There are organizations that are called registries that manage each TLD option. When you register domain names, you would first visit a domain registrar who would in turn check with the registry that manages that TLD to see if the domain is available. If the domain for the TLD you want discovers that it is in fact available, the registry adds it to their registry and gives you access to it. If the domain has already been registered by another user for that TLD, you will be shown during the domain registration process that the domain isn't available.
There is also what is called a ccTLD, or country code top-level domain. These are designed to signify sites located in or associated with certain countries or territories. Most of the ccTLDs actually don't have restrictions regarding who can register domain names. In fact, many ccTLDs are commonly misinterpreted as TLDs. For example, while .tv is commonly registered by television and media related websites, .tv is actually the ccTLD designated for the country Tuvalu. Domain hacks are also a popular use of both TLDs and ccTLDs. This involves creating a full word or phrase when combining the domain name with the TLD to create something your audience will easily remember. A popular example is using the .me ccTLD for Montenegro and combining it with "aweso" to create the domain aweso.me.
Domain name registrars, in case you didn't know, are the companies that manage all the website domain names you'll see (EG: Inc.com) - the fingerprint of your business, which may also include the hosting and privacy measures. For example, by default many companies will actually over-price the simple process of keeping your registration information private (which if it isn't can be found via a simple Whois search).
In the first quarter of 2015, 294 million domain names had been registered. A large fraction of them are in the com TLD, which as of December 21, 2014, had 115.6 million domain names, including 11.9 million online business and e-commerce sites, 4.3 million entertainment sites, 3.1 million finance related sites, and 1.8 million sports sites. As of July 2012 the com TLD had more registrations than all of the ccTLDs combined.
Many registrars reserve the right to revoke your domain name for specific reasons, typically if you use the domain for illegal purposes or purposes deemed unacceptable (such as spamming). Many contracts contain a clause letting the registrar delete your domain name for no apparent reason. The implication, of course, is that the domain name is the registrar's, not yours.
In order to register any domain, you must provide certain personal information that you may not wish to be publically searchable in the Whois database. Signing up for WhoisGuard is a great way to keep your registration data private. WhoisGuard acts as a "shield" for your searchable information, displaying the address, phone number, and email of the domain registrar (Namecheap, e.g.) instead of your own. Keep in mind that WhoisGuard is an optional security add-on that must be renewed separately when you renew your domain.