(skopeoBinary, "--docker-cfg=''", fmt.Sprintf("%s/busybox:latest", s.regV2WithAuth.url)).CombinedOutput()
+	out, err := exec.Command(skopeoBinary, "--docker-cfg=''", "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url)).CombinedOutput()
 	c.Assert(err, check.NotNil, check.Commentf(string(out)))
 	wanted := "no basic auth credentials"
 	if !strings.Contains(string(out), wanted) {
@@ -102,7 +102,7 @@ func (s *SkopeoSuite) TestNeedAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C
 // TODO(runcom): as soon as we can push to registries ensure you can inspect here
 // not just get image not found :)
 func (s *SkopeoSuite) TestNoNeedAuthToPrivateRegistryV2ImageNotFound(c *check.C) {
-	out, err := exec.Command(skopeoBinary, fmt.Sprintf("%s/busybox:latest", s.regV2.url)).CombinedOutput()
+	out, err := exec.Command(skopeoBinary, "inspect" fmt.Sprintf("docker://%s/busybox:latest", s.regV2.url)).CombinedOutput()
 	c.Assert(err, check.NotNil, check.Commentf(string(out)))
 	wanted := "Error: image busybox not found"
 	if !strings.Contains(string(out), wanted) {
diff --git a/vendor/github.com/docker/engine-api/types/auth.go b/vendor/github.com/docker/engine-api/types/auth.go
index 13188775..056af6b8 100644
--- a/vendor/github.com/docker/engine-api/types/auth.go
+++ b/vendor/github.com/docker/engine-api/types/auth.go
@@ -12,5 +12,11 @@ type AuthConfig struct {
 	Email string `json:"email,omitempty"`
 
 	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
 	RegistryToken string `json:"registrytoken,omitempty"`
 }
diff --git a/vendor/github.com/docker/engine-api/types/container/hostconfig_windows.go b/vendor/github.com/docker/engine-api/types/container/hostconfig_windows.go
index dc2399fc..5726a77e 100644
--- a/vendor/github.com/docker/engine-api/types/container/hostconfig_windows.go
+++ b/vendor/github.com/docker/engine-api/types/container/hostconfig_windows.go
@@ -1,7 +1,6 @@
 package container
 
 import (
-	"fmt"
 	"strings"
 )
 
@@ -79,20 +78,6 @@ func (n NetworkMode) NetworkName() string {
 	return ""
 }
 
-// ValidateIsolation performs platform specific validation of the
-// isolation technology in the hostconfig structure. Windows supports 'default' (or
-// blank), 'process', or 'hyperv'.
-func ValidateIsolation(hc *HostConfig) error {
-	// We may not be passed a host config, such as in the case of docker commit
-	if hc == nil {
-		return nil
-	}
-	if !hc.Isolation.IsValid() {
-		return fmt.Errorf("invalid --isolation: %q. Windows supports 'default', 'process', or 'hyperv'", hc.Isolation)
-	}
-	return nil
-}
-
 //UserDefined indicates user-created network
 func (n NetworkMode) UserDefined() string {
 	if n.IsUserDefined() {
diff --git a/vendor/github.com/docker/engine-api/types/network/network.go b/vendor/github.com/docker/engine-api/types/network/network.go
index 48b21996..bce60f5e 100644
--- a/vendor/github.com/docker/engine-api/types/network/network.go
+++ b/vendor/github.com/docker/engine-api/types/network/network.go
@@ -46,7 +46,7 @@ type EndpointSettings struct {
 }
 
 // NetworkingConfig represents the container's networking configuration for each of its interfaces
-// Carries the networink configs specified in the `docker run` and `docker network connect` commands
+// Carries the networking configs specified in the `docker run` and `docker network connect` commands
 type NetworkingConfig struct {
-	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each conencting network
+	EndpointsConfig map[string]*EndpointSettings // Endpoint configs for each connecting network
 }
diff --git a/vendor/github.com/docker/engine-api/types/types.go b/vendor/github.com/docker/engine-api/types/types.go
index 26462404..0b6494aa 100644
--- a/vendor/github.com/docker/engine-api/types/types.go
+++ b/vendor/github.com/docker/engine-api/types/types.go
@@ -39,6 +39,10 @@ type ContainerUpdateResponse struct {
 type AuthResponse struct {
 	// Status is the authentication status
 	Status string `json:"Status"`
+
+	// IdentityToken is an opaque token used for authenticating
+	// a user after a successful login.
+	IdentityToken string `json:"IdentityToken,omitempty"`
 }
 
 // ContainerWaitResponse contains response of Remote API:
diff --git a/vendor/github.com/docker/libtrust/util.go b/vendor/github.com/docker/libtrust/util.go
index d88176cc..a5a101d3 100644
--- a/vendor/github.com/docker/libtrust/util.go
+++ b/vendor/github.com/docker/libtrust/util.go
@@ -152,7 +152,7 @@ func NewIdentityAuthTLSClientConfig(dockerUrl string, trustUnknownHosts bool, ro
 }
 
 // joseBase64UrlEncode encodes the given data using the standard base64 url
-// encoding format but with all trailing '=' characters ommitted in accordance
+// encoding format but with all trailing '=' characters omitted in accordance
 // with the jose specification.
 // http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2
 func joseBase64UrlEncode(b []byte) string {