Hi Olga,
Sure thing! I am sure there are a few ways to do this. Personally, I would leave the application where it is created by default but also create an ICF External Alias to the application and any odata services you wish to make public.
In the definition of the external alias you can specify a user to login always with. This user can then be restricted to only the authorisations required by your app and you will have a lot more control.
Hope this helps,
Oli