Currently you are able to put access restrictions on request handelers based on IP or certificate.
However we have different applications using thier own published SOAP service. It is currently not possible to have the certificate restriction on /ws/ExtraSecure and have the /ws/NoSecurity restriction free.