CONCEPT

The act of allowing access to facilities, programs, or services to authorized persons (or other valid subjects), and denying unauthorized access. Access Control requires that rules or policies be in place, that privileges be defined, so that they can be enforced.

The process of confirming the identity of the subject. Since computer identification cannot be absolute (e.g., passwords can be stolen), authentication relies on a related concept of level of trust, in which an institution relies on good identity management practice (so that the institution believes they have correctly identified an individual) and secure mechanisms for sharing identity.
This is sometimes referred to as AuthN (authentication), in contrast to AuthZ (authorization).

A broad term than can cover most aspects of creating policies and rules governing who has rights and privileges for an organization. It includes the ability to control the dissemination of those rights, as well as an organization's responsibilities to enforce those rights. This is sometimes referred to as AuthZ (authorization), in contrast to AuthN (authentication).
It can also be used more specifically in a singular authorization situation to say whether a subject has "authority" to take an action. In this sense, authority and privilege can be used interchangeably.

The process of deciding if a subject (person, program, device, etc.) is allowed to have access to or take an action against a resource. Authorization relies on a trusted identity (authentication) and the ability to test the privileges held by the subject against the policies or rules governing that resource to determine if an action is permitted for a subject.

A concept closely related to authorization in that it can use the same mechanisms of authentication, policies, rules, and role evaluation. The differences are semantic - one is "eligible for something" as opposed to "authorized to do something" - so each is appropriate to use to describe different use cases. For instance, "all students are eligible for an email account", vs "students in this class are authorized to download course materials".
Eligibility is more akin to a "right", in legal terms, than a "privilege", but the technical differences in how they are accomplished in an online environment are generally negligible.

Often used the same as Privilege, entitlement carries the feeling of something owed or of a right granted. We make limited use of the word here. An authority related eduPerson attribute - eduPersonEntitlement - uses this term specifically as an attribute that conveys ownership of the named right or privilege, a token that can be used directly or in a rules evaluation in determining authorization.

a collection of subjects and/or groups.

Identity management is often used broadly to encompass not only activities to correctly identify who a person is, but also the manifestations of that knowledge through infrastructure access and security services - single sign-on, account/service provisioning, authentication and authorization. Here we focus on a narrower definition, principally the need to identify persons as one individual despite multiple associations and roles, proper identification of other entities and agents (organizations, applications, etc), and the management of that information over time and across the enterprise.

A closely related term to access control, a permission is the control specifically related to a resource and an action - a person must have permission to take that action.

Etymologically speaking, a privilege is a "personal law", making privileges a set of personal rights. Privileges amount to the sum of what a person may do, as granted to them or inherited. Groups or roles are said to have privileges, but ultimately that is a way to confer those privileges to all members as individuals.
In the context of a Privilege management system, Privileges is used to describe the combination of a person or group, their current permissions, and any qualifications to those permissions.

A collection of privileges usually relating to a capability or responsibility/position/job function of a subject. Collections may be comprised of any combination of implicitly and/or explicitly defined privileges. A role does not necessarily fully represent all of the capabilities of a subject.

A person, program, device, or other relevant entity which can authenticate to a system, and to which an authorization may apply. (Note well: A subject is never a group, since a group does not authenticate.)